Apache Tomcat 6.0.x < 6.0.28 Multiple Vulnerabilities

2011-02-11T00:00:00

Description

According to its self-reported version number, the instance of Apache Tomcat 6.0 listening on the remote host is prior to 6.0.28. It is, therefore, affected by multiple vulnerabilities: - If a web app is configured to use BASIC or DIGEST authentication and the 'realm-name' attribute is not configured in that web app's 'web.xml' file, the remote server's hostname or IP will be included in replies. (CVE-2010-1157) - An error exists in the handling of invalid values in the 'Transfer-Encoding' header of a request. An attacker can exploit this to cause a denial of service or to disclose sensitive information. (CVE-2010-2227) Note that Nessus Network Monitor has not tested for these issues but has instead relied only on the application's self-reported version number.

{"id": "5788.PASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "Apache Tomcat 6.0.x < 6.0.28 Multiple Vulnerabilities", "description": "According to its self-reported version number, the instance of Apache Tomcat 6.0 listening on the remote host is prior to 6.0.28. It is, therefore, affected by multiple vulnerabilities:\n\n - If a web app is configured to use BASIC or DIGEST authentication and the 'realm-name' attribute is not configured in that web app's 'web.xml' file, the remote server's hostname or IP will be included in replies. (CVE-2010-1157)\n\n - An error exists in the handling of invalid values in the 'Transfer-Encoding' header of a request. An attacker can exploit this to cause a denial of service or to disclose sensitive information. (CVE-2010-2227)\n\nNote that Nessus Network Monitor has not tested for these issues but has instead relied only on the application's self-reported version number.", "published": "2011-02-11T00:00:00", "modified": "2019-03-06T00:00:00", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.4}, "severity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nnm/5788", "reporter": "Tenable", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2227", "http://tomcat.apache.org/security-6.html", "http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.28", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1157"], "cvelist": ["CVE-2010-1157", "CVE-2010-2227"], "immutableFields": [], "lastseen": "2023-01-11T14:22:31", "viewCount": 10, "enchantments": {"dependencies": {"references": [{"type": "centos", "idList": ["CESA-2010:0580"]}, {"type": "cve", "idList": ["CVE-2010-1157", "CVE-2010-2227"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2207-1:6DF41"]}, {"type": "exploitdb", "idList": ["EDB-ID:12343"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:B817C3837AAE1BBA6FEB9BABE212CE90"]}, {"type": "fedora", "idList": ["FEDORA:6A09010FBB7", "FEDORA:8D209110894", "FEDORA:C1251110652"]}, {"type": "freebsd", "idList": ["3383E706-4FC3-11DF-83FB-0015587E2CC1"]}, {"type": "gentoo", "idList": ["GLSA-201206-24"]}, {"type": "github", "idList": ["GHSA-W6Q7-WW2X-7GM3"]}, {"type": "ibm", "idList": ["B5810DD31544DECD338CCD71F5C05C78B267068FE3FD01928B5545B05BEE5FA0"]}, {"type": "myhack58", "idList": ["MYHACK58:62201028404"]}, {"type": "nessus", "idList": ["5786.PASL", "5791.PASL", "800595.PRM", "800611.PRM", "800613.PRM", "CENTOS_RHSA-2010-0580.NASL", "DEBIAN_DSA-2207.NASL", "FEDORA_2010-16248.NASL", "FEDORA_2010-16270.NASL", "FEDORA_2010-16528.NASL", "FREEBSD_PKG_3383E7064FC311DF83FB0015587E2CC1.NASL", "GENTOO_GLSA-201206-24.NASL", "HP_SYSTEMS_INSIGHT_MANAGER_700_MULTIPLE_VULNS.NASL", "MACOSX_SECUPD2011-006.NASL", "MANDRIVA_MDVSA-2010-176.NASL", "MANDRIVA_MDVSA-2010-177.NASL", "ORACLELINUX_ELSA-2010-0580.NASL", "REDHAT-RHSA-2010-0580.NASL", "REDHAT-RHSA-2010-0584.NASL", "SL_20100802_TOMCAT5_ON_SL5_X.NASL", "SUSE9_12625.NASL", "SUSE_11_1_TOMCAT6-100719.NASL", "SUSE_11_2_TOMCAT6-100719.NASL", "SUSE_11_3_TOMCAT6-100719.NASL", "SUSE_TOMCAT5-7099.NASL", "TOMCAT_6_0_28.NASL", "TOMCAT_7_0_2.NASL", "TOMCAT_TRANSFER_ENCODING.NASL", "UBUNTU_USN-976-1.NASL", "VMWARE_VMSA-2011-0003.NASL", "VMWARE_VMSA-2011-0003_REMOTE.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:103454", "OPENVAS:1361412562310100598", "OPENVAS:1361412562310100712", "OPENVAS:1361412562310103454", "OPENVAS:1361412562310122335", "OPENVAS:136141256231067355", "OPENVAS:136141256231069417", "OPENVAS:136141256231071550", "OPENVAS:1361412562310802336", "OPENVAS:1361412562310831148", "OPENVAS:1361412562310831151", "OPENVAS:1361412562310835243", "OPENVAS:1361412562310840485", "OPENVAS:1361412562310862500", "OPENVAS:1361412562310862502", "OPENVAS:1361412562310862627", "OPENVAS:1361412562310870302", "OPENVAS:1361412562310880632", "OPENVAS:1361412562310901114", "OPENVAS:67355", "OPENVAS:69417", "OPENVAS:71550", "OPENVAS:802336", "OPENVAS:831148", "OPENVAS:831151", "OPENVAS:835243", "OPENVAS:840485", "OPENVAS:862500", "OPENVAS:862502", "OPENVAS:862627", "OPENVAS:870302", "OPENVAS:880632"]}, {"type": "oraclelinux", "idList": ["ELSA-2010-0580"]}, {"type": "osv", "idList": ["OSV:DSA-2207-1", "OSV:GHSA-W6Q7-WW2X-7GM3"]}, {"type": "redhat", "idList": ["RHSA-2010:0580", "RHSA-2010:0581", "RHSA-2010:0582", "RHSA-2010:0583", "RHSA-2010:0584", "RHSA-2011:0897"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:23687", "SECURITYVULNS:DOC:24207", "SECURITYVULNS:DOC:27155", "SECURITYVULNS:VULN:10784", "SECURITYVULNS:VULN:10986", "SECURITYVULNS:VULN:11973"]}, {"type": "seebug", "idList": ["SSV:19493", "SSV:19510", "SSV:68397"]}, {"type": "tomcat", "idList": ["TOMCAT:1588F78F09C29F9BFC123F6CFF7D5AA9", "TOMCAT:4659DEAC38E318C13712A886F48A7052", "TOMCAT:CD22C348F4620666ACC68ACA6AF1EB98"]}, {"type": "ubuntu", "idList": ["USN-976-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2010-2227"]}]}, "score": {"value": 1.4, "vector": "NONE"}, "backreferences": {"references": [{"type": "centos", "idList": ["CESA-2010:0580"]}, {"type": "cve", "idList": ["CVE-2010-1157"]}, {"type": "exploitdb", "idList": ["EDB-ID:12343"]}, {"type": "fedora", "idList": ["FEDORA:C1251110652"]}, {"type": "freebsd", "idList": ["3383E706-4FC3-11DF-83FB-0015587E2CC1"]}, {"type": "gentoo", "idList": ["GLSA-201206-24"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/DOS/HTTP/APACHE_TOMCAT_TRANSFER_ENCODING"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2010-0584.NASL", "SUSE9_12625.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:103454", "OPENVAS:1361412562310100712", "OPENVAS:870302"]}, {"type": "oraclelinux", "idList": ["ELSA-2010-0580"]}, {"type": "redhat", "idList": ["RHSA-2010:0580"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:10784"]}, {"type": "seebug", "idList": ["SSV:19510"]}, {"type": "tomcat", "idList": ["TOMCAT:4659DEAC38E318C13712A886F48A7052"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2010-2227"]}]}, "exploitation": null, "vulnersScore": 1.4}, "_state": {"dependencies": 1673456498, "score": 1673453377}, "_internal": {"score_hash": "39cabe639342630aad248465e1d7f54c"}, "pluginID": "5788", "sourceData": "Binary data 5788.pasl", "naslFamily": "Web Servers", "cpe": ["cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*"], "solution": "Upgrade to Apache Tomcat 6.0.28 or later.", "nessusSeverity": "Medium", "cvssScoreSource": "", "vendor_cvss2": {"score": 6.4, "vector": "CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P"}, "vendor_cvss3": {"score": null, "vector": null}, "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": "2010-07-09T00:00:00", "vulnerabilityPublicationDate": "2010-04-21T00:00:00", "exploitableWith": []}

{"redhat": [{"lastseen": "2021-10-21T04:45:25", "description": "JBoss Web is the web container, based on Apache Tomcat, in JBoss Enterprise\nApplication Platform. It provides a single deployment platform for the\nJavaServer Pages (JSP) and Java Servlet technologies, Microsoft .NET, PHP,\nand CGI.\n\nA flaw was found in the way JBoss Web handled the Transfer-Encoding header\nin HTTP requests. A specially-crafted HTTP request could prevent JBoss Web\nfrom sending replies, or cause JBoss Web to return truncated replies, or\nreplies containing data related to the requests of other users, for all\nsubsequent HTTP requests. (CVE-2010-2227)\n\nA possible minor information leak was found in the way JBoss Web generated\nHTTP BASIC and DIGEST authentication requests. For configurations where a\nrealm name was not specified and JBoss Web was accessed via a proxy, the\ndefault generated realm contained the hostname and port used by the proxy\nto send requests to the JBoss Web server. (CVE-2010-1157)\n\nUsers of JBoss Web should upgrade to this updated package, which upgrades\nJBoss Web to version 2.0.0.CP14, and resolves these issues. The JBoss\nserver process must be restarted for this update to take effect.\n", "cvss3": {}, "published": "2010-08-02T00:00:00", "type": "redhat", "title": "(RHSA-2010:0584) Important: jbossweb security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1157", "CVE-2010-2227"], "modified": "2016-04-04T14:31:15", "id": "RHSA-2010:0584", "href": "https://access.redhat.com/errata/RHSA-2010:0584", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-10-21T04:46:11", "description": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nA flaw was found in the way Tomcat handled the Transfer-Encoding header in\nHTTP requests. A specially-crafted HTTP request could prevent Tomcat from\nsending replies, or cause Tomcat to return truncated replies, or replies\ncontaining data related to the requests of other users, for all subsequent\nHTTP requests. (CVE-2010-2227)\n\nUsers of Tomcat should upgrade to these updated packages, which contain a\nbackported patch to resolve this issue. Tomcat must be restarted for this\nupdate to take effect.\n", "cvss3": {}, "published": "2010-08-02T00:00:00", "type": "redhat", "title": "(RHSA-2010:0581) Important: tomcat5 and tomcat6 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2227"], "modified": "2016-04-04T14:31:38", "id": "RHSA-2010:0581", "href": "https://access.redhat.com/errata/RHSA-2010:0581", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-10-19T20:39:56", "description": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nA flaw was found in the way Tomcat handled the Transfer-Encoding header in\nHTTP requests. A specially-crafted HTTP request could prevent Tomcat from\nsending replies, or cause Tomcat to return truncated replies, or replies\ncontaining data related to the requests of other users, for all subsequent\nHTTP requests. (CVE-2010-2227)\n\nUsers of Tomcat should upgrade to these updated packages, which contain a\nbackported patch to resolve this issue. Tomcat must be restarted for this\nupdate to take effect.\n", "cvss3": {}, "published": "2010-08-02T00:00:00", "type": "redhat", "title": "(RHSA-2010:0583) Important: tomcat5 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2227"], "modified": "2019-03-22T19:44:23", "id": "RHSA-2010:0583", "href": "https://access.redhat.com/errata/RHSA-2010:0583", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-10-19T20:39:32", "description": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nA flaw was found in the way Tomcat handled the Transfer-Encoding header in\nHTTP requests. A specially-crafted HTTP request could prevent Tomcat from\nsending replies, or cause Tomcat to return truncated replies, or replies\ncontaining data related to the requests of other users, for all subsequent\nHTTP requests. (CVE-2010-2227)\n\nTwo directory traversal flaws were found in the Tomcat deployment process.\nA specially-crafted WAR file could, when deployed, cause a file to be\ncreated outside of the web root into any directory writable by the Tomcat\nuser, or could lead to the deletion of files in the Tomcat host's work\ndirectory. (CVE-2009-2693, CVE-2009-2902)\n\nUsers of Tomcat should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. Tomcat must be restarted for\nthis update to take effect.\n", "cvss3": {}, "published": "2010-08-02T00:00:00", "type": "redhat", "title": "(RHSA-2010:0582) Important: tomcat5 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2693", "CVE-2009-2902", "CVE-2010-2227"], "modified": "2019-03-22T19:44:08", "id": "RHSA-2010:0582", "href": "https://access.redhat.com/errata/RHSA-2010:0582", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-10-21T04:42:09", "description": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nA flaw was found in the way Tomcat handled the Transfer-Encoding header in\nHTTP requests. A specially-crafted HTTP request could prevent Tomcat from\nsending replies, or cause Tomcat to return truncated replies, or replies\ncontaining data related to the requests of other users, for all subsequent\nHTTP requests. (CVE-2010-2227)\n\nThe Tomcat security update RHSA-2009:1164 did not, unlike the erratum text\nstated, provide a fix for CVE-2009-0781, a cross-site scripting (XSS) flaw\nin the examples calendar application. With some web browsers, remote\nattackers could use this flaw to inject arbitrary web script or HTML via\nthe \"time\" parameter. (CVE-2009-2696)\n\nTwo directory traversal flaws were found in the Tomcat deployment process.\nA specially-crafted WAR file could, when deployed, cause a file to be\ncreated outside of the web root into any directory writable by the Tomcat\nuser, or could lead to the deletion of files in the Tomcat host's work\ndirectory. (CVE-2009-2693, CVE-2009-2902)\n\nUsers of Tomcat should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. Tomcat must be restarted for\nthis update to take effect.\n", "cvss3": {}, "published": "2010-08-02T00:00:00", "type": "redhat", "title": "(RHSA-2010:0580) Important: tomcat5 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-0781", "CVE-2009-2693", "CVE-2009-2696", "CVE-2009-2902", "CVE-2010-2227"], "modified": "2017-09-08T07:58:31", "id": "RHSA-2010:0580", "href": "https://access.redhat.com/errata/RHSA-2010:0580", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-10-19T20:35:37", "description": "JBoss Enterprise Web Server is a fully-integrated and certified set of\ncomponents for hosting Java web applications.\n\nThis is the first release of JBoss Enterprise Web Server for Red Hat\nEnterprise Linux 6. For Red Hat Enterprise Linux 4 and 5, this release\nserves as a replacement for JBoss Enterprise Web Server 1.0.1, and includes\na number of bug fixes. Refer to the Release Notes, linked in the\nReferences, for more information.\n\nThis update corrects security flaws in the following components:\n\ntomcat6:\n\nA cross-site scripting (XSS) flaw was found in the Manager application,\nused for managing web applications on Apache Tomcat. If a remote attacker\ncould trick a user who is logged into the Manager application into visiting\na specially-crafted URL, the attacker could perform Manager application\ntasks with the privileges of the logged in user. (CVE-2010-4172)\n\ntomcat5 and tomcat6:\n\nIt was found that web applications could modify the location of the Apache\nTomcat host's work directory. As web applications deployed on Tomcat have\nread and write access to this directory, a malicious web application could\nuse this flaw to trick Tomcat into giving it read and write access to an\narbitrary directory on the file system. (CVE-2010-3718)\n\nA second cross-site scripting (XSS) flaw was found in the Manager\napplication. A malicious web application could use this flaw to conduct an\nXSS attack, leading to arbitrary web script execution with the privileges\nof victims who are logged into and viewing Manager application web pages.\n(CVE-2011-0013)\n\nA possible minor information leak was found in the way Apache Tomcat\ngenerated HTTP BASIC and DIGEST authentication requests. For configurations\nwhere a realm name was not specified and Tomcat was accessed via a proxy,\nthe default generated realm contained the hostname and port used by the\nproxy to send requests to the Tomcat server. (CVE-2010-1157)\n\nhttpd:\n\nA flaw was found in the way the mod_dav module of the Apache HTTP Server\nhandled certain requests. If a remote attacker were to send a carefully\ncrafted request to the server, it could cause the httpd child process to\ncrash. (CVE-2010-1452)\n\napr:\n\nIt was found that the apr_fnmatch() function used an unconstrained\nrecursion when processing patterns with the '*' wildcard. An attacker could\nuse this flaw to cause an application using this function, which also\naccepted untrusted input as a pattern for matching (such as an httpd server\nusing the mod_autoindex module), to exhaust all stack memory or use an\nexcessive amount of CPU time when performing matching. (CVE-2011-0419)\n\napr-util:\n\nIt was found that certain input could cause the apr-util library to\nallocate more memory than intended in the apr_brigade_split_line()\nfunction. An attacker able to provide input in small chunks to an\napplication using the apr-util library (such as httpd) could possibly use\nthis flaw to trigger high memory consumption. Note: This issue only\naffected the JBoss Enterprise Web Server packages on Red Hat Enterprise\nLinux 4. (CVE-2010-1623)\n\nAll users of JBoss Enterprise Web Server 1.0.1 are advised to upgrade to\nJBoss Enterprise Web Server 1.0.2, which corrects these issues. After\ninstalling this update, the relevant Apache Tomcat service (\"tomcat5\" or\n\"tomcat6\") and the Apache HTTP Server (\"httpd\") must be restarted for the\nupdate to take effect.\n", "cvss3": {}, "published": "2011-06-22T00:00:00", "type": "redhat", "title": "(RHSA-2011:0897) Moderate: JBoss Enterprise Web Server 1.0.2 update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1157", "CVE-2010-1452", "CVE-2010-1623", "CVE-2010-3718", "CVE-2010-4172", "CVE-2011-0013", "CVE-2011-0419", "CVE-2012-4557"], "modified": "2018-06-06T22:42:41", "id": "RHSA-2011:0897", "href": "https://access.redhat.com/errata/RHSA-2011:0897", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "tomcat": [{"lastseen": "2021-12-30T15:23:03", "description": "**Important: Remote Denial Of Service and Information Disclosure Vulnerability** [CVE-2010-2227](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2227>)\n\nSeveral flaws in the handling of the 'Transfer-Encoding' header were found that prevented the recycling of a buffer. A remote attacker could trigger this flaw which would cause subsequent requests to fail and/or information to leak between requests. This flaw is mitigated if Tomcat is behind a reverse proxy (such as Apache httpd 2.2) as the proxy should reject the invalid transfer encoding header.\n\nThis was fixed in [revision 958977](<https://svn.apache.org/viewvc?view=rev&rev=958977>).\n\nThis was first reported to the Tomcat security team on 14 Jun 2010 and made public on 9 Jul 2010.\n\nAffects: 6.0.0-6.0.27\n\n**Note:** _The issue below was fixed in Apache Tomcat 6.0.27 but the release vote for the 6.0.27 release candidate did not pass. Therefore, although users must download 6.0.28 to obtain a version that includes a fix for this issue, version 6.0.27 is not included in the list of affected versions._\n\n**Low: Information disclosure in authentication headers** [CVE-2010-1157](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1157>)\n\nThe `WWW-Authenticate` HTTP header for BASIC and DIGEST authentication includes a realm name. If a `<realm-name>` element is specified for the application in web.xml it will be used. However, a `<realm-name>` is not specified then Tomcat will generate realm name using the code snippet `request.getServerName() + \":\" + request.getServerPort()`. In some circumstances this can expose the local host name or IP address of the machine running Tomcat. \n\nThis was fixed in [revision 936540](<https://svn.apache.org/viewvc?view=rev&rev=936540>).\n\nThis was first reported to the Tomcat security team on 31 Dec 2009 and made public on 21 Apr 2010.\n\nAffects: 6.0.0-6.0.26", "cvss3": {}, "published": "2010-07-09T00:00:00", "type": "tomcat", "title": "Fixed in Apache Tomcat 6.0.28", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1157", "CVE-2010-2227"], "modified": "2010-07-09T00:00:00", "id": "TOMCAT:CD22C348F4620666ACC68ACA6AF1EB98", "href": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.28", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-12-30T15:23:05", "description": "**Low: SecurityManager file permission bypass** [CVE-2010-3718](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3718>)\n\nWhen running under a SecurityManager, access to the file system is limited but web applications are granted read/write permissions to the work directory. This directory is used for a variety of temporary files such as the intermediate files generated when compiling JSPs to Servlets. The location of the work directory is specified by a ServletContect attribute that is meant to be read-only to web applications. However, due to a coding error, the read-only setting was not applied. Therefore, a malicious web application may modify the attribute before Tomcat applies the file permissions. This can be used to grant read/write permissions to any area on the file system which a malicious web application may then take advantage of. This vulnerability is only applicable when hosting web applications from untrusted sources such as shared hosting environments.\n\nThis was fixed in [revision 1027610](<https://svn.apache.org/viewvc?view=rev&rev=1027610>).\n\nThis was discovered by the Tomcat security team on 12 Oct 2010 and made public on 5 Feb 2011.\n\nAffects: 5.5.0-5.5.29\n\n**Important: Remote Denial Of Service and Information Disclosure Vulnerability** [CVE-2010-2227](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2227>)\n\nSeveral flaws in the handling of the 'Transfer-Encoding' header were found that prevented the recycling of a buffer. A remote attacker could trigger this flaw which would cause subsequent requests to fail and/or information to leak between requests. This flaw is mitigated if Tomcat is behind a reverse proxy (such as Apache httpd 2.2) as the proxy should reject the invalid transfer encoding header.\n\nThis was fixed in [revision 959428](<https://svn.apache.org/viewvc?view=rev&rev=959428>).\n\nThis was first reported to the Tomcat security team on 14 Jun 2010 and made public on 9 Jul 2010.\n\nAffects: 5.5.0-5.5.29\n\n**Low: Information disclosure in authentication headers** [CVE-2010-1157](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1157>)\n\nThe `WWW-Authenticate` HTTP header for BASIC and DIGEST authentication includes a realm name. If a `<realm-name>` element is specified for the application in web.xml it will be used. However, a `<realm-name>` is not specified then Tomcat will generate realm name using the code snippet `request.getServerName() + \":\" + request.getServerPort()`. In some circumstances this can expose the local host name or IP address of the machine running Tomcat. \n\nThis was fixed in [revision 936541](<https://svn.apache.org/viewvc?view=rev&rev=936541>).\n\nThis was first reported to the Tomcat security team on 31 Dec 2009 and made public on 21 Apr 2010.\n\nAffects: 5.5.0-5.5.29", "cvss3": {}, "published": "2010-07-09T00:00:00", "type": "tomcat", "title": "Fixed in Apache Tomcat 5.5.30", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1157", "CVE-2010-2227", "CVE-2010-3718"], "modified": "2010-07-09T00:00:00", "id": "TOMCAT:4659DEAC38E318C13712A886F48A7052", "href": "https://tomcat.apache.org/security-5.html#Fixed_in_Apache_Tomcat_5.5.30", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-12-30T15:23:03", "description": "_Note: The issue below was fixed in Apache Tomcat 7.0.1 but the release vote for the 7.0.1 release candidate did not pass. Therefore, although users must download 7.0.2 to obtain a version that includes a fix for this issue, version 7.0.2 is not included in the list of affected versions._\n\n**Important: Remote Denial Of Service and Information Disclosure Vulnerability** [CVE-2010-2227](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2227>)\n\nSeveral flaws in the handling of the 'Transfer-Encoding' header were found that prevented the recycling of a buffer. A remote attacker could trigger this flaw which would cause subsequent requests to fail and/or information to leak between requests. This flaw is mitigated if Tomcat is behind a reverse proxy (such as Apache httpd 2.2) as the proxy should reject the invalid transfer encoding header.\n\nThis was fixed in [revision 958911](<https://svn.apache.org/viewvc?view=rev&rev=958911>).\n\nThis was first reported to the Tomcat security team on 14 Jun 2010 and made public on 9 Jul 2010.\n\nAffects: 7.0.0", "cvss3": {}, "published": "2010-08-11T00:00:00", "type": "tomcat", "title": "Fixed in Apache Tomcat 7.0.2", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2227"], "modified": "2010-08-11T00:00:00", "id": "TOMCAT:1588F78F09C29F9BFC123F6CFF7D5AA9", "href": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.2", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "nessus": [{"lastseen": "2023-01-11T15:20:41", "description": "This update of tomcat fixes denial of service and information disclosure vulnerabilities which could potentially be exploited by remote attackers to crash tomcat or to obtain sensitive information (CVE-2010-2227, CVE-2010-1157).", "cvss3": {}, "published": "2010-09-16T00:00:00", "type": "nessus", "title": "openSUSE Security Update : tomcat6 (openSUSE-SU-2010:0616-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1157", "CVE-2010-2227"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:tomcat6", "p-cpe:/a:novell:opensuse:tomcat6-admin-webapps", "p-cpe:/a:novell:opensuse:tomcat6-docs-webapp", "p-cpe:/a:novell:opensuse:tomcat6-javadoc", "p-cpe:/a:novell:opensuse:tomcat6-jsp-2_1-api", "p-cpe:/a:novell:opensuse:tomcat6-lib", "p-cpe:/a:novell:opensuse:tomcat6-servlet-2_5-api", "p-cpe:/a:novell:opensuse:tomcat6-webapps", "cpe:/o:novell:opensuse:11.2"], "id": "SUSE_11_2_TOMCAT6-100719.NASL", "href": "https://www.tenable.com/plugins/nessus/49259", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update tomcat6-2739.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(49259);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1157\", \"CVE-2010-2227\");\n\n script_name(english:\"openSUSE Security Update : tomcat6 (openSUSE-SU-2010:0616-1)\");\n script_summary(english:\"Check for the tomcat6-2739 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of tomcat fixes denial of service and information\ndisclosure vulnerabilities which could potentially be exploited by\nremote attackers to crash tomcat or to obtain sensitive information\n(CVE-2010-2227, CVE-2010-1157).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=622188\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-09/msg00022.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat6 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-jsp-2_1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-servlet-2_5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/09/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"tomcat6-6.0.20-24.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"tomcat6-admin-webapps-6.0.20-24.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"tomcat6-docs-webapp-6.0.20-24.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"tomcat6-javadoc-6.0.20-24.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"tomcat6-jsp-2_1-api-6.0.20-24.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"tomcat6-lib-6.0.20-24.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"tomcat6-servlet-2_5-api-6.0.20-24.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"tomcat6-webapps-6.0.20-24.7.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-01-11T15:21:33", "description": "This update of tomcat fixes denial of service and information disclosure vulnerabilities which could potentially be exploited by remote attackers to crash tomcat or to obtain sensitive information (CVE-2010-2227, CVE-2010-1157).", "cvss3": {}, "published": "2010-09-16T00:00:00", "type": "nessus", "title": "openSUSE Security Update : tomcat6 (openSUSE-SU-2010:0616-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1157", "CVE-2010-2227"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:tomcat6", "p-cpe:/a:novell:opensuse:tomcat6-admin-webapps", "p-cpe:/a:novell:opensuse:tomcat6-docs-webapp", "p-cpe:/a:novell:opensuse:tomcat6-javadoc", "p-cpe:/a:novell:opensuse:tomcat6-jsp-2_1-api", "p-cpe:/a:novell:opensuse:tomcat6-lib", "p-cpe:/a:novell:opensuse:tomcat6-servlet-2_5-api", "p-cpe:/a:novell:opensuse:tomcat6-webapps", "cpe:/o:novell:opensuse:11.1"], "id": "SUSE_11_1_TOMCAT6-100719.NASL", "href": "https://www.tenable.com/plugins/nessus/49258", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update tomcat6-2739.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(49258);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1157\", \"CVE-2010-2227\");\n\n script_name(english:\"openSUSE Security Update : tomcat6 (openSUSE-SU-2010:0616-1)\");\n script_summary(english:\"Check for the tomcat6-2739 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of tomcat fixes denial of service and information\ndisclosure vulnerabilities which could potentially be exploited by\nremote attackers to crash tomcat or to obtain sensitive information\n(CVE-2010-2227, CVE-2010-1157).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=622188\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-09/msg00022.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat6 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-jsp-2_1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-servlet-2_5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/09/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"tomcat6-6.0.18-16.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"tomcat6-admin-webapps-6.0.18-16.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"tomcat6-docs-webapp-6.0.18-16.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"tomcat6-javadoc-6.0.18-16.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"tomcat6-jsp-2_1-api-6.0.18-16.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"tomcat6-lib-6.0.18-16.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"tomcat6-servlet-2_5-api-6.0.18-16.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"tomcat6-webapps-6.0.18-16.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-01-11T15:22:49", "description": "This update of tomcat fixes denial of service and information disclosure vulnerabilities which could potentially be exploited by remote attackers to crash tomcat or to obtain sensitive information.\n(CVE-2010-2227 / CVE-2010-1157)", "cvss3": {}, "published": "2010-10-11T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : tomcat5 (ZYPP Patch Number 7099)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1157", "CVE-2010-2227"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_TOMCAT5-7099.NASL", "href": "https://www.tenable.com/plugins/nessus/49930", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(49930);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1157\", \"CVE-2010-2227\");\n\n script_name(english:\"SuSE 10 Security Update : tomcat5 (ZYPP Patch Number 7099)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of tomcat fixes denial of service and information\ndisclosure vulnerabilities which could potentially be exploited by\nremote attackers to crash tomcat or to obtain sensitive information.\n(CVE-2010-2227 / CVE-2010-1157)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1157.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2227.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7099.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"tomcat5-5.5.27-0.10.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"tomcat5-admin-webapps-5.5.27-0.10.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"tomcat5-webapps-5.5.27-0.10.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-01-11T14:22:28", "description": "Versions of Tomcat 6.x earlier than 6.0.28 are potentially affected by multiple vulnerabilities : \n\n - The 'WWW-Authenticate' HTTP header for BASIC and DIGEST authentication could potentially expose the local host name or IP adddress of the machine running Tomcat. (CVE-2010-1157)\n\n - Several flaws in handling of the 'Transfer-Encoding' header exist that could prevent the recycling of a buffer. (CVE-2010-2227)", "cvss3": {}, "published": "2011-02-11T00:00:00", "type": "nessus", "title": "Apache Tomcat 6.0.x < 6.0.28 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1157", "CVE-2010-2227"], "modified": "2011-02-11T00:00:00", "cpe": [], "id": "800595.PRM", "href": "https://www.tenable.com/plugins/lce/800595", "sourceData": "Binary data 800595.prm", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-01-18T14:32:17", "description": "This update of tomcat fixes denial of service and information disclosure vulnerabilities which could potentially be exploited by remote attackers to crash tomcat or to obtain sensitive information (CVE-2010-2227, CVE-2010-1157).", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : tomcat6 (openSUSE-SU-2010:0616-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1157", "CVE-2010-2227"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:tomcat6", "p-cpe:/a:novell:opensuse:tomcat6-admin-webapps", "p-cpe:/a:novell:opensuse:tomcat6-docs-webapp", "p-cpe:/a:novell:opensuse:tomcat6-el-1_0-api", "p-cpe:/a:novell:opensuse:tomcat6-javadoc", "p-cpe:/a:novell:opensuse:tomcat6-jsp-2_1-api", "p-cpe:/a:novell:opensuse:tomcat6-lib", "p-cpe:/a:novell:opensuse:tomcat6-servlet-2_5-api", "p-cpe:/a:novell:opensuse:tomcat6-webapps", "cpe:/o:novell:opensuse:11.3"], "id": "SUSE_11_3_TOMCAT6-100719.NASL", "href": "https://www.tenable.com/plugins/nessus/75759", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update tomcat6-2739.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75759);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1157\", \"CVE-2010-2227\");\n\n script_name(english:\"openSUSE Security Update : tomcat6 (openSUSE-SU-2010:0616-1)\");\n script_summary(english:\"Check for the tomcat6-2739 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of tomcat fixes denial of service and information\ndisclosure vulnerabilities which could potentially be exploited by\nremote attackers to crash tomcat or to obtain sensitive information\n(CVE-2010-2227, CVE-2010-1157).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=622188\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-09/msg00022.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat6 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-el-1_0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-jsp-2_1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-servlet-2_5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"tomcat6-6.0.24-5.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"tomcat6-admin-webapps-6.0.24-5.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"tomcat6-docs-webapp-6.0.24-5.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"tomcat6-el-1_0-api-6.0.24-5.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"tomcat6-javadoc-6.0.24-5.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"tomcat6-jsp-2_1-api-6.0.24-5.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"tomcat6-lib-6.0.24-5.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"tomcat6-servlet-2_5-api-6.0.24-5.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"tomcat6-webapps-6.0.24-5.1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-01-11T14:41:05", "description": "An updated jbossweb package that fixes two security issues is now available for JBoss Enterprise Application Platform 4.2 and 4.3 for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nJBoss Web is the web container, based on Apache Tomcat, in JBoss Enterprise Application Platform. It provides a single deployment platform for the JavaServer Pages (JSP) and Java Servlet technologies, Microsoft .NET, PHP, and CGI.\n\nA flaw was found in the way JBoss Web handled the Transfer-Encoding header in HTTP requests. A specially crafted HTTP request could prevent JBoss Web from sending replies, or cause JBoss Web to return truncated replies, or replies containing data related to the requests of other users, for all subsequent HTTP requests. (CVE-2010-2227)\n\nA possible minor information leak was found in the way JBoss Web generated HTTP BASIC and DIGEST authentication requests. For configurations where a realm name was not specified and JBoss Web was accessed via a proxy, the default generated realm contained the hostname and port used by the proxy to send requests to the JBoss Web server. (CVE-2010-1157)\n\nUsers of JBoss Web should upgrade to this updated package, which upgrades JBoss Web to version 2.0.0.CP14, and resolves these issues.\nThe JBoss server process must be restarted for this update to take effect.", "cvss3": {}, "published": "2013-01-24T00:00:00", "type": "nessus", "title": "RHEL 4 / 5 : jbossweb (RHSA-2010:0584)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1157", "CVE-2010-2227"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:jbossweb", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2010-0584.NASL", "href": "https://www.tenable.com/plugins/nessus/63942", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0584. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63942);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1157\", \"CVE-2010-2227\");\n script_bugtraq_id(39635, 41544);\n script_xref(name:\"RHSA\", value:\"2010:0584\");\n\n script_name(english:\"RHEL 4 / 5 : jbossweb (RHSA-2010:0584)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated jbossweb package that fixes two security issues is now\navailable for JBoss Enterprise Application Platform 4.2 and 4.3 for\nRed Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nJBoss Web is the web container, based on Apache Tomcat, in JBoss\nEnterprise Application Platform. It provides a single deployment\nplatform for the JavaServer Pages (JSP) and Java Servlet technologies,\nMicrosoft .NET, PHP, and CGI.\n\nA flaw was found in the way JBoss Web handled the Transfer-Encoding\nheader in HTTP requests. A specially crafted HTTP request could\nprevent JBoss Web from sending replies, or cause JBoss Web to return\ntruncated replies, or replies containing data related to the requests\nof other users, for all subsequent HTTP requests. (CVE-2010-2227)\n\nA possible minor information leak was found in the way JBoss Web\ngenerated HTTP BASIC and DIGEST authentication requests. For\nconfigurations where a realm name was not specified and JBoss Web was\naccessed via a proxy, the default generated realm contained the\nhostname and port used by the proxy to send requests to the JBoss Web\nserver. (CVE-2010-1157)\n\nUsers of JBoss Web should upgrade to this updated package, which\nupgrades JBoss Web to version 2.0.0.CP14, and resolves these issues.\nThe JBoss server process must be restarted for this update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-1157\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2227\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://tomcat.apache.org/security-6.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0584\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected jbossweb package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/04/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0584\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"jbossweb-2.0.0-6.CP14.0jpp.ep1.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"jbossweb-2.0.0-6.CP14.0jpp.ep1.1.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"jbossweb\");\n }\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-01-11T15:19:23", "description": "According to its self-reported version number, the instance of Apache Tomcat 6.0 listening on the remote host is prior to 6.0.28. It is, therefore, affected by multiple vulnerabilities:\n\n - If a web app is configured to use BASIC or DIGEST authentication and the 'realm-name' attribute is not configured in that web app's 'web.xml' file, the remote server's hostname or IP will be included in replies.\n (CVE-2010-1157)\n\n - An error exists in the handling of invalid values in the 'Transfer-Encoding' header of a request. An attacker can exploit this to cause a denial of service or to disclose sensitive information. (CVE-2010-2227)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2010-08-05T00:00:00", "type": "nessus", "title": "Apache Tomcat 6.0 < 6.0.28 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1157", "CVE-2010-2227"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_6_0_28.NASL", "href": "https://www.tenable.com/plugins/nessus/48255", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48255);\n script_version(\"1.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2010-1157\", \"CVE-2010-2227\");\n script_bugtraq_id(41544);\n script_xref(name:\"SECUNIA\", value:\"39574\");\n\n script_name(english:\"Apache Tomcat 6.0 < 6.0.28 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apache Tomcat server is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the instance of Apache\nTomcat 6.0 listening on the remote host is prior to 6.0.28. It is,\ntherefore, affected by multiple vulnerabilities:\n\n - If a web app is configured to use BASIC or DIGEST\n authentication and the 'realm-name' attribute is not\n configured in that web app's 'web.xml' file, the remote\n server's hostname or IP will be included in replies.\n (CVE-2010-1157)\n\n - An error exists in the handling of invalid values in\n the 'Transfer-Encoding' header of a request. An attacker\n can exploit this to cause a denial of service or to\n disclose sensitive information. (CVE-2010-2227)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://seclists.org/bugtraq/2010/Apr/200\");\n script_set_attribute(attribute:\"see_also\", value:\"http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.28\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Tomcat version 6.0.28 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2010-2227\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/04/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n\n exit(0);\n}\n\ninclude(\"tomcat_version.inc\");\n\ntomcat_check_version(fixed:\"6.0.28\", min:\"6.0.0\", severity:SECURITY_WARNING, granularity_regex:\"^6(\\.0)?$\");\n\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-01-11T15:21:32", "description": "This update of tomcat fixes a denial of service vulnerability and two information disclosure flaws which could potentially be exploited by remote attackers to crash tomcat or to obtain sensitive information.\n(CVE-2010-2227, CVE-2010-1157)", "cvss3": {}, "published": "2010-09-16T00:00:00", "type": "nessus", "title": "SuSE9 Security Update : Tomcat (YOU Patch Number 12625)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1157", "CVE-2010-2227"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE9_12625.NASL", "href": "https://www.tenable.com/plugins/nessus/49255", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(49255);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1157\", \"CVE-2010-2227\");\n\n script_name(english:\"SuSE9 Security Update : Tomcat (YOU Patch Number 12625)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of tomcat fixes a denial of service vulnerability and two\ninformation disclosure flaws which could potentially be exploited by\nremote attackers to crash tomcat or to obtain sensitive information.\n(CVE-2010-2227, CVE-2010-1157)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1157.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2227.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12625.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/09/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"apache-jakarta-tomcat-connectors-5.0.19-29.27\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"apache2-jakarta-tomcat-connectors-5.0.19-29.27\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"jakarta-tomcat-5.0.19-29.27\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"jakarta-tomcat-doc-5.0.19-29.27\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"jakarta-tomcat-examples-5.0.19-29.27\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-01-11T15:14:36", "description": "According to its self-reported version number, the Apache Tomcat server listening on the remote host is 5.5.x prior to 5.5.30. It is, therefore, affected by multiple vulnerabilities :\n\n - An error in the access restriction on a 'ServletContext' attribute which holds the location of the work directory in Tomcat's SecurityManager. A remote attacker may be able to modify the location of the working directory which then allows improper read and write access to arbitrary files and directories in the context of Tomcat.(CVE-2010-3718)\n\n - An error exists in the handling of the 'Transfer-Encoding' header of a client request. This error affects buffer recycling and may lead to the disclosure of sensitive information or allow a denial of service attack to be successful. (CVE-2010-2227)\n\n - An error exists in the handling of the '<realm-name>' element in a web application's web.xml file. If the element is missing from the web.xml file and the application is using BASIC or DIGEST authentication, Tomcat will include the server's hostname or IP address in the 'WWW-Authenticate' header of the response.\n (CVE-2010-1157)\n\nNote that Nessus did not actually test for the flaws but instead has relied on the version in Tomcat's banner or error page so this may be a false positive.", "cvss3": {}, "published": "2010-07-16T00:00:00", "type": "nessus", "title": "Apache Tomcat 5.5.x < 5.5.30", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1157", "CVE-2010-2227", "CVE-2010-3718"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_TRANSFER_ENCODING.NASL", "href": "https://www.tenable.com/plugins/nessus/47749", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(47749);\n script_version(\"1.36\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2010-1157\", \"CVE-2010-2227\", \"CVE-2010-3718\");\n script_bugtraq_id(39635, 41544, 46177);\n script_xref(name:\"SECUNIA\", value:\"39574\");\n script_xref(name:\"SECUNIA\", value:\"43198\");\n\n script_name(english:\"Apache Tomcat 5.5.x < 5.5.30\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apache Tomcat server is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the Apache Tomcat\nserver listening on the remote host is 5.5.x prior to 5.5.30. It is,\ntherefore, affected by multiple vulnerabilities :\n\n - An error in the access restriction on a 'ServletContext'\n attribute which holds the location of the work\n directory in Tomcat's SecurityManager. A remote attacker\n may be able to modify the location of the working\n directory which then allows improper read and write\n access to arbitrary files and directories in the context\n of Tomcat.(CVE-2010-3718)\n\n - An error exists in the handling of the\n 'Transfer-Encoding' header of a client request. This\n error affects buffer recycling and may lead to the\n disclosure of sensitive information or allow a denial\n of service attack to be successful. (CVE-2010-2227)\n\n - An error exists in the handling of the '<realm-name>'\n element in a web application's web.xml file. If the\n element is missing from the web.xml file and the\n application is using BASIC or DIGEST authentication,\n Tomcat will include the server's hostname or IP address\n in the 'WWW-Authenticate' header of the response.\n (CVE-2010-1157)\n\nNote that Nessus did not actually test for the flaws but instead has\nrelied on the version in Tomcat's banner or error page so this may be\na false positive.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://tomcat.apache.org/security-5.html#Fixed_in_Apache_Tomcat_5.5.30\");\n script_set_attribute(attribute:\"see_also\", value:\"http://seclists.org/bugtraq/2010/Apr/200\");\n # http://old.nabble.com/How-to-reproduce-tomcat-security-vulnerabilities-td29775490.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?809a4670\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/fulldisclosure/2011/Feb/74\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Tomcat version 5.5.30 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2010-2227\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/07/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_ATTACK);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n\n exit(0);\n}\n\ninclude(\"tomcat_version.inc\");\n\ntomcat_check_version(fixed:\"5.5.30\", min:\"5.5.0\", severity:SECURITY_WARNING, granularity_regex:\"^5(\\.5)?$\");\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-01-11T14:22:39", "description": "According to its self-reported version number, the Apache Tomcat server listening on the remote host is 5.5.x prior to 5.5.30. It is, therefore, affected by multiple vulnerabilities:\n\n - An error in the access restriction on a 'ServletContext' attribute which holds the location of the work directory in Tomcat's SecurityManager. A remote attacker may be able to modify the location of the working directory which then allows improper read and write access to arbitrary files and directories in the context of Tomcat.(CVE-2010-3718)\n\n - An error exists in the handling of the 'Transfer-Encoding' header of a client request. This error affects buffer recycling and may lead to the disclosure of sensitive information or allow a denial of service attack to be successful. (CVE-2010-2227)\n\n - An error exists in the handling of the '<realm-name>' element in a web application's web.xml file. If the element is missing from the web.xml file and the application is using BASIC or DIGEST authentication, Tomcat will include the server's hostname or IP address in the 'WWW-Authenticate' header of the response. (CVE-2010-1157)\n\nNote that Nessus Network Monitor did not actually test for the flaws but instead has relied on the version in Tomcat's banner or error page so this may be a false positive.", "cvss3": {}, "published": "2011-02-11T00:00:00", "type": "nessus", "title": "Apache Tomcat 5.5.x < 5.5.30 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1157", "CVE-2010-2227", "CVE-2010-3718"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*"], "id": "5786.PASL", "href": "https://www.tenable.com/plugins/nnm/5786", "sourceData": "Binary data 5786.pasl", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-01-11T14:22:28", "description": "Versions of Tomcat 5.x earlier than 5.5.30 are potentially affected by multiple vulnerabilities : \n\n - The 'WWW-Authenticate' HTTP header for BASIC and DIGEST authentcation may expose the local host name or IP address of the machine running Tomcat. (CVE-2010-1157)\n\n - Several flaws in the handling of the 'Tansfer-Encoding' header could prevent the recycling of buffer. (CVE-2010-2227)\n\n - When running under a SecurityManager, it is possible for web applications to be granted read/write permissions to any area on the file system. (CVE-2010-3718)", "cvss3": {}, "published": "2011-02-11T00:00:00", "type": "nessus", "title": "Apache Tomcat 5.5.x < 5.5.30 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1157", "CVE-2010-2227", "CVE-2010-3718"], "modified": "2011-02-11T00:00:00", "cpe": [], "id": "800613.PRM", "href": "https://www.tenable.com/plugins/lce/800613", "sourceData": "Binary data 800613.prm", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-01-11T15:21:55", "description": "Multiple vulnerabilities has been found and corrected in tomcat5 :\n\nDirectory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry (CVE-2009-2693).\n\nThe autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests (CVE-2009-2901).\n\nDirectory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename (CVE-2009-2902).\n\nApache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply (CVE-2010-1157).\n\nApache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with recycling of a buffer. (CVE-2010-2227)\n\nPackages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149&products_id=4 90\n\nThe updated packages have been patched to correct these issues.", "cvss3": {}, "published": "2010-09-13T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : tomcat5 (MDVSA-2010:177)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2693", "CVE-2009-2901", "CVE-2009-2902", "CVE-2010-1157", "CVE-2010-2227"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:tomcat5", "p-cpe:/a:mandriva:linux:tomcat5-admin-webapps", "p-cpe:/a:mandriva:linux:tomcat5-common-lib", "p-cpe:/a:mandriva:linux:tomcat5-jasper", "p-cpe:/a:mandriva:linux:tomcat5-jasper-eclipse", "p-cpe:/a:mandriva:linux:tomcat5-jasper-javadoc", "p-cpe:/a:mandriva:linux:tomcat5-jsp-2.0-api", "p-cpe:/a:mandriva:linux:tomcat5-jsp-2.0-api-javadoc", "p-cpe:/a:mandriva:linux:tomcat5-server-lib", "p-cpe:/a:mandriva:linux:tomcat5-servlet-2.4-api", "p-cpe:/a:mandriva:linux:tomcat5-servlet-2.4-api-javadoc", "p-cpe:/a:mandriva:linux:tomcat5-webapps", "cpe:/o:mandriva:linux:2009.0", "cpe:/o:mandriva:linux:2009.1", "cpe:/o:mandriva:linux:2010.0", "cpe:/o:mandriva:linux:2010.1"], "id": "MANDRIVA_MDVSA-2010-177.NASL", "href": "https://www.tenable.com/plugins/nessus/49207", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2010:177. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(49207);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-2693\", \"CVE-2009-2901\", \"CVE-2009-2902\", \"CVE-2010-1157\", \"CVE-2010-2227\");\n script_bugtraq_id(37942, 37945, 39635, 41544);\n script_xref(name:\"MDVSA\", value:\"2010:177\");\n\n script_name(english:\"Mandriva Linux Security Advisory : tomcat5 (MDVSA-2010:177)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been found and corrected in tomcat5 :\n\nDirectory traversal vulnerability in Apache Tomcat 5.5.0 through\n5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or\noverwrite arbitrary files via a .. (dot dot) in an entry in a WAR\nfile, as demonstrated by a ../../bin/catalina.bat entry\n(CVE-2009-2693).\n\nThe autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and\n6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase\nfiles that remain from a failed undeploy, which might allow remote\nattackers to bypass intended authentication requirements via HTTP\nrequests (CVE-2009-2901).\n\nDirectory traversal vulnerability in Apache Tomcat 5.5.0 through\n5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete\nwork-directory files via directory traversal sequences in a WAR\nfilename, as demonstrated by the ...war filename (CVE-2009-2902).\n\nApache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might\nallow remote attackers to discover the server's hostname or IP address\nby sending a request for a resource that requires (1) BASIC or (2)\nDIGEST authentication, and then reading the realm field in the\nWWW-Authenticate header in the reply (CVE-2010-1157).\n\nApache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0\nbeta does not properly handle an invalid Transfer-Encoding header,\nwhich allows remote attackers to cause a denial of service\n(application outage) or obtain sensitive information via a crafted\nheader that interferes with recycling of a buffer. (CVE-2010-2227)\n\nPackages for 2009.0 are provided as of the Extended Maintenance\nProgram. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149&products_id=4\n90\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(22, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-common-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-jasper-eclipse\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-jasper-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-jsp-2.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-jsp-2.0-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-server-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-servlet-2.4-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-servlet-2.4-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/09/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tomcat5-5.5.27-0.3.0.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tomcat5-admin-webapps-5.5.27-0.3.0.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tomcat5-common-lib-5.5.27-0.3.0.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tomcat5-jasper-5.5.27-0.3.0.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tomcat5-jasper-eclipse-5.5.27-0.3.0.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tomcat5-jasper-javadoc-5.5.27-0.3.0.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tomcat5-jsp-2.0-api-5.5.27-0.3.0.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.27-0.3.0.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tomcat5-server-lib-5.5.27-0.3.0.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tomcat5-servlet-2.4-api-5.5.27-0.3.0.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.27-0.3.0.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tomcat5-webapps-5.5.27-0.3.0.3mdv2009.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.1\", reference:\"tomcat5-5.5.27-0.3.0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"tomcat5-admin-webapps-5.5.27-0.3.0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"tomcat5-common-lib-5.5.27-0.3.0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"tomcat5-jasper-5.5.27-0.3.0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"tomcat5-jasper-eclipse-5.5.27-0.3.0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"tomcat5-jasper-javadoc-5.5.27-0.3.0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"tomcat5-jsp-2.0-api-5.5.27-0.3.0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.27-0.3.0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"tomcat5-server-lib-5.5.27-0.3.0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"tomcat5-servlet-2.4-api-5.5.27-0.3.0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.27-0.3.0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"tomcat5-webapps-5.5.27-0.3.0.2mdv2009.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.0\", reference:\"tomcat5-5.5.27-0.5.0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tomcat5-admin-webapps-5.5.27-0.5.0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tomcat5-common-lib-5.5.27-0.5.0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tomcat5-jasper-5.5.27-0.5.0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tomcat5-jasper-eclipse-5.5.27-0.5.0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tomcat5-jasper-javadoc-5.5.27-0.5.0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tomcat5-jsp-2.0-api-5.5.27-0.5.0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.27-0.5.0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tomcat5-server-lib-5.5.27-0.5.0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tomcat5-servlet-2.4-api-5.5.27-0.5.0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.27-0.5.0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tomcat5-webapps-5.5.27-0.5.0.1mdv2010.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-5.5.28-0.5.0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-admin-webapps-5.5.28-0.5.0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-common-lib-5.5.28-0.5.0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-jasper-5.5.28-0.5.0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-jasper-eclipse-5.5.28-0.5.0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-jasper-javadoc-5.5.28-0.5.0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-jsp-2.0-api-5.5.28-0.5.0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.28-0.5.0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-server-lib-5.5.28-0.5.0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-servlet-2.4-api-5.5.28-0.5.0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.28-0.5.0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-webapps-5.5.28-0.5.0.1mdv2010.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-01-11T15:24:42", "description": "- Includes security fix for CVE-2010-2227.\n\n - commons-dbcp-tomcat5, commons-collections-tomcat5, and commons-pool-tomcat5 have been dropped in favor of jakarta-commons-collections, jakarta-commons-pool, and jakarta-commons-dbcp\n\n - Directory permissions fixed\n\n - tomcat user shell fixed\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2010-11-02T00:00:00", "type": "nessus", "title": "Fedora 13 : tomcat6-6.0.26-11.fc13 (2010-16270)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2227"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:tomcat6", "cpe:/o:fedoraproject:fedora:13"], "id": "FEDORA_2010-16270.NASL", "href": "https://www.tenable.com/plugins/nessus/50439", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-16270.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50439);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-2227\");\n script_xref(name:\"FEDORA\", value:\"2010-16270\");\n\n script_name(english:\"Fedora 13 : tomcat6-6.0.26-11.fc13 (2010-16270)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Includes security fix for CVE-2010-2227.\n\n - commons-dbcp-tomcat5, commons-collections-tomcat5, and\n commons-pool-tomcat5 have been dropped in favor of\n jakarta-commons-collections, jakarta-commons-pool, and\n jakarta-commons-dbcp\n\n - Directory permissions fixed\n\n - tomcat user shell fixed\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=612799\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-November/050214.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d5d7d2d2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat6 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:13\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^13([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 13.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC13\", reference:\"tomcat6-6.0.26-11.fc13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-01-11T15:25:13", "description": "Replaces tomcat6-6.0.26-13.fc14\n\n - Resolves rhbz#640686 - Upgrade of tomcat6 wipes out directories\n\n - WARNING - Back up all files that need to be preserved before package update or uninstall - WARNING\n\nCVE-2010-2227 applied\n\nSeveral Bug fixes :\n\n - tomcat user shell\n\n - Multiple instances of tomcat not working (not sure this is the right fix).\n\n - init script LSB compliance\n\n - Update commons libs - no longer commons-xxx-tomcat5\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2010-11-15T00:00:00", "type": "nessus", "title": "Fedora 14 : tomcat6-6.0.26-14.fc14 (2010-16528)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2227"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:tomcat6", "cpe:/o:fedoraproject:fedora:14"], "id": "FEDORA_2010-16528.NASL", "href": "https://www.tenable.com/plugins/nessus/50593", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-16528.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50593);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-2227\");\n script_bugtraq_id(41544);\n script_xref(name:\"FEDORA\", value:\"2010-16528\");\n\n script_name(english:\"Fedora 14 : tomcat6-6.0.26-14.fc14 (2010-16528)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Replaces tomcat6-6.0.26-13.fc14\n\n - Resolves rhbz#640686 - Upgrade of tomcat6 wipes out\n directories\n\n - WARNING - Back up all files that need to be preserved\n before package update or uninstall - WARNING\n\nCVE-2010-2227 applied\n\nSeveral Bug fixes :\n\n - tomcat user shell\n\n - Multiple instances of tomcat not working (not sure\n this is the right fix).\n\n - init script LSB compliance\n\n - Update commons libs - no longer commons-xxx-tomcat5\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=612799\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-November/050840.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?68aa68de\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat6 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"tomcat6-6.0.26-14.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-01-11T15:25:00", "description": "- Includes security fix for CVE-2010-2227.\n\n - Package updated to new upstream version tomcat-6.0.26\n\n - commons-dbcp-tomcat5, commons-collections-tomcat5, and commons-pool-tomcat5 have been dropped in favor of commons-collections, commons-pool, and commons-dbcp\n\n - Directory permissions fixed\n\n - tomcat user shell fixed\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2010-11-02T00:00:00", "type": "nessus", "title": "Fedora 12 : tomcat6-6.0.26-3.fc12 (2010-16248)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2227"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:tomcat6", "cpe:/o:fedoraproject:fedora:12"], "id": "FEDORA_2010-16248.NASL", "href": "https://www.tenable.com/plugins/nessus/50438", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-16248.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50438);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-2227\");\n script_xref(name:\"FEDORA\", value:\"2010-16248\");\n\n script_name(english:\"Fedora 12 : tomcat6-6.0.26-3.fc12 (2010-16248)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Includes security fix for CVE-2010-2227.\n\n - Package updated to new upstream version tomcat-6.0.26\n\n - commons-dbcp-tomcat5, commons-collections-tomcat5, and\n commons-pool-tomcat5 have been dropped in favor of\n commons-collections, commons-pool, and commons-dbcp\n\n - Directory permissions fixed\n\n - tomcat user shell fixed\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=612799\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-November/050207.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2a9d6f8e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat6 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"tomcat6-6.0.26-3.fc12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-01-11T14:22:31", "description": "According to its self-reported version number, the Apache Tomcat instance listening on the remote host is prior to 7.0.2. It is, therefore, affected by a denial of service vulnerability which could also lead to information disclosure. A remote attacker could trigger flaws in the handling of the Transfer-Encoding header to cause a denial of service or potentially leak information.\n\\Note that Nessus Network Monitor has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2011-02-14T00:00:00", "type": "nessus", "title": "Apache Tomcat 7.0.x < 7.0.2 Denial of Service and Information Disclosure", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2227"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*"], "id": "5791.PASL", "href": "https://www.tenable.com/plugins/nnm/5791", "sourceData": "Binary data 5791.pasl", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-01-11T14:44:38", "description": "According to its self-reported version number, the Apache Tomcat instance listening on the remote host is prior to 7.0.2. It is, therefore, affected by a denial of service vulnerability which could also lead to information disclosure. A remote attacker could trigger flaws in the handling of the Transfer-Encoding header to cause a denial of service or potentially leak information.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-01-11T00:00:00", "type": "nessus", "title": "Apache Tomcat < 7.0.2 Denial of Service and Information Disclosure", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2227"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_7_0_2.NASL", "href": "https://www.tenable.com/plugins/nessus/121115", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121115);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2010-2227\");\n\n script_name(english:\"Apache Tomcat < 7.0.2 Denial of Service and Information Disclosure\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apache Tomcat server is affected by denial of\nservice and information disclosure vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the Apache Tomcat\ninstance listening on the remote host is prior to 7.0.2. It is,\ntherefore, affected by a denial of service vulnerability which\ncould also lead to information disclosure. A remote attacker\ncould trigger flaws in the handling of the Transfer-Encoding\nheader to cause a denial of service or potentially leak\ninformation.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Tomcat version 7.0.2 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2010-2227\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/07/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n\n exit(0);\n}\n\ninclude(\"tomcat_version.inc\");\n\ntomcat_check_version(fixed:\"7.0.2\", min:\"7.0.0\", severity:SECURITY_WARNING, granularity_regex:\"^7(\\.0)?$\");\n\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-01-11T15:19:23", "description": "It was discovered that Tomcat incorrectly handled invalid Transfer-Encoding headers. A remote attacker could send specially crafted requests containing invalid headers to the server and cause a denial of service, or possibly obtain sensitive information from other requests.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2010-08-26T00:00:00", "type": "nessus", "title": "Ubuntu 9.04 / 9.10 / 10.04 LTS : tomcat6 vulnerability (USN-976-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2227"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libservlet2.5-java", "p-cpe:/a:canonical:ubuntu_linux:libservlet2.5-java-doc", "p-cpe:/a:canonical:ubuntu_linux:libtomcat6-java", "p-cpe:/a:canonical:ubuntu_linux:tomcat6", "p-cpe:/a:canonical:ubuntu_linux:tomcat6-admin", "p-cpe:/a:canonical:ubuntu_linux:tomcat6-common", "p-cpe:/a:canonical:ubuntu_linux:tomcat6-docs", "p-cpe:/a:canonical:ubuntu_linux:tomcat6-examples", "p-cpe:/a:canonical:ubuntu_linux:tomcat6-user", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:9.04", "cpe:/o:canonical:ubuntu_linux:9.10"], "id": "UBUNTU_USN-976-1.NASL", "href": "https://www.tenable.com/plugins/nessus/48757", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-976-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(48757);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2019/09/19 12:54:26\");\n\n script_cve_id(\"CVE-2010-2227\");\n script_bugtraq_id(41544);\n script_xref(name:\"USN\", value:\"976-1\");\n\n script_name(english:\"Ubuntu 9.04 / 9.10 / 10.04 LTS : tomcat6 vulnerability (USN-976-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that Tomcat incorrectly handled invalid\nTransfer-Encoding headers. A remote attacker could send specially\ncrafted requests containing invalid headers to the server and cause a\ndenial of service, or possibly obtain sensitive information from other\nrequests.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/976-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libservlet2.5-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libservlet2.5-java-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libtomcat6-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:tomcat6-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:tomcat6-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:tomcat6-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:tomcat6-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:tomcat6-user\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/07/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(9\\.04|9\\.10|10\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 9.04 / 9.10 / 10.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libservlet2.5-java\", pkgver:\"6.0.18-0ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libservlet2.5-java-doc\", pkgver:\"6.0.18-0ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libtomcat6-java\", pkgver:\"6.0.18-0ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"tomcat6\", pkgver:\"6.0.18-0ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"tomcat6-admin\", pkgver:\"6.0.18-0ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"tomcat6-common\", pkgver:\"6.0.18-0ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"tomcat6-docs\", pkgver:\"6.0.18-0ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"tomcat6-examples\", pkgver:\"6.0.18-0ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"tomcat6-user\", pkgver:\"6.0.18-0ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libservlet2.5-java\", pkgver:\"6.0.20-2ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libservlet2.5-java-doc\", pkgver:\"6.0.20-2ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libtomcat6-java\", pkgver:\"6.0.20-2ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"tomcat6\", pkgver:\"6.0.20-2ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"tomcat6-admin\", pkgver:\"6.0.20-2ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"tomcat6-common\", pkgver:\"6.0.20-2ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"tomcat6-docs\", pkgver:\"6.0.20-2ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"tomcat6-examples\", pkgver:\"6.0.20-2ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"tomcat6-user\", pkgver:\"6.0.20-2ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libservlet2.5-java\", pkgver:\"6.0.24-2ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libservlet2.5-java-doc\", pkgver:\"6.0.24-2ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libtomcat6-java\", pkgver:\"6.0.24-2ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"tomcat6\", pkgver:\"6.0.24-2ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"tomcat6-admin\", pkgver:\"6.0.24-2ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"tomcat6-common\", pkgver:\"6.0.24-2ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"tomcat6-docs\", pkgver:\"6.0.24-2ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"tomcat6-examples\", pkgver:\"6.0.24-2ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"tomcat6-user\", pkgver:\"6.0.24-2ubuntu1.3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libservlet2.5-java / libservlet2.5-java-doc / libtomcat6-java / etc\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-01-11T14:22:27", "description": "Versions of Tomcat 7.0.x earlier than 7.0.2 are potentially affected by a denial of service vulnerability because several flaws in the handling of the 'Transfer-Encoding header could prevent the recycling of a buffer.", "cvss3": {}, "published": "2011-02-14T00:00:00", "type": "nessus", "title": "Apache Tomcat 7.0.x < 7.0.2 Denial of Service Vulnerability", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2227"], "modified": "2011-02-14T00:00:00", "cpe": [], "id": "800611.PRM", "href": "https://www.tenable.com/plugins/lce/800611", "sourceData": "Binary data 800611.prm", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-01-11T15:08:02", "description": "The Apache software foundation reports :\n\nThe 'WWW-Authenticate' header for BASIC and DIGEST authentication includes a realm name. If a <realm-name> element is specified for the application in web.xml it will be used. However, a <realm-name> is not specified then Tomcat will generate one.\n\nIn some circumstances this can expose the local hostname or IP address of the machine running Tomcat.", "cvss3": {}, "published": "2010-04-26T00:00:00", "type": "nessus", "title": "FreeBSD : tomcat -- information disclosure vulnerability (3383e706-4fc3-11df-83fb-0015587e2cc1)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1157"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:tomcat", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_3383E7064FC311DF83FB0015587E2CC1.NASL", "href": "https://www.tenable.com/plugins/nessus/45613", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(45613);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2010-1157\");\n\n script_name(english:\"FreeBSD : tomcat -- information disclosure vulnerability (3383e706-4fc3-11df-83fb-0015587e2cc1)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Apache software foundation reports :\n\nThe 'WWW-Authenticate' header for BASIC and DIGEST authentication\nincludes a realm name. If a <realm-name> element is specified for the\napplication in web.xml it will be used. However, a <realm-name> is not\nspecified then Tomcat will generate one.\n\nIn some circumstances this can expose the local hostname or IP address\nof the machine running Tomcat.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=146022\"\n );\n # http://seclists.org/bugtraq/2010/Apr/200\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://seclists.org/bugtraq/2010/Apr/200\"\n );\n # https://vuxml.freebsd.org/freebsd/3383e706-4fc3-11df-83fb-0015587e2cc1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a444f43\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/04/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/04/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"tomcat>5.5.0<5.5.30\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"tomcat>6.0.0<6.0.27\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:pkg_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T14:27:04", "description": "Various vulnerabilities have been discovered in the Tomcat Servlet and JSP engine, resulting in denial of service, cross-site scripting, information disclosure and WAR file traversal. Further details on the individual security issues can be found on the Apache Tomcat 5 vulnerabilities page.", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "baseScore": 4.2, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.4}, "published": "2011-03-30T00:00:00", "type": "nessus", "title": "Debian DSA-2207-1 : tomcat5.5 - several vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5515", "CVE-2009-0033", "CVE-2009-0580", "CVE-2009-0781", "CVE-2009-0783", "CVE-2009-2693", "CVE-2009-2902", "CVE-2010-1157", "CVE-2010-2227"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:tomcat5.5", "cpe:/o:debian:debian_linux:5.0"], "id": "DEBIAN_DSA-2207.NASL", "href": "https://www.tenable.com/plugins/nessus/53212", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2207. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53212);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2008-5515\", \"CVE-2009-0033\", \"CVE-2009-0580\", \"CVE-2009-0781\", \"CVE-2009-0783\", \"CVE-2009-2693\", \"CVE-2009-2902\", \"CVE-2010-1157\", \"CVE-2010-2227\");\n script_bugtraq_id(35193, 35196, 35263, 35416, 37944, 37945, 39635, 41544);\n script_xref(name:\"DSA\", value:\"2207\");\n\n script_name(english:\"Debian DSA-2207-1 : tomcat5.5 - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Various vulnerabilities have been discovered in the Tomcat Servlet and\nJSP engine, resulting in denial of service, cross-site scripting,\ninformation disclosure and WAR file traversal. Further details on the\nindividual security issues can be found on the Apache Tomcat 5\nvulnerabilities page.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://tomcat.apache.org/security-5.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2011/dsa-2207\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the tomcat5.5 packages.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 5.5.26-5lenny2.\n\nThe stable distribution (squeeze) no longer contains tomcat5.5.\ntomcat6 is already fixed.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(20, 22, 79, 200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat5.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/03/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/03/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/03/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"tomcat5.5\", reference:\"5.5.26-5lenny2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-01-11T15:20:35", "description": "Multiple vulnerabilities has been found and corrected in tomcat5 :\n\nApache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (') characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE:\nthis issue exists because of an incomplete fix for CVE-2007-3385 (CVE-2007-5333).\n\nApache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request (CVE-2008-5515).\n\nApache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header (CVE-2009-0033).\n\nApache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter (CVE-2009-0580).\n\nApache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application (CVE-2009-0783).\n\nDirectory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry (CVE-2009-2693).\n\nThe autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests (CVE-2009-2901).\n\nDirectory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename (CVE-2009-2902).\n\nApache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply (CVE-2010-1157).\n\nApache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with recycling of a buffer. (CVE-2010-2227)\n\nPackages for 2008.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149&products_id=4 90\n\nThe updated packages have been patched to correct these issues.", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "baseScore": 4.2, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.4}, "published": "2010-09-13T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : tomcat5 (MDVSA-2010:176)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-3385", "CVE-2007-5333", "CVE-2008-5515", "CVE-2009-0033", "CVE-2009-0580", "CVE-2009-0783", "CVE-2009-2693", "CVE-2009-2901", "CVE-2009-2902", "CVE-2010-1157", "CVE-2010-2227"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:tomcat5", "p-cpe:/a:mandriva:linux:tomcat5-admin-webapps", "p-cpe:/a:mandriva:linux:tomcat5-common-lib", "p-cpe:/a:mandriva:linux:tomcat5-jasper", "p-cpe:/a:mandriva:linux:tomcat5-jasper-javadoc", "p-cpe:/a:mandriva:linux:tomcat5-jsp-2.0-api", "p-cpe:/a:mandriva:linux:tomcat5-jsp-2.0-api-javadoc", "p-cpe:/a:mandriva:linux:tomcat5-server-lib", "p-cpe:/a:mandriva:linux:tomcat5-servlet-2.4-api", "p-cpe:/a:mandriva:linux:tomcat5-servlet-2.4-api-javadoc", "p-cpe:/a:mandriva:linux:tomcat5-webapps", "cpe:/o:mandriva:linux:2008.0"], "id": "MANDRIVA_MDVSA-2010-176.NASL", "href": "https://www.tenable.com/plugins/nessus/49206", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2010:176. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(49206);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-5333\", \"CVE-2008-5515\", \"CVE-2009-0033\", \"CVE-2009-0580\", \"CVE-2009-0783\", \"CVE-2009-2693\", \"CVE-2009-2901\", \"CVE-2009-2902\", \"CVE-2010-1157\", \"CVE-2010-2227\");\n script_bugtraq_id(27706, 35193, 35196, 35263, 35416, 37942, 37944, 37945, 39635, 41544);\n script_xref(name:\"MDVSA\", value:\"2010:176\");\n\n script_name(english:\"Mandriva Linux Security Advisory : tomcat5 (MDVSA-2010:176)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been found and corrected in tomcat5 :\n\nApache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0\nthrough 4.1.36 does not properly handle (1) double quote (')\ncharacters or (2) %5C (encoded backslash) sequences in a cookie value,\nwhich might cause sensitive information such as session IDs to be\nleaked to remote attackers and enable session hijacking attacks. NOTE:\nthis issue exists because of an incomplete fix for CVE-2007-3385\n(CVE-2007-5333).\n\nApache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0\nthrough 6.0.18, and possibly earlier versions normalizes the target\npathname before filtering the query string when using the\nRequestDispatcher method, which allows remote attackers to bypass\nintended access restrictions and conduct directory traversal attacks\nvia .. (dot dot) sequences and the WEB-INF directory in a Request\n(CVE-2008-5515).\n\nApache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0\nthrough 6.0.18, when the Java AJP connector and mod_jk load balancing\nare used, allows remote attackers to cause a denial of service\n(application outage) via a crafted request with invalid headers,\nrelated to temporary blocking of connectors that have encountered\nerrors, as demonstrated by an error involving a malformed HTTP Host\nheader (CVE-2009-0033).\n\nApache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0\nthrough 6.0.18, when FORM authentication is used, allows remote\nattackers to enumerate valid usernames via requests to\n/j_security_check with malformed URL encoding of passwords, related to\nimproper error checking in the (1) MemoryRealm, (2) DataSourceRealm,\nand (3) JDBCRealm authentication realms, as demonstrated by a %\n(percent) value for the j_password parameter (CVE-2009-0580).\n\nApache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0\nthrough 6.0.18 permits web applications to replace an XML parser used\nfor other web applications, which allows local users to read or modify\nthe (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web\napplications via a crafted application that is loaded earlier than the\ntarget application (CVE-2009-0783).\n\nDirectory traversal vulnerability in Apache Tomcat 5.5.0 through\n5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or\noverwrite arbitrary files via a .. (dot dot) in an entry in a WAR\nfile, as demonstrated by a ../../bin/catalina.bat entry\n(CVE-2009-2693).\n\nThe autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and\n6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase\nfiles that remain from a failed undeploy, which might allow remote\nattackers to bypass intended authentication requirements via HTTP\nrequests (CVE-2009-2901).\n\nDirectory traversal vulnerability in Apache Tomcat 5.5.0 through\n5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete\nwork-directory files via directory traversal sequences in a WAR\nfilename, as demonstrated by the ...war filename (CVE-2009-2902).\n\nApache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might\nallow remote attackers to discover the server's hostname or IP address\nby sending a request for a resource that requires (1) BASIC or (2)\nDIGEST authentication, and then reading the realm field in the\nWWW-Authenticate header in the reply (CVE-2010-1157).\n\nApache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0\nbeta does not properly handle an invalid Transfer-Encoding header,\nwhich allows remote attackers to cause a denial of service\n(application outage) or obtain sensitive information via a crafted\nheader that interferes with recycling of a buffer. (CVE-2010-2227)\n\nPackages for 2008.0 are provided as of the Extended Maintenance\nProgram. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149&products_id=4\n90\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(20, 22, 200, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-common-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-jasper-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-jsp-2.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-jsp-2.0-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-server-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-servlet-2.4-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-servlet-2.4-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/09/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tomcat5-5.5.23-9.2.10.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tomcat5-admin-webapps-5.5.23-9.2.10.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tomcat5-common-lib-5.5.23-9.2.10.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tomcat5-jasper-5.5.23-9.2.10.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tomcat5-jasper-javadoc-5.5.23-9.2.10.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tomcat5-jsp-2.0-api-5.5.23-9.2.10.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-9.2.10.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tomcat5-server-lib-5.5.23-9.2.10.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tomcat5-servlet-2.4-api-5.5.23-9.2.10.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-9.2.10.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tomcat5-webapps-5.5.23-9.2.10.3mdv2008.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-01-11T15:20:03", "description": "Updated tomcat5 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nA flaw was found in the way Tomcat handled the Transfer-Encoding header in HTTP requests. A specially crafted HTTP request could prevent Tomcat from sending replies, or cause Tomcat to return truncated replies, or replies containing data related to the requests of other users, for all subsequent HTTP requests. (CVE-2010-2227)\n\nThe Tomcat security update RHSA-2009:1164 did not, unlike the erratum text stated, provide a fix for CVE-2009-0781, a cross-site scripting (XSS) flaw in the examples calendar application. With some web browsers, remote attackers could use this flaw to inject arbitrary web script or HTML via the 'time' parameter. (CVE-2009-2696)\n\nTwo directory traversal flaws were found in the Tomcat deployment process. A specially crafted WAR file could, when deployed, cause a file to be created outside of the web root into any directory writable by the Tomcat user, or could lead to the deletion of files in the Tomcat host's work directory. (CVE-2009-2693, CVE-2009-2902)\n\nUsers of Tomcat should upgrade to these updated packages, which contain backported patches to resolve these issues. Tomcat must be restarted for this update to take effect.", "cvss3": {}, "published": "2010-08-03T00:00:00", "type": "nessus", "title": "RHEL 5 : tomcat5 (RHSA-2010:0580)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-0781", "CVE-2009-2693", "CVE-2009-2696", "CVE-2009-2902", "CVE-2010-2227"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:tomcat5", "p-cpe:/a:redhat:enterprise_linux:tomcat5-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat5-common-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat5-jasper", "p-cpe:/a:redhat:enterprise_linux:tomcat5-jasper-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat5-jsp-2.0-api", "p-cpe:/a:redhat:enterprise_linux:tomcat5-jsp-2.0-api-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat5-server-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat5-servlet-2.4-api", "p-cpe:/a:redhat:enterprise_linux:tomcat5-servlet-2.4-api-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat5-webapps", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2010-0580.NASL", "href": "https://www.tenable.com/plugins/nessus/48231", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0580. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48231);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0781\", \"CVE-2009-2693\", \"CVE-2009-2696\", \"CVE-2009-2902\", \"CVE-2010-2227\");\n script_xref(name:\"RHSA\", value:\"2010:0580\");\n\n script_name(english:\"RHEL 5 : tomcat5 (RHSA-2010:0580)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated tomcat5 packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nA flaw was found in the way Tomcat handled the Transfer-Encoding\nheader in HTTP requests. A specially crafted HTTP request could\nprevent Tomcat from sending replies, or cause Tomcat to return\ntruncated replies, or replies containing data related to the requests\nof other users, for all subsequent HTTP requests. (CVE-2010-2227)\n\nThe Tomcat security update RHSA-2009:1164 did not, unlike the erratum\ntext stated, provide a fix for CVE-2009-0781, a cross-site scripting\n(XSS) flaw in the examples calendar application. With some web\nbrowsers, remote attackers could use this flaw to inject arbitrary web\nscript or HTML via the 'time' parameter. (CVE-2009-2696)\n\nTwo directory traversal flaws were found in the Tomcat deployment\nprocess. A specially crafted WAR file could, when deployed, cause a\nfile to be created outside of the web root into any directory writable\nby the Tomcat user, or could lead to the deletion of files in the\nTomcat host's work directory. (CVE-2009-2693, CVE-2009-2902)\n\nUsers of Tomcat should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. Tomcat must be\nrestarted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2693\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2696\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2902\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2227\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://tomcat.apache.org/security-5.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0580\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(22, 79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-common-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-jasper-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-jsp-2.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-jsp-2.0-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-server-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-servlet-2.4-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-servlet-2.4-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/03/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0580\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-common-lib-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-common-lib-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-common-lib-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-jasper-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-jasper-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-jasper-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-server-lib-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-server-lib-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-server-lib-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-webapps-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-webapps-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-webapps-5.5.23-0jpp.9.el5_5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat5 / tomcat5-admin-webapps / tomcat5-common-lib / etc\");\n }\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-01-11T14:56:43", "description": "From Red Hat Security Advisory 2010:0580 :\n\nUpdated tomcat5 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nA flaw was found in the way Tomcat handled the Transfer-Encoding header in HTTP requests. A specially crafted HTTP request could prevent Tomcat from sending replies, or cause Tomcat to return truncated replies, or replies containing data related to the requests of other users, for all subsequent HTTP requests. (CVE-2010-2227)\n\nThe Tomcat security update RHSA-2009:1164 did not, unlike the erratum text stated, provide a fix for CVE-2009-0781, a cross-site scripting (XSS) flaw in the examples calendar application. With some web browsers, remote attackers could use this flaw to inject arbitrary web script or HTML via the 'time' parameter. (CVE-2009-2696)\n\nTwo directory traversal flaws were found in the Tomcat deployment process. A specially crafted WAR file could, when deployed, cause a file to be created outside of the web root into any directory writable by the Tomcat user, or could lead to the deletion of files in the Tomcat host's work directory. (CVE-2009-2693, CVE-2009-2902)\n\nUsers of Tomcat should upgrade to these updated packages, which contain backported patches to resolve these issues. Tomcat must be restarted for this update to take effect.", "cvss3": {}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 5 : tomcat5 (ELSA-2010-0580)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-0781", "CVE-2009-2693", "CVE-2009-2696", "CVE-2009-2902", "CVE-2010-2227"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:tomcat5", "p-cpe:/a:oracle:linux:tomcat5-admin-webapps", "p-cpe:/a:oracle:linux:tomcat5-common-lib", "p-cpe:/a:oracle:linux:tomcat5-jasper", "p-cpe:/a:oracle:linux:tomcat5-jasper-javadoc", "p-cpe:/a:oracle:linux:tomcat5-jsp-2.0-api", "p-cpe:/a:oracle:linux:tomcat5-jsp-2.0-api-javadoc", "p-cpe:/a:oracle:linux:tomcat5-server-lib", "p-cpe:/a:oracle:linux:tomcat5-servlet-2.4-api", "p-cpe:/a:oracle:linux:tomcat5-servlet-2.4-api-javadoc", "p-cpe:/a:oracle:linux:tomcat5-webapps", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2010-0580.NASL", "href": "https://www.tenable.com/plugins/nessus/68076", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2010:0580 and \n# Oracle Linux Security Advisory ELSA-2010-0580 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68076);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0781\", \"CVE-2009-2693\", \"CVE-2009-2696\", \"CVE-2009-2902\", \"CVE-2010-2227\");\n script_xref(name:\"RHSA\", value:\"2010:0580\");\n\n script_name(english:\"Oracle Linux 5 : tomcat5 (ELSA-2010-0580)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2010:0580 :\n\nUpdated tomcat5 packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nA flaw was found in the way Tomcat handled the Transfer-Encoding\nheader in HTTP requests. A specially crafted HTTP request could\nprevent Tomcat from sending replies, or cause Tomcat to return\ntruncated replies, or replies containing data related to the requests\nof other users, for all subsequent HTTP requests. (CVE-2010-2227)\n\nThe Tomcat security update RHSA-2009:1164 did not, unlike the erratum\ntext stated, provide a fix for CVE-2009-0781, a cross-site scripting\n(XSS) flaw in the examples calendar application. With some web\nbrowsers, remote attackers could use this flaw to inject arbitrary web\nscript or HTML via the 'time' parameter. (CVE-2009-2696)\n\nTwo directory traversal flaws were found in the Tomcat deployment\nprocess. A specially crafted WAR file could, when deployed, cause a\nfile to be created outside of the web root into any directory writable\nby the Tomcat user, or could lead to the deletion of files in the\nTomcat host's work directory. (CVE-2009-2693, CVE-2009-2902)\n\nUsers of Tomcat should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. Tomcat must be\nrestarted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2010-August/001575.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat5 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(22, 79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-common-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-jasper-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-jsp-2.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-jsp-2.0-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-server-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-servlet-2.4-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-servlet-2.4-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/03/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-common-lib-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-jasper-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-server-lib-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-webapps-5.5.23-0jpp.9.el5_5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat5 / tomcat5-admin-webapps / tomcat5-common-lib / etc\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-01-11T15:20:06", "description": "Updated tomcat5 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nA flaw was found in the way Tomcat handled the Transfer-Encoding header in HTTP requests. A specially crafted HTTP request could prevent Tomcat from sending replies, or cause Tomcat to return truncated replies, or replies containing data related to the requests of other users, for all subsequent HTTP requests. (CVE-2010-2227)\n\nThe Tomcat security update RHSA-2009:1164 did not, unlike the erratum text stated, provide a fix for CVE-2009-0781, a cross-site scripting (XSS) flaw in the examples calendar application. With some web browsers, remote attackers could use this flaw to inject arbitrary web script or HTML via the 'time' parameter. (CVE-2009-2696)\n\nTwo directory traversal flaws were found in the Tomcat deployment process. A specially crafted WAR file could, when deployed, cause a file to be created outside of the web root into any directory writable by the Tomcat user, or could lead to the deletion of files in the Tomcat host's work directory. (CVE-2009-2693, CVE-2009-2902)\n\nUsers of Tomcat should upgrade to these updated packages, which contain backported patches to resolve these issues. Tomcat must be restarted for this update to take effect.", "cvss3": {}, "published": "2010-08-03T00:00:00", "type": "nessus", "title": "CentOS 5 : tomcat5 (CESA-2010:0580)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-0781", "CVE-2009-2693", "CVE-2009-2696", "CVE-2009-2902", "CVE-2010-2227"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:tomcat5", "p-cpe:/a:centos:centos:tomcat5-admin-webapps", "p-cpe:/a:centos:centos:tomcat5-common-lib", "p-cpe:/a:centos:centos:tomcat5-jasper", "p-cpe:/a:centos:centos:tomcat5-jasper-javadoc", "p-cpe:/a:centos:centos:tomcat5-jsp-2.0-api", "p-cpe:/a:centos:centos:tomcat5-jsp-2.0-api-javadoc", "p-cpe:/a:centos:centos:tomcat5-server-lib", "p-cpe:/a:centos:centos:tomcat5-servlet-2.4-api", "p-cpe:/a:centos:centos:tomcat5-servlet-2.4-api-javadoc", "p-cpe:/a:centos:centos:tomcat5-webapps", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2010-0580.NASL", "href": "https://www.tenable.com/plugins/nessus/48218", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0580 and \n# CentOS Errata and Security Advisory 2010:0580 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48218);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-0781\", \"CVE-2009-2693\", \"CVE-2009-2696\", \"CVE-2009-2902\", \"CVE-2010-2227\");\n script_xref(name:\"RHSA\", value:\"2010:0580\");\n\n script_name(english:\"CentOS 5 : tomcat5 (CESA-2010:0580)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated tomcat5 packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nA flaw was found in the way Tomcat handled the Transfer-Encoding\nheader in HTTP requests. A specially crafted HTTP request could\nprevent Tomcat from sending replies, or cause Tomcat to return\ntruncated replies, or replies containing data related to the requests\nof other users, for all subsequent HTTP requests. (CVE-2010-2227)\n\nThe Tomcat security update RHSA-2009:1164 did not, unlike the erratum\ntext stated, provide a fix for CVE-2009-0781, a cross-site scripting\n(XSS) flaw in the examples calendar application. With some web\nbrowsers, remote attackers could use this flaw to inject arbitrary web\nscript or HTML via the 'time' parameter. (CVE-2009-2696)\n\nTwo directory traversal flaws were found in the Tomcat deployment\nprocess. A specially crafted WAR file could, when deployed, cause a\nfile to be created outside of the web root into any directory writable\nby the Tomcat user, or could lead to the deletion of files in the\nTomcat host's work directory. (CVE-2009-2693, CVE-2009-2902)\n\nUsers of Tomcat should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. Tomcat must be\nrestarted for this update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-August/016858.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?765d4416\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-August/016859.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c24545c0\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat5 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(22, 79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-common-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-jasper-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-jsp-2.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-jsp-2.0-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-server-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-servlet-2.4-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-servlet-2.4-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/03/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-common-lib-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-jasper-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-server-lib-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-webapps-5.5.23-0jpp.9.el5_5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat5 / tomcat5-admin-webapps / tomcat5-common-lib / etc\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-01-11T14:27:17", "description": "A flaw was found in the way Tomcat handled the Transfer-Encoding header in HTTP requests. A specially crafted HTTP request could prevent Tomcat from sending replies, or cause Tomcat to return truncated replies, or replies containing data related to the requests of other users, for all subsequent HTTP requests. (CVE-2010-2227)\n\nThe Tomcat security update RHSA-2009:1164 did not, unlike the erratum text stated, provide a fix for CVE-2009-0781, a cross-site scripting (XSS) flaw in the examples calendar application. With some web browsers, remote attackers could use this flaw to inject arbitrary web script or HTML via the 'time' parameter. (CVE-2009-2696)\n\nTwo directory traversal flaws were found in the Tomcat deployment process. A specially crafted WAR file could, when deployed, cause a file to be created outside of the web root into any directory writable by the Tomcat user, or could lead to the deletion of files in the Tomcat host's work directory. (CVE-2009-2693, CVE-2009-2902)\n\nTomcat must be restarted for this update to take effect.", "cvss3": {}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : tomcat5 on SL5.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-0781", "CVE-2009-2693", "CVE-2009-2696", "CVE-2009-2902", "CVE-2010-2227"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20100802_TOMCAT5_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60828", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60828);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0781\", \"CVE-2009-2693\", \"CVE-2009-2696\", \"CVE-2009-2902\", \"CVE-2010-2227\");\n\n script_name(english:\"Scientific Linux Security Update : tomcat5 on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in the way Tomcat handled the Transfer-Encoding\nheader in HTTP requests. A specially crafted HTTP request could\nprevent Tomcat from sending replies, or cause Tomcat to return\ntruncated replies, or replies containing data related to the requests\nof other users, for all subsequent HTTP requests. (CVE-2010-2227)\n\nThe Tomcat security update RHSA-2009:1164 did not, unlike the erratum\ntext stated, provide a fix for CVE-2009-0781, a cross-site scripting\n(XSS) flaw in the examples calendar application. With some web\nbrowsers, remote attackers could use this flaw to inject arbitrary web\nscript or HTML via the 'time' parameter. (CVE-2009-2696)\n\nTwo directory traversal flaws were found in the Tomcat deployment\nprocess. A specially crafted WAR file could, when deployed, cause a\nfile to be created outside of the web root into any directory writable\nby the Tomcat user, or could lead to the deletion of files in the\nTomcat host's work directory. (CVE-2009-2693, CVE-2009-2902)\n\nTomcat must be restarted for this update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1008&L=scientific-linux-errata&T=0&P=412\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?76cc914b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_cwe_id(22, 79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-common-lib-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-jasper-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-server-lib-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-webapps-5.5.23-0jpp.9.el5_5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-01-11T14:24:47", "description": "The remote host is affected by the vulnerability described in GLSA-201206-24 (Apache Tomcat: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Apache Tomcat. Please review the CVE identifiers referenced below for details.\n Impact :\n\n The vulnerabilities allow an attacker to cause a Denial of Service, to hijack a session, to bypass authentication, to inject webscript, to enumerate valid usernames, to read, modify and overwrite arbitrary files, to bypass intended access restrictions, to delete work-directory files, to discover the server’s hostname or IP, to bypass read permissions for files or HTTP headers, to read or write files outside of the intended working directory, and to obtain sensitive information by reading a log file.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "baseScore": 4.2, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.4}, "published": "2012-06-25T00:00:00", "type": "nessus", "title": "GLSA-201206-24 : Apache Tomcat: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5515", "CVE-2009-0033", "CVE-2009-0580", "CVE-2009-0781", "CVE-2009-0783", "CVE-2009-2693", "CVE-2009-2901", "CVE-2009-2902", "CVE-2010-1157", "CVE-2010-2227", "CVE-2010-3718", "CVE-2010-4172", "CVE-2010-4312", "CVE-2011-0013", "CVE-2011-0534", "CVE-2011-1088", "CVE-2011-1183", "CVE-2011-1184", "CVE-2011-1419", "CVE-2011-1475", "CVE-2011-1582", "CVE-2011-2204", "CVE-2011-2481", "CVE-2011-2526", "CVE-2011-2729", "CVE-2011-3190", "CVE-2011-3375", "CVE-2011-4858", "CVE-2011-5062", "CVE-2011-5063", "CVE-2011-5064", "CVE-2012-0022"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:tomcat", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201206-24.NASL", "href": "https://www.tenable.com/plugins/nessus/59677", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201206-24.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59677);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-5515\", \"CVE-2009-0033\", \"CVE-2009-0580\", \"CVE-2009-0781\", \"CVE-2009-0783\", \"CVE-2009-2693\", \"CVE-2009-2901\", \"CVE-2009-2902\", \"CVE-2010-1157\", \"CVE-2010-2227\", \"CVE-2010-3718\", \"CVE-2010-4172\", \"CVE-2010-4312\", \"CVE-2011-0013\", \"CVE-2011-0534\", \"CVE-2011-1088\", \"CVE-2011-1183\", \"CVE-2011-1184\", \"CVE-2011-1419\", \"CVE-2011-1475\", \"CVE-2011-1582\", \"CVE-2011-2204\", \"CVE-2011-2481\", \"CVE-2011-2526\", \"CVE-2011-2729\", \"CVE-2011-3190\", \"CVE-2011-3375\", \"CVE-2011-4858\", \"CVE-2011-5062\", \"CVE-2011-5063\", \"CVE-2011-5064\", \"CVE-2012-0022\");\n script_bugtraq_id(35193, 35196, 35263, 35416, 37942, 37944, 37945, 39635, 41544, 45015, 46164, 46174, 46177, 46685, 47196, 47199, 47886, 48456, 48667, 49143, 49147, 49353, 49762, 51200, 51442, 51447);\n script_xref(name:\"GLSA\", value:\"201206-24\");\n\n script_name(english:\"GLSA-201206-24 : Apache Tomcat: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201206-24\n(Apache Tomcat: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Apache Tomcat. Please\n review the CVE identifiers referenced below for details.\n \nImpact :\n\n The vulnerabilities allow an attacker to cause a Denial of Service, to\n hijack a session, to bypass authentication, to inject webscript, to\n enumerate valid usernames, to read, modify and overwrite arbitrary files,\n to bypass intended access restrictions, to delete work-directory files,\n to discover the server’s hostname or IP, to bypass read permissions for\n files or HTTP headers, to read or write files outside of the intended\n working directory, and to obtain sensitive information by reading a log\n file.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201206-24\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Apache Tomcat 6.0.x users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/tomcat-6.0.35'\n All Apache Tomcat 7.0.x users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/tomcat-7.0.23'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(20, 22, 79, 200, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-servers/tomcat\", unaffected:make_list(\"rge 6.0.35\", \"ge 7.0.23\", \"rge 6.0.44\", \"rge 6.0.45\", \"rge 6.0.46\", \"rge 6.0.47\", \"rge 6.0.48\"), vulnerable:make_list(\"lt 7.0.23\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Apache Tomcat\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:37:08", "description": "The remote host is running a version of Mac OS X 10.6 that does not have Security Update 2011-006 applied. This update contains numerous security-related fixes for the following components :\n\n - Apache\n - Application Firewall\n - ATS\n - BIND\n - Certificate Trust Policy\n - CFNetwork\n - CoreFoundation\n - CoreMedia\n - File Systems\n - IOGraphics\n - iChat Server\n - Mailman\n - MediaKit\n - PHP\n - postfix\n - python\n - QuickTime\n - Tomcat\n - User Documentation\n - Web Server\n - X11", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2011-10-13T00:00:00", "type": "nessus", "title": "Mac OS X Multiple Vulnerabilities (Security Update 2011-006)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-4022", "CVE-2010-0097", "CVE-2010-1157", "CVE-2010-1634", "CVE-2010-2089", "CVE-2010-2227", "CVE-2010-3436", "CVE-2010-3613", "CVE-2010-3614", "CVE-2010-3718", "CVE-2010-4172", "CVE-2010-4645", "CVE-2011-0013", "CVE-2011-0185", "CVE-2011-0224", "CVE-2011-0229", "CVE-2011-0230", "CVE-2011-0231", "CVE-2011-0249", "CVE-2011-0250", "CVE-2011-0251", "CVE-2011-0252", "CVE-2011-0259", "CVE-2011-0411", "CVE-2011-0419", "CVE-2011-0420", "CVE-2011-0421", "CVE-2011-0534", "CVE-2011-0707", "CVE-2011-0708", "CVE-2011-1092", "CVE-2011-1153", "CVE-2011-1466", "CVE-2011-1467", "CVE-2011-1468", "CVE-2011-1469", "CVE-2011-1470", "CVE-2011-1471", "CVE-2011-1521", "CVE-2011-1755", "CVE-2011-1910", "CVE-2011-2464", "CVE-2011-2690", "CVE-2011-2691", "CVE-2011-2692", "CVE-2011-3192", "CVE-2011-3213", "CVE-2011-3214", "CVE-2011-3217", "CVE-2011-3218", "CVE-2011-3219", "CVE-2011-3220", "CVE-2011-3221", "CVE-2011-3222", "CVE-2011-3223", "CVE-2011-3224", "CVE-2011-3228"], "modified": "2018-07-14T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_SECUPD2011-006.NASL", "href": "https://www.tenable.com/plugins/nessus/56481", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\nif (!defined_func(\"bn_random\")) exit(0);\nif (NASL_LEVEL < 3000) exit(0); # Avoid problems with large number of xrefs.\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(56481);\n script_version(\"1.27\");\n script_cvs_date(\"Date: 2018/07/14 1:59:35\");\n\n script_cve_id(\n \"CVE-2009-4022\",\n \"CVE-2010-0097\",\n \"CVE-2010-1157\",\n \"CVE-2010-1634\",\n \"CVE-2010-2089\",\n \"CVE-2010-2227\",\n \"CVE-2010-3436\",\n \"CVE-2010-3613\",\n \"CVE-2010-3614\",\n \"CVE-2010-3718\",\n \"CVE-2010-4172\",\n \"CVE-2010-4645\",\n \"CVE-2011-0013\",\n \"CVE-2011-0185\",\n \"CVE-2011-0224\",\n \"CVE-2011-0229\",\n \"CVE-2011-0230\",\n \"CVE-2011-0231\",\n \"CVE-2011-0249\",\n \"CVE-2011-0250\",\n \"CVE-2011-0251\",\n \"CVE-2011-0252\",\n \"CVE-2011-0259\",\n \"CVE-2011-0411\",\n \"CVE-2011-0419\",\n \"CVE-2011-0420\",\n \"CVE-2011-0421\",\n \"CVE-2011-0534\",\n \"CVE-2011-0707\",\n \"CVE-2011-0708\",\n \"CVE-2011-1092\",\n \"CVE-2011-1153\",\n \"CVE-2011-1466\",\n \"CVE-2011-1467\",\n \"CVE-2011-1468\",\n \"CVE-2011-1469\",\n \"CVE-2011-1470\",\n \"CVE-2011-1471\",\n \"CVE-2011-1521\",\n \"CVE-2011-1755\",\n \"CVE-2011-1910\",\n \"CVE-2011-2464\",\n \"CVE-2011-2690\",\n \"CVE-2011-2691\",\n \"CVE-2011-2692\",\n \"CVE-2011-3192\",\n \"CVE-2011-3213\",\n \"CVE-2011-3214\",\n \"CVE-2011-3217\",\n \"CVE-2011-3218\",\n \"CVE-2011-3219\",\n \"CVE-2011-3220\",\n \"CVE-2011-3221\",\n \"CVE-2011-3222\",\n \"CVE-2011-3223\",\n \"CVE-2011-3224\",\n \"CVE-2011-3228\"\n );\n script_bugtraq_id(\n 37118,\n 37865,\n 39635,\n 40370,\n 40863,\n 41544,\n 44723,\n 45015,\n 45133,\n 45137,\n 45668,\n 46164,\n 46174,\n 46177,\n 46354,\n 46365,\n 46429,\n 46464,\n 46767,\n 46786,\n 46854,\n 46967,\n 46968,\n 46969,\n 46970,\n 46975,\n 46977,\n 48007,\n 48250,\n 48566,\n 48618,\n 48660,\n 49303,\n 50085,\n 50091,\n 50092,\n 50095,\n 50098,\n 50100,\n 50101,\n 50111,\n 50116,\n 50117,\n 50122,\n 50127,\n 50130,\n 50131,\n 50150 \n );\n\n script_name(english:\"Mac OS X Multiple Vulnerabilities (Security Update 2011-006)\");\n script_summary(english:\"Check for the presence of Security Update 2011-006\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote host is missing a Mac OS X update that fixes several\nsecurity issues.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is running a version of Mac OS X 10.6 that does not\nhave Security Update 2011-006 applied. This update contains numerous\nsecurity-related fixes for the following components :\n\n - Apache\n - Application Firewall\n - ATS\n - BIND\n - Certificate Trust Policy\n - CFNetwork\n - CoreFoundation\n - CoreMedia\n - File Systems\n - IOGraphics\n - iChat Server\n - Mailman\n - MediaKit\n - PHP\n - postfix\n - python\n - QuickTime\n - Tomcat\n - User Documentation\n - Web Server\n - X11\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-11-295/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-11-303/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-12-136/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/523931/30/0/threaded\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT5002\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.apple.com/archives/security-announce/2011/Oct/msg00003.html\");\n script_set_attribute(attribute:\"solution\", value:\"Install Security Update 2011-006 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/11/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"Host/MacOSX/packages/boms\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) exit(0, \"The host does not appear to be running Mac OS X.\");\n\n\nif (ereg(pattern:\"Mac OS X 10\\.6([^0-9]|$)\", string:os)) \n{\n packages = get_kb_item_or_exit(\"Host/MacOSX/packages/boms\", exit_code:1);\n\n if (egrep(pattern:\"^com\\.apple\\.pkg\\.update\\.security\\.(2011\\.00[6-9]|201[2-9]\\.[0-9]+)(\\.snowleopard[0-9.]*)?\\.bom\", string:packages)) \n exit(0, \"The host has Security Update 2011-006 or later installed and therefore is not affected.\");\n else \n security_hole(0);\n}\nelse exit(0, \"The host is running \"+os+\" and therefore is not affected.\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T16:35:27", "description": "The remote VMware ESX / ESXi host is missing a security-related patch.\nIt is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party components and libraries :\n\n - Apache Tomcat \n - Apache Tomcat Manager\n - cURL \n - Java Runtime Environment (JRE)\n - Kernel \n - Microsoft SQL Express\n - OpenSSL\n - pam_krb5", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-03-04T00:00:00", "type": "nessus", "title": "VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0003) (remote check)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-0085", "CVE-2008-0086", "CVE-2008-0106", "CVE-2008-0107", "CVE-2008-3825", "CVE-2008-5416", "CVE-2009-1384", "CVE-2009-2693", "CVE-2009-2901", "CVE-2009-2902", "CVE-2009-3548", "CVE-2009-3555", "CVE-2009-4308", "CVE-2010-0003", "CVE-2010-0007", "CVE-2010-0008", "CVE-2010-0082", "CVE-2010-0084", "CVE-2010-0085", "CVE-2010-0087", "CVE-2010-0088", "CVE-2010-0089", "CVE-2010-0090", "CVE-2010-0091", "CVE-2010-0092", "CVE-2010-0093", "CVE-2010-0094", "CVE-2010-0095", "CVE-2010-0291", "CVE-2010-0307", "CVE-2010-0410", "CVE-2010-0415", "CVE-2010-0433", "CVE-2010-0437", "CVE-2010-0622", "CVE-2010-0730", "CVE-2010-0734", "CVE-2010-0740", "CVE-2010-0837", "CVE-2010-0838", "CVE-2010-0839", "CVE-2010-0840", "CVE-2010-0841", "CVE-2010-0842", "CVE-2010-0843", "CVE-2010-0844", "CVE-2010-0845", "CVE-2010-0846", "CVE-2010-0847", "CVE-2010-0848", "CVE-2010-0849", "CVE-2010-0850", "CVE-2010-0886", "CVE-2010-1084", "CVE-2010-1085", "CVE-2010-1086", "CVE-2010-1087", "CVE-2010-1088", "CVE-2010-1157", "CVE-2010-1173", "CVE-2010-1187", "CVE-2010-1321", "CVE-2010-1436", "CVE-2010-1437", "CVE-2010-1641", "CVE-2010-2066", "CVE-2010-2070", "CVE-2010-2226", "CVE-2010-2227", "CVE-2010-2240", "CVE-2010-2248", "CVE-2010-2521", "CVE-2010-2524", "CVE-2010-2928", "CVE-2010-2939", "CVE-2010-3081", "CVE-2010-3541", "CVE-2010-3548", "CVE-2010-3549", "CVE-2010-3550", "CVE-2010-3551", "CVE-2010-3553", "CVE-2010-3554", "CVE-2010-3556", "CVE-2010-3557", "CVE-2010-3559", "CVE-2010-3561", "CVE-2010-3562", "CVE-2010-3565", "CVE-2010-3566", "CVE-2010-3567", "CVE-2010-3568", "CVE-2010-3569", "CVE-2010-3571", "CVE-2010-3572", "CVE-2010-3573", "CVE-2010-3574", "CVE-2010-3864"], "modified": "2022-05-25T00:00:00", "cpe": ["cpe:/o:vmware:esx", "cpe:/o:vmware:esxi"], "id": "VMWARE_VMSA-2011-0003_REMOTE.NASL", "href": "https://www.tenable.com/plugins/nessus/89674", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89674);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/25\");\n\n script_cve_id(\n \"CVE-2008-0085\",\n \"CVE-2008-0086\",\n \"CVE-2008-0106\",\n \"CVE-2008-0107\",\n \"CVE-2008-3825\",\n \"CVE-2008-5416\",\n \"CVE-2009-1384\",\n \"CVE-2009-2693\",\n \"CVE-2009-2901\",\n \"CVE-2009-2902\",\n \"CVE-2009-3548\",\n \"CVE-2009-3555\",\n \"CVE-2009-4308\",\n \"CVE-2010-0003\",\n \"CVE-2010-0007\",\n \"CVE-2010-0008\",\n \"CVE-2010-0082\",\n \"CVE-2010-0084\",\n \"CVE-2010-0085\",\n \"CVE-2010-0087\",\n \"CVE-2010-0088\",\n \"CVE-2010-0089\",\n \"CVE-2010-0090\",\n \"CVE-2010-0091\",\n \"CVE-2010-0092\",\n \"CVE-2010-0093\",\n \"CVE-2010-0094\",\n \"CVE-2010-0095\",\n \"CVE-2010-0291\",\n \"CVE-2010-0307\",\n \"CVE-2010-0410\",\n \"CVE-2010-0415\",\n \"CVE-2010-0433\",\n \"CVE-2010-0437\",\n \"CVE-2010-0622\",\n \"CVE-2010-0730\",\n \"CVE-2010-0734\",\n \"CVE-2010-0740\",\n \"CVE-2010-0837\",\n \"CVE-2010-0838\",\n \"CVE-2010-0839\",\n \"CVE-2010-0840\",\n \"CVE-2010-0841\",\n \"CVE-2010-0842\",\n \"CVE-2010-0843\",\n \"CVE-2010-0844\",\n \"CVE-2010-0845\",\n \"CVE-2010-0846\",\n \"CVE-2010-0847\",\n \"CVE-2010-0848\",\n \"CVE-2010-0849\",\n \"CVE-2010-0850\",\n \"CVE-2010-0886\",\n \"CVE-2010-1084\",\n \"CVE-2010-1085\",\n \"CVE-2010-1086\",\n \"CVE-2010-1087\",\n \"CVE-2010-1088\",\n \"CVE-2010-1157\",\n \"CVE-2010-1173\",\n \"CVE-2010-1187\",\n \"CVE-2010-1321\",\n \"CVE-2010-1436\",\n \"CVE-2010-1437\",\n \"CVE-2010-1641\",\n \"CVE-2010-2066\",\n \"CVE-2010-2070\",\n \"CVE-2010-2226\",\n \"CVE-2010-2227\",\n \"CVE-2010-2240\",\n \"CVE-2010-2248\",\n \"CVE-2010-2521\",\n \"CVE-2010-2524\",\n \"CVE-2010-2928\",\n \"CVE-2010-2939\",\n \"CVE-2010-3081\",\n \"CVE-2010-3541\",\n \"CVE-2010-3548\",\n \"CVE-2010-3549\",\n \"CVE-2010-3550\",\n \"CVE-2010-3551\",\n \"CVE-2010-3553\",\n \"CVE-2010-3554\",\n \"CVE-2010-3556\",\n \"CVE-2010-3557\",\n \"CVE-2010-3559\",\n \"CVE-2010-3561\",\n \"CVE-2010-3562\",\n \"CVE-2010-3565\",\n \"CVE-2010-3566\",\n \"CVE-2010-3567\",\n \"CVE-2010-3568\",\n \"CVE-2010-3569\",\n \"CVE-2010-3571\",\n \"CVE-2010-3572\",\n \"CVE-2010-3573\",\n \"CVE-2010-3574\",\n \"CVE-2010-3864\"\n );\n script_bugtraq_id(\n 30082,\n 30083,\n 30118,\n 30119,\n 31534,\n 32710,\n 35112,\n 36935,\n 36954,\n 37724,\n 37762,\n 37906,\n 37942,\n 37944,\n 37945,\n 38027,\n 38058,\n 38144,\n 38162,\n 38165,\n 38185,\n 38348,\n 38479,\n 38533,\n 38857,\n 38898,\n 39013,\n 39044,\n 39062,\n 39067,\n 39068,\n 39069,\n 39070,\n 39071,\n 39072,\n 39073,\n 39075,\n 39077,\n 39078,\n 39081,\n 39082,\n 39083,\n 39084,\n 39085,\n 39086,\n 39088,\n 39089,\n 39090,\n 39091,\n 39093,\n 39094,\n 39095,\n 39096,\n 39120,\n 39492,\n 39569,\n 39635,\n 39715,\n 39719,\n 39794,\n 39979,\n 40235,\n 40356,\n 40776,\n 40920,\n 41466,\n 41544,\n 41904,\n 42242,\n 42249,\n 42306,\n 43239,\n 43965,\n 43971,\n 43979,\n 43985,\n 43988,\n 43992,\n 43994,\n 44009,\n 44011,\n 44012,\n 44013,\n 44014,\n 44016,\n 44017,\n 44026,\n 44027,\n 44028,\n 44030,\n 44032,\n 44035,\n 44040,\n 44884\n );\n script_xref(name:\"VMSA\", value:\"2011-0003\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/15\");\n\n script_name(english:\"VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0003) (remote check)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote VMware ESX / ESXi host is missing a security-related patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote VMware ESX / ESXi host is missing a security-related patch.\nIt is, therefore, affected by multiple vulnerabilities, including\nremote code execution vulnerabilities, in several third-party\ncomponents and libraries :\n\n - Apache Tomcat \n - Apache Tomcat Manager\n - cURL \n - Java Runtime Environment (JRE)\n - Kernel \n - Microsoft SQL Express\n - OpenSSL\n - pam_krb5\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/security/advisories/VMSA-2011-0003\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.vmware.com/pipermail/security-announce/2011/000140.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the vendor advisory that\npertains to ESX version 4.0 / 4.1 or ESXi version 4.0 / 4.1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2010-3574\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2010-3081\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java Web Start Plugin Command Line Argument Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n script_cwe_id(20, 22, 119, 189, 200, 255, 264, 287, 310, 399);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/07/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"vmware_vsphere_detect.nbin\");\n script_require_keys(\"Host/VMware/version\", \"Host/VMware/release\");\n script_require_ports(\"Host/VMware/vsphere\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nver = get_kb_item_or_exit(\"Host/VMware/version\");\nrel = get_kb_item_or_exit(\"Host/VMware/release\");\nport = get_kb_item_or_exit(\"Host/VMware/vsphere\");\nesx = '';\n\nif (\"ESX\" >!< rel)\n audit(AUDIT_OS_NOT, \"VMware ESX/ESXi\");\n\nextract = eregmatch(pattern:\"^(ESXi?) (\\d\\.\\d).*$\", string:ver);\nif (isnull(extract))\n audit(AUDIT_UNKNOWN_APP_VER, \"VMware ESX/ESXi\");\nelse\n{\n esx = extract[1];\n ver = extract[2];\n}\n\n# fixed build numbers are the same for ESX and ESXi\nfixes = make_array(\n \"4.0\", \"360236\",\n \"4.1\", \"348481\"\n );\n\nfix = FALSE;\nfix = fixes[ver];\n\n# get the build before checking the fix for the most complete audit trail\nextract = eregmatch(pattern:'^VMware ESXi?.* build-([0-9]+)$', string:rel);\nif (isnull(extract))\n audit(AUDIT_UNKNOWN_BUILD, \"VMware \" + esx, ver);\n\nbuild = int(extract[1]);\n\n# if there is no fix in the array, fix is FALSE\nif (!fix)\n audit(AUDIT_INST_VER_NOT_VULN, \"VMware \" + esx, ver, build);\n\nif (build < fix)\n{\n\n report = '\\n Version : ' + esx + \" \" + ver +\n '\\n Installed build : ' + build +\n '\\n Fixed build : ' + fix +\n '\\n';\n security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);\n exit(0);\n}\nelse\n audit(AUDIT_INST_VER_NOT_VULN, \"VMware \" + esx, ver, build);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:22:59", "description": "a. vCenter Server and vCenter Update Manager update Microsoft SQL Server 2005 Express Edition to Service Pack 3\n\n Microsoft SQL Server 2005 Express Edition (SQL Express) distributed with vCenter Server 4.1 Update 1 and vCenter Update Manager 4.1 Update 1 is upgraded from SQL Express Service Pack 2 to SQL Express Service Pack 3, to address multiple security issues that exist in the earlier releases of Microsoft SQL Express.\n\n Customers using other database solutions need not update for these issues.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-5416, CVE-2008-0085, CVE-2008-0086, CVE-2008-0107 and CVE-2008-0106 to the issues addressed in MS SQL Express Service Pack 3.\n\nb. vCenter Apache Tomcat Management Application Credential Disclosure\n\n The Apache Tomcat Manager application configuration file contains logon credentials that can be read by unprivileged local users.\n\n The issue is resolved by removing the Manager application in vCenter 4.1 Update 1.\n\n If vCenter 4.1 is updated to vCenter 4.1 Update 1 the logon credentials are not present in the configuration file after the update.\n\n VMware would like to thank Claudio Criscione of Secure Networking for reporting this issue to us.\n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-2928 to this issue.\n\nc. vCenter Server and ESX, Oracle (Sun) JRE is updated to version 1.6.0_21\n\n Oracle (Sun) JRE update to version 1.6.0_21, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Oracle (Sun) JRE 1.6.0_19: CVE-2009-3555, CVE-2010-0082, CVE-2010-0084, CVE-2010-0085, CVE-2010-0087, CVE-2010-0088, CVE-2010-0089, CVE-2010-0090, CVE-2010-0091, CVE-2010-0092, CVE-2010-0093, CVE-2010-0094, CVE-2010-0095, CVE-2010-0837, CVE-2010-0838, CVE-2010-0839, CVE-2010-0840, CVE-2010-0841, CVE-2010-0842, CVE-2010-0843, CVE-2010-0844, CVE-2010-0845, CVE-2010-0846, CVE-2010-0847, CVE-2010-0848, CVE-2010-0849, CVE-2010-0850.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following name to the security issue fixed in Oracle (Sun) JRE 1.6.0_20: CVE-2010-0886.\n\nd. vCenter Update Manager Oracle (Sun) JRE is updated to version 1.5.0_26\n\n Oracle (Sun) JRE update to version 1.5.0_26, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Oracle (Sun) JRE 1.5.0_26: CVE-2010-3556, CVE-2010-3566, CVE-2010-3567, CVE-2010-3550, CVE-2010-3561, CVE-2010-3573, CVE-2010-3565,CVE-2010-3568, CVE-2010-3569, CVE-2009-3555, CVE-2010-1321, CVE-2010-3548, CVE-2010-3551, CVE-2010-3562, CVE-2010-3571, CVE-2010-3554, CVE-2010-3559, CVE-2010-3572, CVE-2010-3553, CVE-2010-3549, CVE-2010-3557, CVE-2010-3541, CVE-2010-3574.\n\ne. vCenter Server and ESX Apache Tomcat updated to version 6.0.28\n\n Apache Tomcat updated to version 6.0.28, which addresses multiple security issues that existed in earlier releases of Apache Tomcat\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.24: CVE-2009-2693, CVE-2009-2901, CVE-2009-2902,i and CVE-2009-3548.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.28: CVE-2010-2227, CVE-2010-1157.\n\nf. vCenter Server third-party component OpenSSL updated to version 0.9.8n\n\n The version of the OpenSSL library in vCenter Server is updated to 0.9.8n.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-0740 and CVE-2010-0433 to the issues addressed in this version of OpenSSL.\n\ng. ESX third-party component OpenSSL updated to version 0.9.8p\n\n The version of the ESX OpenSSL library is updated to 0.9.8p.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-3864 and CVE-2010-2939 to the issues addressed in this update.\n\nh. ESXi third-party component cURL updated\n\n The version of cURL library in ESXi is updated.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-0734 to the issues addressed in this update.\n\ni. ESX third-party component pam_krb5 updated\n\n The version of pam_krb5 library is updated.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-3825 and CVE-2009-1384 to the issues addressed in the update.\n\nj. ESX third-party update for Service Console kernel\n\n The Service Console kernel is updated to include kernel version 2.6.18-194.11.1.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-1084, CVE-2010-2066, CVE-2010-2070, CVE-2010-2226, CVE-2010-2248, CVE-2010-2521, CVE-2010-2524, CVE-2010-0008, CVE-2010-0415, CVE-2010-0437, CVE-2009-4308, CVE-2010-0003, CVE-2010-0007, CVE-2010-0307, CVE-2010-1086, CVE-2010-0410, CVE-2010-0730, CVE-2010-1085, CVE-2010-0291, CVE-2010-0622, CVE-2010-1087, CVE-2010-1173, CVE-2010-1437, CVE-2010-1088, CVE-2010-1187, CVE-2010-1436, CVE-2010-1641, and CVE-2010-3081 to the issues addressed in the update.\n\n Notes :\n - The update also addresses the 64-bit compatibility mode stack pointer underflow issue identified by CVE-2010-3081. This issue was patched in an ESX 4.1 patch prior to the release of ESX 4.1 Update 1 and in a previous ESX 4.0 patch release.\n - The update also addresses CVE-2010-2240 for ESX 4.0.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2011-02-14T00:00:00", "type": "nessus", "title": "VMSA-2011-0003 : Third-party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-0085", "CVE-2008-0086", "CVE-2008-0106", "CVE-2008-0107", "CVE-2008-3825", "CVE-2008-5416", "CVE-2009-1384", "CVE-2009-2693", "CVE-2009-2901", "CVE-2009-2902", "CVE-2009-3548", "CVE-2009-3555", "CVE-2009-4308", "CVE-2010-0003", "CVE-2010-0007", "CVE-2010-0008", "CVE-2010-0082", "CVE-2010-0084", "CVE-2010-0085", "CVE-2010-0087", "CVE-2010-0088", "CVE-2010-0089", "CVE-2010-0090", "CVE-2010-0091", "CVE-2010-0092", "CVE-2010-0093", "CVE-2010-0094", "CVE-2010-0095", "CVE-2010-0291", "CVE-2010-0307", "CVE-2010-0410", "CVE-2010-0415", "CVE-2010-0433", "CVE-2010-0437", "CVE-2010-0622", "CVE-2010-0730", "CVE-2010-0734", "CVE-2010-0740", "CVE-2010-0837", "CVE-2010-0838", "CVE-2010-0839", "CVE-2010-0840", "CVE-2010-0841", "CVE-2010-0842", "CVE-2010-0843", "CVE-2010-0844", "CVE-2010-0845", "CVE-2010-0846", "CVE-2010-0847", "CVE-2010-0848", "CVE-2010-0849", "CVE-2010-0850", "CVE-2010-0886", "CVE-2010-1084", "CVE-2010-1085", "CVE-2010-1086", "CVE-2010-1087", "CVE-2010-1088", "CVE-2010-1157", "CVE-2010-1173", "CVE-2010-1187", "CVE-2010-1321", "CVE-2010-1436", "CVE-2010-1437", "CVE-2010-1641", "CVE-2010-2066", "CVE-2010-2070", "CVE-2010-2226", "CVE-2010-2227", "CVE-2010-2240", "CVE-2010-2248", "CVE-2010-2521", "CVE-2010-2524", "CVE-2010-2928", "CVE-2010-2939", "CVE-2010-3081", "CVE-2010-3541", "CVE-2010-3548", "CVE-2010-3549", "CVE-2010-3550", "CVE-2010-3551", "CVE-2010-3553", "CVE-2010-3554", "CVE-2010-3556", "CVE-2010-3557", "CVE-2010-3559", "CVE-2010-3561", "CVE-2010-3562", "CVE-2010-3565", "CVE-2010-3566", "CVE-2010-3567", "CVE-2010-3568", "CVE-2010-3569", "CVE-2010-3571", "CVE-2010-3572", "CVE-2010-3573", "CVE-2010-3574", "CVE-2010-3864"], "modified": "2022-05-25T00:00:00", "cpe": ["cpe:/o:vmware:esx:4.0", "cpe:/o:vmware:esx:4.1", "cpe:/o:vmware:esxi:4.0", "cpe:/o:vmware:esxi:4.1"], "id": "VMWARE_VMSA-2011-0003.NASL", "href": "https://www.tenable.com/plugins/nessus/51971", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from VMware Security Advisory 2011-0003. \n# The text itself is copyright (C) VMware Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(51971);\n script_version(\"1.46\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/25\");\n\n script_cve_id(\n \"CVE-2008-0085\",\n \"CVE-2008-0086\",\n \"CVE-2008-0106\",\n \"CVE-2008-0107\",\n \"CVE-2008-3825\",\n \"CVE-2008-5416\",\n \"CVE-2009-1384\",\n \"CVE-2009-2693\",\n \"CVE-2009-2901\",\n \"CVE-2009-2902\",\n \"CVE-2009-3548\",\n \"CVE-2009-3555\",\n \"CVE-2009-4308\",\n \"CVE-2010-0003\",\n \"CVE-2010-0007\",\n \"CVE-2010-0008\",\n \"CVE-2010-0082\",\n \"CVE-2010-0084\",\n \"CVE-2010-0085\",\n \"CVE-2010-0087\",\n \"CVE-2010-0088\",\n \"CVE-2010-0089\",\n \"CVE-2010-0090\",\n \"CVE-2010-0091\",\n \"CVE-2010-0092\",\n \"CVE-2010-0093\",\n \"CVE-2010-0094\",\n \"CVE-2010-0095\",\n \"CVE-2010-0291\",\n \"CVE-2010-0307\",\n \"CVE-2010-0410\",\n \"CVE-2010-0415\",\n \"CVE-2010-0433\",\n \"CVE-2010-0437\",\n \"CVE-2010-0622\",\n \"CVE-2010-0730\",\n \"CVE-2010-0734\",\n \"CVE-2010-0740\",\n \"CVE-2010-0837\",\n \"CVE-2010-0838\",\n \"CVE-2010-0839\",\n \"CVE-2010-0840\",\n \"CVE-2010-0841\",\n \"CVE-2010-0842\",\n \"CVE-2010-0843\",\n \"CVE-2010-0844\",\n \"CVE-2010-0845\",\n \"CVE-2010-0846\",\n \"CVE-2010-0847\",\n \"CVE-2010-0848\",\n \"CVE-2010-0849\",\n \"CVE-2010-0850\",\n \"CVE-2010-0886\",\n \"CVE-2010-1084\",\n \"CVE-2010-1085\",\n \"CVE-2010-1086\",\n \"CVE-2010-1087\",\n \"CVE-2010-1088\",\n \"CVE-2010-1157\",\n \"CVE-2010-1173\",\n \"CVE-2010-1187\",\n \"CVE-2010-1321\",\n \"CVE-2010-1436\",\n \"CVE-2010-1437\",\n \"CVE-2010-1641\",\n \"CVE-2010-2066\",\n \"CVE-2010-2070\",\n \"CVE-2010-2226\",\n \"CVE-2010-2227\",\n \"CVE-2010-2240\",\n \"CVE-2010-2248\",\n \"CVE-2010-2521\",\n \"CVE-2010-2524\",\n \"CVE-2010-2928\",\n \"CVE-2010-2939\",\n \"CVE-2010-3081\",\n \"CVE-2010-3541\",\n \"CVE-2010-3548\",\n \"CVE-2010-3549\",\n \"CVE-2010-3550\",\n \"CVE-2010-3551\",\n \"CVE-2010-3553\",\n \"CVE-2010-3554\",\n \"CVE-2010-3556\",\n \"CVE-2010-3557\",\n \"CVE-2010-3559\",\n \"CVE-2010-3561\",\n \"CVE-2010-3562\",\n \"CVE-2010-3565\",\n \"CVE-2010-3566\",\n \"CVE-2010-3567\",\n \"CVE-2010-3568\",\n \"CVE-2010-3569\",\n \"CVE-2010-3571\",\n \"CVE-2010-3572\",\n \"CVE-2010-3573\",\n \"CVE-2010-3574\",\n \"CVE-2010-3864\"\n );\n script_bugtraq_id(\n 30082,\n 30083,\n 30118,\n 30119,\n 31534,\n 32710,\n 35112,\n 36935,\n 36954,\n 37724,\n 37762,\n 37906,\n 37942,\n 37944,\n 37945,\n 38027,\n 38058,\n 38144,\n 38162,\n 38165,\n 38185,\n 38348,\n 38479,\n 38533,\n 38857,\n 38898,\n 39013,\n 39044,\n 39062,\n 39067,\n 39068,\n 39069,\n 39070,\n 39071,\n 39072,\n 39073,\n 39075,\n 39077,\n 39078,\n 39081,\n 39082,\n 39083,\n 39084,\n 39085,\n 39086,\n 39088,\n 39089,\n 39090,\n 39091,\n 39093,\n 39094,\n 39095,\n 39096,\n 39120,\n 39492,\n 39569,\n 39635,\n 39715,\n 39719,\n 39794,\n 39979,\n 40235,\n 40356,\n 40776,\n 40920,\n 41466,\n 41544,\n 41904,\n 42242,\n 42249,\n 42306,\n 43239,\n 43965,\n 43971,\n 43979,\n 43985,\n 43988,\n 43992,\n 43994,\n 44009,\n 44011,\n 44012,\n 44013,\n 44014,\n 44016,\n 44017,\n 44026,\n 44027,\n 44028,\n 44030,\n 44032,\n 44035,\n 44040,\n 44884\n );\n script_xref(name:\"VMSA\", value:\"2011-0003\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/15\");\n\n script_name(english:\"VMSA-2011-0003 : Third-party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote VMware ESXi / ESX host is missing one or more\nsecurity-related patches.\");\n script_set_attribute(attribute:\"description\", value:\n\"a. vCenter Server and vCenter Update Manager update Microsoft\n SQL Server 2005 Express Edition to Service Pack 3\n\n Microsoft SQL Server 2005 Express Edition (SQL Express)\n distributed with vCenter Server 4.1 Update 1 and vCenter Update\n Manager 4.1 Update 1 is upgraded from SQL Express Service Pack 2\n to SQL Express Service Pack 3, to address multiple security\n issues that exist in the earlier releases of Microsoft SQL Express.\n\n Customers using other database solutions need not update for\n these issues.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2008-5416, CVE-2008-0085, CVE-2008-0086,\n CVE-2008-0107 and CVE-2008-0106 to the issues addressed in MS SQL\n Express Service Pack 3.\n\nb. vCenter Apache Tomcat Management Application Credential Disclosure\n\n The Apache Tomcat Manager application configuration file contains\n logon credentials that can be read by unprivileged local users.\n\n The issue is resolved by removing the Manager application in\n vCenter 4.1 Update 1.\n\n If vCenter 4.1 is updated to vCenter 4.1 Update 1 the logon\n credentials are not present in the configuration file after the\n update.\n\n VMware would like to thank Claudio Criscione of Secure Networking\n for reporting this issue to us.\n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2010-2928 to this issue.\n\nc. vCenter Server and ESX, Oracle (Sun) JRE is updated to version\n 1.6.0_21\n\n Oracle (Sun) JRE update to version 1.6.0_21, which addresses\n multiple security issues that existed in earlier releases of\n Oracle (Sun) JRE.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the following names to the security issues fixed in\n Oracle (Sun) JRE 1.6.0_19: CVE-2009-3555, CVE-2010-0082,\n CVE-2010-0084, CVE-2010-0085, CVE-2010-0087, CVE-2010-0088,\n CVE-2010-0089, CVE-2010-0090, CVE-2010-0091, CVE-2010-0092,\n CVE-2010-0093, CVE-2010-0094, CVE-2010-0095, CVE-2010-0837,\n CVE-2010-0838, CVE-2010-0839, CVE-2010-0840, CVE-2010-0841,\n CVE-2010-0842, CVE-2010-0843, CVE-2010-0844, CVE-2010-0845,\n CVE-2010-0846, CVE-2010-0847, CVE-2010-0848, CVE-2010-0849,\n CVE-2010-0850.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the following name to the security issue fixed in\n Oracle (Sun) JRE 1.6.0_20: CVE-2010-0886.\n\nd. vCenter Update Manager Oracle (Sun) JRE is updated to version\n 1.5.0_26\n\n Oracle (Sun) JRE update to version 1.5.0_26, which addresses\n multiple security issues that existed in earlier releases of\n Oracle (Sun) JRE.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the following names to the security issues fixed in\n Oracle (Sun) JRE 1.5.0_26: CVE-2010-3556, CVE-2010-3566,\n CVE-2010-3567, CVE-2010-3550, CVE-2010-3561, CVE-2010-3573,\n CVE-2010-3565,CVE-2010-3568, CVE-2010-3569, CVE-2009-3555,\n CVE-2010-1321, CVE-2010-3548, CVE-2010-3551, CVE-2010-3562,\n CVE-2010-3571, CVE-2010-3554, CVE-2010-3559, CVE-2010-3572,\n CVE-2010-3553, CVE-2010-3549, CVE-2010-3557, CVE-2010-3541,\n CVE-2010-3574.\n\ne. vCenter Server and ESX Apache Tomcat updated to version 6.0.28\n\n Apache Tomcat updated to version 6.0.28, which addresses multiple\n security issues that existed in earlier releases of Apache Tomcat\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the following names to the security issues fixed in\n Apache Tomcat 6.0.24: CVE-2009-2693, CVE-2009-2901, CVE-2009-2902,i\n and CVE-2009-3548.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the following names to the security issues fixed in\n Apache Tomcat 6.0.28: CVE-2010-2227, CVE-2010-1157.\n\nf. vCenter Server third-party component OpenSSL updated to version\n 0.9.8n\n\n The version of the OpenSSL library in vCenter Server is updated to\n 0.9.8n.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2010-0740 and CVE-2010-0433 to the\n issues addressed in this version of OpenSSL.\n\ng. ESX third-party component OpenSSL updated to version 0.9.8p\n\n The version of the ESX OpenSSL library is updated to 0.9.8p.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2010-3864 and CVE-2010-2939 to the\n issues addressed in this update.\n\nh. ESXi third-party component cURL updated\n\n The version of cURL library in ESXi is updated.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2010-0734 to the issues addressed in\n this update.\n\ni. ESX third-party component pam_krb5 updated\n\n The version of pam_krb5 library is updated.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2008-3825 and CVE-2009-1384 to the\n issues addressed in the update.\n\nj. ESX third-party update for Service Console kernel\n\n The Service Console kernel is updated to include kernel version\n 2.6.18-194.11.1.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2010-1084, CVE-2010-2066, CVE-2010-2070,\n CVE-2010-2226, CVE-2010-2248, CVE-2010-2521, CVE-2010-2524,\n CVE-2010-0008, CVE-2010-0415, CVE-2010-0437, CVE-2009-4308,\n CVE-2010-0003, CVE-2010-0007, CVE-2010-0307, CVE-2010-1086,\n CVE-2010-0410, CVE-2010-0730, CVE-2010-1085, CVE-2010-0291,\n CVE-2010-0622, CVE-2010-1087, CVE-2010-1173, CVE-2010-1437,\n CVE-2010-1088, CVE-2010-1187, CVE-2010-1436, CVE-2010-1641, and\n CVE-2010-3081 to the issues addressed in the update.\n\n Notes :\n - The update also addresses the 64-bit compatibility mode\n stack pointer underflow issue identified by CVE-2010-3081. This\n issue was patched in an ESX 4.1 patch prior to the release of\n ESX 4.1 Update 1 and in a previous ESX 4.0 patch release.\n - The update also addresses CVE-2010-2240 for ESX 4.0.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.vmware.com/pipermail/security-announce/2011/000140.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the missing patches.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java Web Start Plugin Command Line Argument Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n script_cwe_id(20, 22, 119, 189, 200, 255, 264, 287, 310, 399);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/07/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/02/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:4.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:4.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"VMware ESX Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/VMware/release\", \"Host/VMware/version\");\n script_require_ports(\"Host/VMware/esxupdate\", \"Host/VMware/esxcli_software_vibs\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"vmware_esx_packages.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/VMware/release\")) audit(AUDIT_OS_NOT, \"VMware ESX / ESXi\");\nif (\n !get_kb_item(\"Host/VMware/esxcli_software_vibs\") &&\n !get_kb_item(\"Host/VMware/esxupdate\")\n) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ninit_esx_check(date:\"2011-02-10\");\nflag = 0;\n\n\nif (\n esx_check(\n ver : \"ESX 4.0\",\n patch : \"ESX400-201103401-SG\",\n patch_updates : make_list(\"ESX400-201104401-SG\", \"ESX400-201110401-SG\", \"ESX400-201111201-SG\", \"ESX400-201203401-SG\", \"ESX400-201205401-SG\", \"ESX400-201206401-SG\", \"ESX400-201209401-SG\", \"ESX400-201302401-SG\", \"ESX400-201305401-SG\", \"ESX400-201310401-SG\", \"ESX400-201404401-SG\", \"ESX400-Update03\", \"ESX400-Update04\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 4.0\",\n patch : \"ESX400-201103403-SG\",\n patch_updates : make_list(\"ESX400-201111201-SG\", \"ESX400-201203401-SG\", \"ESX400-201205401-SG\", \"ESX400-201206401-SG\", \"ESX400-201209401-SG\", \"ESX400-201302401-SG\", \"ESX400-201305401-SG\", \"ESX400-201310401-SG\", \"ESX400-201404401-SG\", \"ESX400-Update03\", \"ESX400-Update04\")\n )\n) flag++;\n\nif (\n esx_check(\n ver : \"ESX 4.1\",\n patch : \"ESX410-201101201-SG\",\n patch_updates : make_list(\"ESX40-TO-ESX41UPDATE01\", \"ESX410-201104401-SG\", \"ESX410-201110201-SG\", \"ESX410-201201401-SG\", \"ESX410-201204401-SG\", \"ESX410-201205401-SG\", \"ESX410-201206401-SG\", \"ESX410-201208101-SG\", \"ESX410-201211401-SG\", \"ESX410-201301401-SG\", \"ESX410-201304401-SG\", \"ESX410-201307401-SG\", \"ESX410-201312401-SG\", \"ESX410-201404401-SG\", \"ESX410-Update01\", \"ESX410-Update02\", \"ESX410-Update03\")\n )\n) flag++;\n\nif (\n esx_check(\n ver : \"ESXi 4.0\",\n patch : \"ESXi400-201103401-SG\",\n patch_updates : make_list(\"ESXi400-201104401-SG\", \"ESXi400-201110401-SG\", \"ESXi400-201203401-SG\", \"ESXi400-201205401-SG\", \"ESXi400-201206401-SG\", \"ESXi400-201209401-SG\", \"ESXi400-201302401-SG\", \"ESXi400-201305401-SG\", \"ESXi400-201310401-SG\", \"ESXi400-201404401-SG\", \"ESXi400-Update03\", \"ESXi400-Update04\")\n )\n) flag++;\n\nif (\n esx_check(\n ver : \"ESXi 4.1\",\n patch : \"ESXi410-201101201-SG\",\n patch_updates : make_list(\"ESXi410-201104401-SG\", \"ESXi410-201110201-SG\", \"ESXi410-201201401-SG\", \"ESXi410-201204401-SG\", \"ESXi410-201205401-SG\", \"ESXi410-201206401-SG\", \"ESXi410-201208101-SG\", \"ESXi410-201211401-SG\", \"ESXi410-201301401-SG\", \"ESXi410-201304401-SG\", \"ESXi410-201307401-SG\", \"ESXi410-201312401-SG\", \"ESXi410-201404401-SG\", \"ESXi410-Update01\", \"ESXi410-Update02\", \"ESXi410-Update03\")\n )\n) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:esx_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:25:10", "description": "The version of HP Systems Insight Manager installed on the remote Windows host is affected by vulnerabilities in the following components :\n\n - TLS and SSL protocols\n - Apache Tomcat\n - Java\n - Flash Player\n - BlazeDS/GraniteDS\n - Adobe LiveCycle\n - Adobe Flex SDK\n - Systems Insight Manager", "cvss3": {}, "published": "2012-06-15T00:00:00", "type": "nessus", "title": "HP Systems Insight Manager < 7.0 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-3555", "CVE-2010-2227", "CVE-2010-4470", "CVE-2010-4476", "CVE-2011-0611", "CVE-2011-0786", "CVE-2011-0788", "CVE-2011-0802", "CVE-2011-0814", "CVE-2011-0815", "CVE-2011-0817", "CVE-2011-0862", "CVE-2011-0863", "CVE-2011-0864", "CVE-2011-0865", "CVE-2011-0866", "CVE-2011-0867", "CVE-2011-0868", "CVE-2011-0869", "CVE-2011-0871", "CVE-2011-0872", "CVE-2011-0873", "CVE-2011-2092", "CVE-2011-2093", "CVE-2011-2130", "CVE-2011-2134", "CVE-2011-2135", "CVE-2011-2136", "CVE-2011-2137", "CVE-2011-2138", "CVE-2011-2139", "CVE-2011-2140", "CVE-2011-2414", "CVE-2011-2415", "CVE-2011-2416", "CVE-2011-2417", "CVE-2011-2425", "CVE-2011-2426", "CVE-2011-2427", "CVE-2011-2428", "CVE-2011-2429", "CVE-2011-2430", "CVE-2011-2444", "CVE-2011-2445", "CVE-2011-2450", "CVE-2011-2451", "CVE-2011-2452", "CVE-2011-2453", "CVE-2011-2454", "CVE-2011-2455", "CVE-2011-2456", "CVE-2011-2457", "CVE-2011-2458", "CVE-2011-2459", "CVE-2011-2460", "CVE-2011-2461", "CVE-2011-3556", "CVE-2011-3557", "CVE-2011-3558", "CVE-2012-1995", "CVE-2012-1996", "CVE-2012-1997", "CVE-2012-1998", "CVE-2012-1999"], "modified": "2022-03-08T00:00:00", "cpe": ["cpe:/a:hp:systems_insight_manager"], "id": "HP_SYSTEMS_INSIGHT_MANAGER_700_MULTIPLE_VULNS.NASL", "href": "https://www.tenable.com/plugins/nessus/59684", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59684);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/08\");\n\n script_cve_id(\n \"CVE-2009-3555\",\n \"CVE-2010-2227\",\n \"CVE-2010-4470\",\n \"CVE-2010-4476\",\n \"CVE-2011-0611\",\n \"CVE-2011-0786\",\n \"CVE-2011-0788\",\n \"CVE-2011-0802\",\n \"CVE-2011-0814\",\n \"CVE-2011-0815\",\n \"CVE-2011-0817\",\n \"CVE-2011-0862\",\n \"CVE-2011-0863\",\n \"CVE-2011-0864\",\n \"CVE-2011-0865\",\n \"CVE-2011-0866\",\n \"CVE-2011-0867\",\n \"CVE-2011-0868\",\n \"CVE-2011-0869\",\n \"CVE-2011-0871\",\n \"CVE-2011-0872\",\n \"CVE-2011-0873\",\n \"CVE-2011-2092\",\n \"CVE-2011-2093\",\n \"CVE-2011-2130\",\n \"CVE-2011-2134\",\n \"CVE-2011-2135\",\n \"CVE-2011-2136\",\n \"CVE-2011-2137\",\n \"CVE-2011-2138\",\n \"CVE-2011-2139\",\n \"CVE-2011-2140\",\n \"CVE-2011-2414\",\n \"CVE-2011-2415\",\n \"CVE-2011-2416\",\n \"CVE-2011-2417\",\n \"CVE-2011-2425\",\n \"CVE-2011-2426\",\n \"CVE-2011-2427\",\n \"CVE-2011-2428\",\n \"CVE-2011-2429\",\n \"CVE-2011-2430\",\n \"CVE-2011-2444\",\n \"CVE-2011-2445\",\n \"CVE-2011-2450\",\n \"CVE-2011-2451\",\n \"CVE-2011-2452\",\n \"CVE-2011-2453\",\n \"CVE-2011-2454\",\n \"CVE-2011-2455\",\n \"CVE-2011-2456\",\n \"CVE-2011-2457\",\n \"CVE-2011-2458\",\n \"CVE-2011-2459\",\n \"CVE-2011-2460\",\n \"CVE-2011-2461\",\n \"CVE-2011-3556\",\n \"CVE-2011-3557\",\n \"CVE-2011-3558\",\n \"CVE-2012-1995\",\n \"CVE-2012-1996\",\n \"CVE-2012-1997\",\n \"CVE-2012-1998\",\n \"CVE-2012-1999\"\n );\n script_bugtraq_id(\n 36935,\n 41544,\n 42817,\n 46091,\n 46387,\n 47314,\n 48133,\n 48134,\n 48135,\n 48136,\n 48137,\n 48138,\n 48139,\n 48140,\n 48141,\n 48142,\n 48143,\n 48144,\n 48145,\n 48146,\n 48147,\n 48148,\n 48149,\n 48267,\n 48279,\n 49073,\n 49074,\n 49075,\n 49076,\n 49077,\n 49079,\n 49080,\n 49081,\n 49082,\n 49083,\n 49084,\n 49085,\n 49086,\n 49710,\n 49714,\n 49715,\n 49716,\n 49717,\n 49718,\n 50618,\n 50619,\n 50620,\n 50621,\n 50622,\n 50623,\n 50624,\n 50625,\n 50626,\n 50627,\n 50628,\n 50629,\n 50869,\n 53315\n );\n script_xref(name:\"HP\", value:\"HPSBMU02769\");\n script_xref(name:\"HP\", value:\"SSRT100846\");\n script_xref(name:\"HP\", value:\"SSRT100093\");\n script_xref(name:\"HP\", value:\"SSRT090028\");\n script_xref(name:\"HP\", value:\"SSRT100110\");\n script_xref(name:\"HP\", value:\"SSRT100373\");\n script_xref(name:\"HP\", value:\"SSRT100426\");\n script_xref(name:\"HP\", value:\"SSRT100514\");\n script_xref(name:\"HP\", value:\"SSRT100562\");\n script_xref(name:\"HP\", value:\"SSRT100639\");\n script_xref(name:\"HP\", value:\"SSRT100702\");\n script_xref(name:\"HP\", value:\"SSRT100819\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/03/24\");\n\n script_name(english:\"HP Systems Insight Manager < 7.0 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains software that is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of HP Systems Insight Manager installed on the remote\nWindows host is affected by vulnerabilities in the following\ncomponents :\n\n - TLS and SSL protocols\n - Apache Tomcat\n - Java\n - Flash Player\n - BlazeDS/GraniteDS\n - Adobe LiveCycle\n - Adobe Flex SDK\n - Systems Insight Manager\");\n # http://web.archive.org/web/20120701193341/http://h20000.www2.hp.com:80/bizsupport/TechSupport/Document.jsp?objectID=c03298151\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?72e42ec4\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to HP Systems Insight Manager 7.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2011-2460\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java RMI Server Insecure Default Configuration Java Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/11/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:hp:systems_insight_manager\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"hp_systems_insight_manager_installed.nasl\");\n script_require_keys(\"installed_sw/HP Systems Insight Manager\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"install_func.inc\");\ninclude(\"misc_func.inc\");\n\napp_name = \"HP Systems Insight Manager\";\nget_install_count(app_name:app_name, exit_if_zero:TRUE);\n\ninstall = get_single_install(app_name:app_name);\npath = install['path'];\nversion = install['version'];\n\nif (version =~ '^(([A-Z]\\\\.)?0[0-5]\\\\.|([A-C]\\\\.)?0[0-6]\\\\.[0-9\\\\.]+)')\n{\n set_kb_item(name:'www/0/XSS', value:TRUE);\n set_kb_item(name:'www/0/XSRF', value:TRUE);\n\n port = get_kb_item('SMB/transport');\n if (!port) port = 445;\n\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : C.07.00.00.00' +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, path);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2018-01-22T13:05:50", "description": "Check for the Version of tomcat5", "cvss3": {}, "published": "2010-09-14T00:00:00", "type": "openvas", "title": "Mandriva Update for tomcat5 MDVSA-2010:177 (tomcat5)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2693", "CVE-2010-1157", "CVE-2009-2901", "CVE-2010-2227", "CVE-2009-2902"], "modified": "2018-01-22T00:00:00", "id": "OPENVAS:1361412562310831151", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831151", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for tomcat5 MDVSA-2010:177 (tomcat5)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been found and corrected in tomcat5:\n\n Directory traversal vulnerability in Apache Tomcat 5.5.0 through\n 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or\n overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file,\n as demonstrated by a ../../bin/catalina.bat entry (CVE-2009-2693).\n \n The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and\n 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase\n files that remain from a failed undeploy, which might allow remote\n attackers to bypass intended authentication requirements via HTTP\n requests (CVE-2009-2901).\n \n Directory traversal vulnerability in Apache Tomcat 5.5.0 through\n 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete\n work-directory files via directory traversal sequences in a WAR\n filename, as demonstrated by the ...war filename (CVE-2009-2902).\n \n Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might\n allow remote attackers to discover the server's hostname or IP\n address by sending a request for a resource that requires (1) BASIC or\n (2) DIGEST authentication, and then reading the realm field in the\n WWW-Authenticate header in the reply (CVE-2010-1157).\n \n Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0\n beta does not properly handle an invalid Transfer-Encoding header,\n which allows remote attackers to cause a denial of service (application\n outage) or obtain sensitive information via a crafted header that\n interferes with recycling of a buffer. (CVE-2010-2227)\n \n Packages for 2009.0 are provided as of the Extended Maintenance\n Program. Please visit this link to learn more:\n http://store.mandriva.com/product_info.php?cPath=149&products_id=490\n \n The updated packages have been patched to correct these issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"tomcat5 on Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Linux 2009.1,\n Mandriva Linux 2009.1/X86_64,\n Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-09/msg00011.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831151\");\n script_version(\"$Revision: 8485 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-22 08:57:57 +0100 (Mon, 22 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-09-14 15:35:55 +0200 (Tue, 14 Sep 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_xref(name: \"MDVSA\", value: \"2010:177\");\n script_cve_id(\"CVE-2009-2693\", \"CVE-2009-2901\", \"CVE-2009-2902\", \"CVE-2010-1157\", \"CVE-2010-2227\");\n script_name(\"Mandriva Update for tomcat5 MDVSA-2010:177 (tomcat5)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tomcat5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-eclipse\", rpm:\"tomcat5-jasper-eclipse~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-eclipse\", rpm:\"tomcat5-jasper-eclipse~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-eclipse\", rpm:\"tomcat5-jasper-eclipse~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-eclipse\", rpm:\"tomcat5-jasper-eclipse~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:54:26", "description": "Check for the Version of tomcat5", "cvss3": {}, "published": "2010-09-14T00:00:00", "type": "openvas", "title": "Mandriva Update for tomcat5 MDVSA-2010:177 (tomcat5)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2693", "CVE-2010-1157", "CVE-2009-2901", "CVE-2010-2227", "CVE-2009-2902"], "modified": "2017-12-22T00:00:00", "id": "OPENVAS:831151", "href": "http://plugins.openvas.org/nasl.php?oid=831151", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for tomcat5 MDVSA-2010:177 (tomcat5)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been found and corrected in tomcat5:\n\n Directory traversal vulnerability in Apache Tomcat 5.5.0 through\n 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or\n overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file,\n as demonstrated by a ../../bin/catalina.bat entry (CVE-2009-2693).\n \n The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and\n 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase\n files that remain from a failed undeploy, which might allow remote\n attackers to bypass intended authentication requirements via HTTP\n requests (CVE-2009-2901).\n \n Directory traversal vulnerability in Apache Tomcat 5.5.0 through\n 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete\n work-directory files via directory traversal sequences in a WAR\n filename, as demonstrated by the ...war filename (CVE-2009-2902).\n \n Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might\n allow remote attackers to discover the server's hostname or IP\n address by sending a request for a resource that requires (1) BASIC or\n (2) DIGEST authentication, and then reading the realm field in the\n WWW-Authenticate header in the reply (CVE-2010-1157).\n \n Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0\n beta does not properly handle an invalid Transfer-Encoding header,\n which allows remote attackers to cause a denial of service (application\n outage) or obtain sensitive information via a crafted header that\n interferes with recycling of a buffer. (CVE-2010-2227)\n \n Packages for 2009.0 are provided as of the Extended Maintenance\n Program. Please visit this link to learn more:\n http://store.mandriva.com/product_info.php?cPath=149&products_id=490\n \n The updated packages have been patched to correct these issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"tomcat5 on Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Linux 2009.1,\n Mandriva Linux 2009.1/X86_64,\n Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-09/msg00011.php\");\n script_id(831151);\n script_version(\"$Revision: 8226 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-22 07:30:26 +0100 (Fri, 22 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-09-14 15:35:55 +0200 (Tue, 14 Sep 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_xref(name: \"MDVSA\", value: \"2010:177\");\n script_cve_id(\"CVE-2009-2693\", \"CVE-2009-2901\", \"CVE-2009-2902\", \"CVE-2010-1157\", \"CVE-2010-2227\");\n script_name(\"Mandriva Update for tomcat5 MDVSA-2010:177 (tomcat5)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tomcat5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-eclipse\", rpm:\"tomcat5-jasper-eclipse~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-eclipse\", rpm:\"tomcat5-jasper-eclipse~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-eclipse\", rpm:\"tomcat5-jasper-eclipse~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-eclipse\", rpm:\"tomcat5-jasper-eclipse~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-12-14T11:48:59", "description": "Check for the Version of tomcat6", "cvss3": {}, "published": "2010-11-16T00:00:00", "type": "openvas", "title": "Fedora Update for tomcat6 FEDORA-2010-16270", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2227"], "modified": "2017-12-13T00:00:00", "id": "OPENVAS:862502", "href": "http://plugins.openvas.org/nasl.php?oid=862502", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tomcat6 FEDORA-2010-16270\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Tomcat is the servlet container that is used in the official Reference\n Implementation for the Java Servlet and JavaServer Pages technologies.\n The Java Servlet and JavaServer Pages specifications are developed by\n Sun under the Java Community Process.\n\n Tomcat is developed in an open and participatory environment and\n released under the Apache Software License version 2.0. Tomcat is intended\n to be a collaboration of the best-of-breed developers from around the world.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"tomcat6 on Fedora 13\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050214.html\");\n script_id(862502);\n script_version(\"$Revision: 8092 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-13 07:31:16 +0100 (Wed, 13 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-16 14:49:48 +0100 (Tue, 16 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-16270\");\n script_cve_id(\"CVE-2010-2227\");\n script_name(\"Fedora Update for tomcat6 FEDORA-2010-16270\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tomcat6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.26~11.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-12-04T11:17:44", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-976-1", "cvss3": {}, "published": "2010-08-30T00:00:00", "type": "openvas", "title": "Ubuntu Update for tomcat6 vulnerability USN-976-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2227"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840485", "href": "http://plugins.openvas.org/nasl.php?oid=840485", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_976_1.nasl 7965 2017-12-01 07:38:25Z santu $\n#\n# Ubuntu Update for tomcat6 vulnerability USN-976-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that Tomcat incorrectly handled invalid Transfer-Encoding\n headers. A remote attacker could send specially crafted requests containing\n invalid headers to the server and cause a denial of service, or possibly\n obtain sensitive information from other requests.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-976-1\";\ntag_affected = \"tomcat6 vulnerability on Ubuntu 9.04 ,\n Ubuntu 9.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-976-1/\");\n script_id(840485);\n script_version(\"$Revision: 7965 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:38:25 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-30 16:59:25 +0200 (Mon, 30 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_xref(name: \"USN\", value: \"976-1\");\n script_cve_id(\"CVE-2010-2227\");\n script_name(\"Ubuntu Update for tomcat6 vulnerability USN-976-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libservlet2.5-java-doc\", ver:\"6.0.20-2ubuntu2.2\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libservlet2.5-java\", ver:\"6.0.20-2ubuntu2.2\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.20-2ubuntu2.2\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-admin\", ver:\"6.0.20-2ubuntu2.2\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-common\", ver:\"6.0.20-2ubuntu2.2\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-docs\", ver:\"6.0.20-2ubuntu2.2\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-examples\", ver:\"6.0.20-2ubuntu2.2\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-user\", ver:\"6.0.20-2ubuntu2.2\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6\", ver:\"6.0.20-2ubuntu2.2\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libservlet2.5-java-doc\", ver:\"6.0.24-2ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libservlet2.5-java\", ver:\"6.0.24-2ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.24-2ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-admin\", ver:\"6.0.24-2ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-common\", ver:\"6.0.24-2ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-docs\", ver:\"6.0.24-2ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-examples\", ver:\"6.0.24-2ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-user\", ver:\"6.0.24-2ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6\", ver:\"6.0.24-2ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU9.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libservlet2.5-java-doc\", ver:\"6.0.18-0ubuntu6.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libservlet2.5-java\", ver:\"6.0.18-0ubuntu6.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.18-0ubuntu6.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-admin\", ver:\"6.0.18-0ubuntu6.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-common\", ver:\"6.0.18-0ubuntu6.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-docs\", ver:\"6.0.18-0ubuntu6.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-examples\", ver:\"6.0.18-0ubuntu6.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-user\", ver:\"6.0.18-0ubuntu6.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6\", ver:\"6.0.18-0ubuntu6.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-22T13:05:39", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-976-1", "cvss3": {}, "published": "2010-08-30T00:00:00", "type": "openvas", "title": "Ubuntu Update for tomcat6 vulnerability USN-976-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2227"], "modified": "2018-01-22T00:00:00", "id": "OPENVAS:1361412562310840485", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840485", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_976_1.nasl 8485 2018-01-22 07:57:57Z teissa $\n#\n# Ubuntu Update for tomcat6 vulnerability USN-976-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that Tomcat incorrectly handled invalid Transfer-Encoding\n headers. A remote attacker could send specially crafted requests containing\n invalid headers to the server and cause a denial of service, or possibly\n obtain sensitive information from other requests.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-976-1\";\ntag_affected = \"tomcat6 vulnerability on Ubuntu 9.04 ,\n Ubuntu 9.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-976-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840485\");\n script_version(\"$Revision: 8485 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-22 08:57:57 +0100 (Mon, 22 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-30 16:59:25 +0200 (Mon, 30 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_xref(name: \"USN\", value: \"976-1\");\n script_cve_id(\"CVE-2010-2227\");\n script_name(\"Ubuntu Update for tomcat6 vulnerability USN-976-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libservlet2.5-java-doc\", ver:\"6.0.20-2ubuntu2.2\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libservlet2.5-java\", ver:\"6.0.20-2ubuntu2.2\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.20-2ubuntu2.2\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-admin\", ver:\"6.0.20-2ubuntu2.2\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-common\", ver:\"6.0.20-2ubuntu2.2\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-docs\", ver:\"6.0.20-2ubuntu2.2\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-examples\", ver:\"6.0.20-2ubuntu2.2\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-user\", ver:\"6.0.20-2ubuntu2.2\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6\", ver:\"6.0.20-2ubuntu2.2\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libservlet2.5-java-doc\", ver:\"6.0.24-2ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libservlet2.5-java\", ver:\"6.0.24-2ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.24-2ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-admin\", ver:\"6.0.24-2ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-common\", ver:\"6.0.24-2ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-docs\", ver:\"6.0.24-2ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-examples\", ver:\"6.0.24-2ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-user\", ver:\"6.0.24-2ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6\", ver:\"6.0.24-2ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU9.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libservlet2.5-java-doc\", ver:\"6.0.18-0ubuntu6.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libservlet2.5-java\", ver:\"6.0.18-0ubuntu6.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.18-0ubuntu6.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-admin\", ver:\"6.0.18-0ubuntu6.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-common\", ver:\"6.0.18-0ubuntu6.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-docs\", ver:\"6.0.18-0ubuntu6.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-examples\", ver:\"6.0.18-0ubuntu6.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-user\", ver:\"6.0.18-0ubuntu6.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6\", ver:\"6.0.18-0ubuntu6.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:40:06", "description": "Apache Tomcat is prone to multiple remote vulnerabilities including\n information-disclosure and denial-of-service issues.", "cvss3": {}, "published": "2010-07-13T00:00:00", "type": "openvas", "title": "Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2227"], "modified": "2019-05-10T00:00:00", "id": "OPENVAS:1361412562310100712", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310100712", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:tomcat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.100712\");\n script_version(\"2019-05-10T11:41:35+0000\");\n script_tag(name:\"last_modification\", value:\"2019-05-10 11:41:35 +0000 (Fri, 10 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2010-07-13 12:45:31 +0200 (Tue, 13 Jul 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_bugtraq_id(41544);\n script_cve_id(\"CVE-2010-2227\");\n script_name(\"Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web Servers\");\n script_copyright(\"This script is Copyright (C) 2010 Greenbone Networks GmbH\");\n script_dependencies(\"gb_apache_tomcat_consolidation.nasl\");\n script_mandatory_keys(\"apache/tomcat/detected\");\n\n script_xref(name:\"URL\", value:\"https://www.securityfocus.com/bid/41544\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-5.html\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-6.html\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-7.html\");\n\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/archive/1/512272\");\n\n script_tag(name:\"solution\", value:\"The vendor released updates. Please see the references for more\n information.\");\n\n script_tag(name:\"summary\", value:\"Apache Tomcat is prone to multiple remote vulnerabilities including\n information-disclosure and denial-of-service issues.\");\n\n script_tag(name:\"impact\", value:\"Remote attackers can exploit these issues to cause denial-of-service\n conditions or gain access to potentially sensitive information,\n information obtained may lead to further attacks.\");\n\n script_tag(name:\"affected\", value:\"Tomcat 5.5.0 to 5.5.29 Tomcat 6.0.0 to 6.0.27 Tomcat 7.0.0\n\n Tomcat 3.x, 4.x, and 5.0.x may also be affected.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( isnull( port = get_app_port( cpe:CPE ) ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_location( cpe:CPE, port:port, exit_no_version:TRUE ) )\n exit( 0 );\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif( version_in_range( version:vers, test_version:\"5.5.0\", test_version2:\"5.5.29\" ) ||\n version_in_range( version:vers, test_version:\"6.0.0\", test_version2:\"6.0.27\" ) ||\n version_is_equal( version:vers, test_version:\"7.0.0\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"5.5.30/6.0.28/7.0.1\", install_path:path );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2018-01-02T10:54:51", "description": "Check for the Version of tomcat6", "cvss3": {}, "published": "2010-11-16T00:00:00", "type": "openvas", "title": "Fedora Update for tomcat6 FEDORA-2010-16270", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2227"], "modified": "2017-12-22T00:00:00", "id": "OPENVAS:1361412562310862502", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862502", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tomcat6 FEDORA-2010-16270\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Tomcat is the servlet container that is used in the official Reference\n Implementation for the Java Servlet and JavaServer Pages technologies.\n The Java Servlet and JavaServer Pages specifications are developed by\n Sun under the Java Community Process.\n\n Tomcat is developed in an open and participatory environment and\n released under the Apache Software License version 2.0. Tomcat is intended\n to be a collaboration of the best-of-breed developers from around the world.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"tomcat6 on Fedora 13\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050214.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862502\");\n script_version(\"$Revision: 8228 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-22 08:29:52 +0100 (Fri, 22 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-16 14:49:48 +0100 (Tue, 16 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-16270\");\n script_cve_id(\"CVE-2010-2227\");\n script_name(\"Fedora Update for tomcat6 FEDORA-2010-16270\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tomcat6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.26~11.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-25T10:55:23", "description": "Check for the Version of tomcat6", "cvss3": {}, "published": "2010-12-02T00:00:00", "type": "openvas", "title": "Fedora Update for tomcat6 FEDORA-2010-16528", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2227"], "modified": "2018-01-24T00:00:00", "id": "OPENVAS:1361412562310862627", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862627", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tomcat6 FEDORA-2010-16528\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Tomcat is the servlet container that is used in the official Reference\n Implementation for the Java Servlet and JavaServer Pages technologies.\n The Java Servlet and JavaServer Pages specifications are developed by\n Sun under the Java Community Process.\n\n Tomcat is developed in an open and participatory environment and\n released under the Apache Software License version 2.0. Tomcat is intended\n to be a collaboration of the best-of-breed developers from around the world.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"tomcat6 on Fedora 14\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050840.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862627\");\n script_version(\"$Revision: 8510 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-24 08:57:42 +0100 (Wed, 24 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-02 08:39:14 +0100 (Thu, 02 Dec 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-16528\");\n script_cve_id(\"CVE-2010-2227\");\n script_name(\"Fedora Update for tomcat6 FEDORA-2010-16528\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tomcat6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.26~14.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:54:42", "description": "Check for the Version of tomcat6", "cvss3": {}, "published": "2010-12-02T00:00:00", "type": "openvas", "title": "Fedora Update for tomcat6 FEDORA-2010-16528", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2227"], "modified": "2017-12-25T00:00:00", "id": "OPENVAS:862627", "href": "http://plugins.openvas.org/nasl.php?oid=862627", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tomcat6 FEDORA-2010-16528\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Tomcat is the servlet container that is used in the official Reference\n Implementation for the Java Servlet and JavaServer Pages technologies.\n The Java Servlet and JavaServer Pages specifications are developed by\n Sun under the Java Community Process.\n\n Tomcat is developed in an open and participatory environment and\n released under the Apache Software License version 2.0. Tomcat is intended\n to be a collaboration of the best-of-breed developers from around the world.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"tomcat6 on Fedora 14\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050840.html\");\n script_id(862627);\n script_version(\"$Revision: 8243 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-25 07:30:04 +0100 (Mon, 25 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-02 08:39:14 +0100 (Thu, 02 Dec 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-16528\");\n script_cve_id(\"CVE-2010-2227\");\n script_name(\"Fedora Update for tomcat6 FEDORA-2010-16528\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tomcat6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.26~14.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:10:02", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2010-05-04T00:00:00", "type": "openvas", "title": "FreeBSD Ports: tomcat", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1157"], "modified": "2017-02-10T00:00:00", "id": "OPENVAS:67355", "href": "http://plugins.openvas.org/nasl.php?oid=67355", "sourceData": "#\n#VID 3383e706-4fc3-11df-83fb-0015587e2cc1\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 3383e706-4fc3-11df-83fb-0015587e2cc1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: tomcat\n\nCVE-2010-1157\nApache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might\nallow remote attackers to discover the server's hostname or IP address\nby sending a request for a resource that requires (1) BASIC or (2)\nDIGEST authentication, and then reading the realm field in the\nWWW-Authenticate header in the reply.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://seclists.org/bugtraq/2010/Apr/200\nhttp://www.vuxml.org/freebsd/3383e706-4fc3-11df-83fb-0015587e2cc1.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(67355);\n script_version(\"$Revision: 5263 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-10 14:45:51 +0100 (Fri, 10 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-04 05:52:15 +0200 (Tue, 04 May 2010)\");\n script_cve_id(\"CVE-2010-1157\");\n script_tag(name:\"cvss_base\", value:\"2.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:N/A:N\");\n script_name(\"FreeBSD Ports: tomcat\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"tomcat\");\nif(!isnull(bver) && revcomp(a:bver, b:\"5.5.0\")>0 && revcomp(a:bver, b:\"5.5.28\")<=0) {\n txt += 'Package tomcat version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"6.0.0\")>0 && revcomp(a:bver, b:\"6.0.24\")<=0) {\n txt += 'Package tomcat version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-05-29T18:40:12", "description": "This host is running Apache Tomcat server and is prone to security\n bypass vulnerability.", "cvss3": {}, "published": "2010-04-29T00:00:00", "type": "openvas", "title": "Apache Tomcat Security bypass vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1157"], "modified": "2019-05-10T00:00:00", "id": "OPENVAS:1361412562310901114", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310901114", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apache Tomcat Security bypass vulnerability\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2010 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:tomcat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.901114\");\n script_version(\"2019-05-10T11:41:35+0000\");\n script_tag(name:\"last_modification\", value:\"2019-05-10 11:41:35 +0000 (Fri, 10 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2010-04-29 10:04:32 +0200 (Thu, 29 Apr 2010)\");\n script_tag(name:\"cvss_base\", value:\"2.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:N/A:N\");\n script_cve_id(\"CVE-2010-1157\");\n script_bugtraq_id(39635);\n script_name(\"Apache Tomcat Security bypass vulnerability\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 SecPod\");\n script_family(\"Web Servers\");\n script_dependencies(\"gb_apache_tomcat_consolidation.nasl\");\n script_mandatory_keys(\"apache/tomcat/detected\");\n\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-5.html\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-6.html\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/archive/1/510879\");\n\n script_tag(name:\"impact\", value:\"Remote attackers can exploit this issue to obtain the host name or IP address\n of the Tomcat server. Information harvested may aid in further attacks.\");\n\n script_tag(name:\"affected\", value:\"Apache Tomcat version 5.5.0 to 5.5.29\n Apache Tomcat version 6.0.0 to 6.0.26.\");\n\n script_tag(name:\"insight\", value:\"The flaw is caused by 'realm name' in the 'WWW-Authenticate' HTTP header for\n 'BASIC' and 'DIGEST' authentication that might allow remote attackers to\n discover the server's hostname or IP address by sending a request for a resource.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the latest version of Apache Tomcat 5.5.30 or 6.0.27 or later.\");\n script_tag(name:\"summary\", value:\"This host is running Apache Tomcat server and is prone to security\n bypass vulnerability.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( isnull( port = get_app_port( cpe:CPE ) ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_location( cpe:CPE, port:port, exit_no_version:TRUE ) )\n exit( 0 );\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif( version_in_range( version:vers, test_version:\"5.5.0\", test_version2:\"5.5.29\" ) ||\n version_in_range( version:vers, test_version:\"6.0.0\", test_version2:\"6.0.26\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"5.5.30/6.0.27\", install_path:path );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2018-01-17T11:05:54", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2010-05-04T00:00:00", "type": "openvas", "title": "FreeBSD Ports: tomcat", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1157"], "modified": "2018-01-16T00:00:00", "id": "OPENVAS:136141256231067355", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231067355", "sourceData": "#\n#VID 3383e706-4fc3-11df-83fb-0015587e2cc1\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 3383e706-4fc3-11df-83fb-0015587e2cc1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: tomcat\n\nCVE-2010-1157\nApache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might\nallow remote attackers to discover the server's hostname or IP address\nby sending a request for a resource that requires (1) BASIC or (2)\nDIGEST authentication, and then reading the realm field in the\nWWW-Authenticate header in the reply.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://seclists.org/bugtraq/2010/Apr/200\nhttp://www.vuxml.org/freebsd/3383e706-4fc3-11df-83fb-0015587e2cc1.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.67355\");\n script_version(\"$Revision: 8438 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-16 18:38:23 +0100 (Tue, 16 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-04 05:52:15 +0200 (Tue, 04 May 2010)\");\n script_cve_id(\"CVE-2010-1157\");\n script_tag(name:\"cvss_base\", value:\"2.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:N/A:N\");\n script_name(\"FreeBSD Ports: tomcat\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"tomcat\");\nif(!isnull(bver) && revcomp(a:bver, b:\"5.5.0\")>0 && revcomp(a:bver, b:\"5.5.28\")<=0) {\n txt += 'Package tomcat version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"6.0.0\")>0 && revcomp(a:bver, b:\"6.0.24\")<=0) {\n txt += 'Package tomcat version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-05-29T18:40:10", "description": "Apache Tomcat is prone to a remote information-disclosure\n vulnerability.", "cvss3": {}, "published": "2010-04-23T00:00:00", "type": "openvas", "title": "Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1157"], "modified": "2019-05-10T00:00:00", "id": "OPENVAS:1361412562310100598", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310100598", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:tomcat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.100598\");\n script_version(\"2019-05-10T11:41:35+0000\");\n script_tag(name:\"last_modification\", value:\"2019-05-10 11:41:35 +0000 (Fri, 10 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2010-04-23 13:12:25 +0200 (Fri, 23 Apr 2010)\");\n script_tag(name:\"cvss_base\", value:\"2.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:N/A:N\");\n script_bugtraq_id(39635);\n script_cve_id(\"CVE-2010-1157\");\n script_name(\"Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web Servers\");\n script_copyright(\"This script is Copyright (C) 2010 Greenbone Networks GmbH\");\n script_dependencies(\"gb_apache_tomcat_consolidation.nasl\");\n script_mandatory_keys(\"apache/tomcat/detected\");\n\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/39635\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-5.html\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-6.html\");\n\n script_xref(name:\"URL\", value:\"http://svn.apache.org/viewvc?view=revision&revision=936540\");\n script_xref(name:\"URL\", value:\"http://svn.apache.org/viewvc?view=revision&revision=936541\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/archive/1/510879\");\n\n script_tag(name:\"solution\", value:\"Updates are available. Please see the references for more information.\");\n\n script_tag(name:\"summary\", value:\"Apache Tomcat is prone to a remote information-disclosure\n vulnerability.\");\n\n script_tag(name:\"impact\", value:\"Remote attackers can exploit this issue to obtain the host name or IP\n address of the Tomcat server. Information harvested may lead to further attacks.\");\n\n script_tag(name:\"affected\", value:\"Tomcat 5.5.0 through 5.5.29 Tomcat 6.0.0 through 6.0.26\n\n Tomcat 3.x, 4.0.x, and 5.0.x may also be affected.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( isnull( port = get_app_port( cpe:CPE ) ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_location( cpe:CPE, port:port, exit_no_version:TRUE ) )\n exit( 0 );\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif( version_in_range( version:vers, test_version:\"5.5.0\", test_version2:\"5.5.29\" ) ||\n version_in_range( version:vers, test_version:\"6.0.0\", test_version2:\"6.0.26\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"5.5.30/6.0.27\", install_path:path );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2017-07-24T12:55:35", "description": "Check for the Version of Apache Running Tomcat Servlet Engine", "cvss3": {}, "published": "2011-01-04T00:00:00", "type": "openvas", "title": "HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0033", "CVE-2009-0580", "CVE-2009-0781", "CVE-2008-5515", "CVE-2010-1157", "CVE-2010-2227", "CVE-2009-0783"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:835243", "href": "http://plugins.openvas.org/nasl.php?oid=835243", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Remote information disclosure\";\ntag_affected = \"Apache Running Tomcat Servlet Engine on\n HP-UX B.11.23, B.11.31 running HP-UX Apache Web Server Suite v3.12 or \n earlier\";\ntag_insight = \"Potential security vulnerabilities have been identified with HP-UX Apache \n Running Tomcat Servlet Engine. These vulnerabilities could be exploited \n remotely to disclose information, allows unauthorized modification, or \n create a Denial of Service (DoS). The Tomcat-based Servlet Engine is \n contained in the HP-UX Apache Web Server Suite.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02515878\");\n script_id(835243);\n script_version(\"$Revision: 6582 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 16:11:56 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-01-04 15:48:51 +0100 (Tue, 04 Jan 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_xref(name: \"HPSBUX\", value: \"02579\");\n script_cve_id(\"CVE-2010-2227\", \"CVE-2010-1157\", \"CVE-2009-0783\", \"CVE-2009-0781\", \"CVE-2009-0580\", \"CVE-2009-0033\", \"CVE-2008-5515\");\n script_name(\"HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579\");\n\n script_summary(\"Check for the Version of Apache Running Tomcat Servlet Engine\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.31\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxws22TOMCAT.TOMCAT\", revision:\"B.5.5.30.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxws22TOMCAT.TOMCAT\", revision:\"B.5.5.30.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:40", "description": "The remote host is missing an update for the Apache Running Tomcat Servlet Engine package(s) announced via the referenced advisory.", "cvss3": {}, "published": "2011-01-04T00:00:00", "type": "openvas", "title": "HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0033", "CVE-2009-0580", "CVE-2009-0781", "CVE-2008-5515", "CVE-2010-1157", "CVE-2010-2227", "CVE-2009-0783"], "modified": "2018-10-04T00:00:00", "id": "OPENVAS:1361412562310835243", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310835243", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_hp_ux_HPSBUX02579.nasl 11739 2018-10-04 07:49:31Z cfischer $\n#\n# HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02515878\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.835243\");\n script_version(\"$Revision: 11739 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-04 09:49:31 +0200 (Thu, 04 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-01-04 15:48:51 +0100 (Tue, 04 Jan 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_xref(name:\"HPSBUX\", value:\"02579\");\n script_cve_id(\"CVE-2010-2227\", \"CVE-2010-1157\", \"CVE-2009-0783\", \"CVE-2009-0781\", \"CVE-2009-0580\", \"CVE-2009-0033\", \"CVE-2008-5515\");\n script_name(\"HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Apache Running Tomcat Servlet Engine package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/hp_pkgrev\", re:\"ssh/login/release=HPUX(11\\.31|11\\.23)\");\n\n script_tag(name:\"impact\", value:\"Remote information disclosure\");\n\n script_tag(name:\"affected\", value:\"Apache Running Tomcat Servlet Engine on HP-UX B.11.23, B.11.31 running HP-UX Apache Web Server Suite v3.12 or\n earlier\");\n\n script_tag(name:\"insight\", value:\"Potential security vulnerabilities have been identified with HP-UX Apache\n Running Tomcat Servlet Engine. These vulnerabilities could be exploited\n remotely to disclose information, allows unauthorized modification, or\n create a Denial of Service (DoS). The Tomcat-based Servlet Engine is\n contained in the HP-UX Apache Web Server Suite.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = hpux_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"HPUX11.31\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxws22TOMCAT.TOMCAT\", revision:\"B.5.5.30.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxws22TOMCAT.TOMCAT\", revision:\"B.5.5.30.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2019-05-29T18:39:39", "description": "The remote host is missing an update to tomcat5.5\nannounced via advisory DSA 2207-1.", "cvss3": {}, "published": "2011-05-12T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2207-1 (tomcat5.5)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0033", "CVE-2009-2693", "CVE-2009-0580", "CVE-2009-0781", "CVE-2008-5515", "CVE-2010-1157", "CVE-2010-2227", "CVE-2009-0783", "CVE-2009-2902"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:136141256231069417", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231069417", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2207_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2207-1 (tomcat5.5)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.69417\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-12 19:21:50 +0200 (Thu, 12 May 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_cve_id(\"CVE-2008-5515\", \"CVE-2009-0033\", \"CVE-2009-0580\", \"CVE-2009-0781\", \"CVE-2009-0783\", \"CVE-2009-2693\", \"CVE-2009-2902\", \"CVE-2010-1157\", \"CVE-2010-2227\");\n script_name(\"Debian Security Advisory DSA 2207-1 (tomcat5.5)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB5\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202207-1\");\n script_tag(name:\"insight\", value:\"Various vulnerabilities have been discovered in the Tomcat Servlet and\nJSP engine, resulting in denial of service, cross-site scripting,\ninformation disclosure and WAR file traversal.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 5.5.26-5lenny2.\n\nThe stable distribution (squeeze) no longer contains tomcat5.5. tomcat6\nis already fixed.\n\nThe unstable distribution (sid) no longer contains tomcat5.5. tomcat6\nis already fixed.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your tomcat5.5 packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to tomcat5.5\nannounced via advisory DSA 2207-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libtomcat5.5-java\", ver:\"5.5.26-5lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat5.5\", ver:\"5.5.26-5lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat5.5-admin\", ver:\"5.5.26-5lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat5.5-webapps\", ver:\"5.5.26-5lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2017-07-24T12:55:37", "description": "The remote host is missing an update to tomcat5.5\nannounced via advisory DSA 2207-1.", "cvss3": {}, "published": "2011-05-12T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2207-1 (tomcat5.5)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0033", "CVE-2009-2693", "CVE-2009-0580", "CVE-2009-0781", "CVE-2008-5515", "CVE-2010-1157", "CVE-2010-2227", "CVE-2009-0783", "CVE-2009-2902"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:69417", "href": "http://plugins.openvas.org/nasl.php?oid=69417", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2207_1.nasl 6613 2017-07-07 12:08:40Z cfischer $\n# Description: Auto-generated from advisory DSA 2207-1 (tomcat5.5)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Various vulnerabilities have been discovered in the Tomcat Servlet and\nJSP engine, resulting in denial of service, cross-site scripting,\ninformation disclosure and WAR file traversal. Further details on the\nindividual security issues can be found at\nhttp://tomcat.apache.org/security-5.html.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 5.5.26-5lenny2.\n\nThe stable distribution (squeeze) no longer contains tomcat5.5. tomcat6\nis already fixed.\n\nThe unstable distribution (sid) no longer contains tomcat5.5. tomcat6\nis already fixed.\n\nWe recommend that you upgrade your tomcat5.5 packages.\";\ntag_summary = \"The remote host is missing an update to tomcat5.5\nannounced via advisory DSA 2207-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202207-1\";\n\n\nif(description)\n{\n script_id(69417);\n script_version(\"$Revision: 6613 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:40 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-12 19:21:50 +0200 (Thu, 12 May 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_cve_id(\"CVE-2008-5515\", \"CVE-2009-0033\", \"CVE-2009-0580\", \"CVE-2009-0781\", \"CVE-2009-0783\", \"CVE-2009-2693\", \"CVE-2009-2902\", \"CVE-2010-1157\", \"CVE-2010-2227\");\n script_name(\"Debian Security Advisory DSA 2207-1 (tomcat5.5)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libtomcat5.5-java\", ver:\"5.5.26-5lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat5.5\", ver:\"5.5.26-5lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat5.5-admin\", ver:\"5.5.26-5lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat5.5-webapps\", ver:\"5.5.26-5lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-03T10:54:26", "description": "Check for the Version of tomcat6", "cvss3": {}, "published": "2010-11-16T00:00:00", "type": "openvas", "title": "Fedora Update for tomcat6 FEDORA-2010-16248", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0033", "CVE-2009-0580", "CVE-2010-2227"], "modified": "2018-01-02T00:00:00", "id": "OPENVAS:1361412562310862500", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862500", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tomcat6 FEDORA-2010-16248\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Tomcat is the servlet container that is used in the official Reference\n Implementation for the Java Servlet and JavaServer Pages technologies.\n The Java Servlet and JavaServer Pages specifications are developed by\n Sun under the Java Community Process.\n\n Tomcat is developed in an open and participatory environment and\n released under the Apache Software License version 2.0. Tomcat is intended\n to be a collaboration of the best-of-breed developers from around the world.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"tomcat6 on Fedora 12\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050207.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862500\");\n script_version(\"$Revision: 8269 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-02 08:28:22 +0100 (Tue, 02 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-16 14:49:48 +0100 (Tue, 16 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-16248\");\n script_cve_id(\"CVE-2009-0033\", \"CVE-2009-0580\", \"CVE-2010-2227\");\n script_name(\"Fedora Update for tomcat6 FEDORA-2010-16248\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tomcat6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.26~3.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-12-15T11:57:50", "description": "Check for the Version of tomcat6", "cvss3": {}, "published": "2010-11-16T00:00:00", "type": "openvas", "title": "Fedora Update for tomcat6 FEDORA-2010-16248", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0033", "CVE-2009-0580", "CVE-2010-2227"], "modified": "2017-12-15T00:00:00", "id": "OPENVAS:862500", "href": "http://plugins.openvas.org/nasl.php?oid=862500", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tomcat6 FEDORA-2010-16248\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Tomcat is the servlet container that is used in the official Reference\n Implementation for the Java Servlet and JavaServer Pages technologies.\n The Java Servlet and JavaServer Pages specifications are developed by\n Sun under the Java Community Process.\n\n Tomcat is developed in an open and participatory environment and\n released under the Apache Software License version 2.0. Tomcat is intended\n to be a collaboration of the best-of-breed developers from around the world.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"tomcat6 on Fedora 12\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050207.html\");\n script_id(862500);\n script_version(\"$Revision: 8130 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-15 07:31:09 +0100 (Fri, 15 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-16 14:49:48 +0100 (Tue, 16 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-16248\");\n script_cve_id(\"CVE-2009-0033\", \"CVE-2009-0580\", \"CVE-2010-2227\");\n script_name(\"Fedora Update for tomcat6 FEDORA-2010-16248\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tomcat6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.26~3.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:54:41", "description": "Check for the Version of tomcat5", "cvss3": {}, "published": "2010-09-14T00:00:00", "type": "openvas", "title": "Mandriva Update for tomcat5 MDVSA-2010:176 (tomcat5)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0033", "CVE-2007-5333", "CVE-2009-2693", "CVE-2009-0580", "CVE-2008-5515", "CVE-2010-1157", "CVE-2009-2901", "CVE-2010-2227", "CVE-2009-0783", "CVE-2007-3385", "CVE-2009-2902"], "modified": "2017-12-26T00:00:00", "id": "OPENVAS:1361412562310831148", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831148", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for tomcat5 MDVSA-2010:176 (tomcat5)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been found and corrected in tomcat5:\n\n Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0\n through 4.1.36 does not properly handle (1) double quote (") characters\n or (2) \\%5C (encoded backslash) sequences in a cookie value, which\n might cause sensitive information such as session IDs to be leaked\n to remote attackers and enable session hijacking attacks. NOTE:\n this issue exists because of an incomplete fix for CVE-2007-3385\n (CVE-2007-5333).\n \n Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through\n 6.0.18, and possibly earlier versions normalizes the target pathname\n before filtering the query string when using the RequestDispatcher\n method, which allows remote attackers to bypass intended access\n restrictions and conduct directory traversal attacks via .. (dot dot)\n sequences and the WEB-INF directory in a Request (CVE-2008-5515).\n \n Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0\n through 6.0.18, when the Java AJP connector and mod_jk load balancing\n are used, allows remote attackers to cause a denial of service\n (application outage) via a crafted request with invalid headers,\n related to temporary blocking of connectors that have encountered\n errors, as demonstrated by an error involving a malformed HTTP Host\n header (CVE-2009-0033).\n \n Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and\n 6.0.0 through 6.0.18, when FORM authentication is used, allows\n remote attackers to enumerate valid usernames via requests to\n /j_security_check with malformed URL encoding of passwords, related to\n improper error checking in the (1) MemoryRealm, (2) DataSourceRealm,\n and (3) JDBCRealm authentication realms, as demonstrated by a \\%\n (percent) value for the j_password parameter (CVE-2009-0580).\n \n Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0\n through 6.0.18 permits web applications to replace an XML parser used\n for other web applications, which allows local users to read or modify\n the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web\n applications via a crafted application that is loaded earlier than\n the target application (CVE-2009-0783).\n \n Directory traversal vulnerability in Apache Tomcat 5.5.0 through\n 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or\n overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file,\n as demonstrated by a ../../bin/catalina.bat entry (CVE-2009-2693).\n \n The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 a ... \n\n Description truncated, for more information please check the Reference URL\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"tomcat5 on Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-09/msg00010.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831148\");\n script_version(\"$Revision: 8246 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-26 08:29:20 +0100 (Tue, 26 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-09-14 15:35:55 +0200 (Tue, 14 Sep 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_xref(name: \"MDVSA\", value: \"2010:176\");\n script_cve_id(\"CVE-2007-3385\", \"CVE-2007-5333\", \"CVE-2008-5515\", \"CVE-2009-0033\", \"CVE-2009-0580\", \"CVE-2009-0783\", \"CVE-2009-2693\", \"CVE-2009-2901\", \"CVE-2009-2902\", \"CVE-2010-1157\", \"CVE-2010-2227\");\n script_name(\"Mandriva Update for tomcat5 MDVSA-2010:176 (tomcat5)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tomcat5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.23~9.2.10.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.23~9.2.10.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.23~9.2.10.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.23~9.2.10.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.23~9.2.10.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.23~9.2.10.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.23~9.2.10.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.23~9.2.10.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.23~9.2.10.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.23~9.2.10.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.23~9.2.10.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-12-14T11:48:51", "description": "Check for the Version of tomcat5", "cvss3": {}, "published": "2010-09-14T00:00:00", "type": "openvas", "title": "Mandriva Update for tomcat5 MDVSA-2010:176 (tomcat5)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0033", "CVE-2007-5333", "CVE-2009-2693", "CVE-2009-0580", "CVE-2008-5515", "CVE-2010-1157", "CVE-2009-2901", "CVE-2010-2227", "CVE-2009-0783", "CVE-2007-3385", "CVE-2009-2902"], "modified": "2017-12-13T00:00:00", "id": "OPENVAS:831148", "href": "http://plugins.openvas.org/nasl.php?oid=831148", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for tomcat5 MDVSA-2010:176 (tomcat5)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been found and corrected in tomcat5:\n\n Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0\n through 4.1.36 does not properly handle (1) double quote (") characters\n or (2) \\%5C (encoded backslash) sequences in a cookie value, which\n might cause sensitive information such as session IDs to be leaked\n to remote attackers and enable session hijacking attacks. NOTE:\n this issue exists because of an incomplete fix for CVE-2007-3385\n (CVE-2007-5333).\n \n Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through\n 6.0.18, and possibly earlier versions normalizes the target pathname\n before filtering the query string when using the RequestDispatcher\n method, which allows remote attackers to bypass intended access\n restrictions and conduct directory traversal attacks via .. (dot dot)\n sequences and the WEB-INF directory in a Request (CVE-2008-5515).\n \n Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0\n through 6.0.18, when the Java AJP connector and mod_jk load balancing\n are used, allows remote attackers to cause a denial of service\n (application outage) via a crafted request with invalid headers,\n related to temporary blocking of connectors that have encountered\n errors, as demonstrated by an error involving a malformed HTTP Host\n header (CVE-2009-0033).\n \n Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and\n 6.0.0 through 6.0.18, when FORM authentication is used, allows\n remote attackers to enumerate valid usernames via requests to\n /j_security_check with malformed URL encoding of passwords, related to\n improper error checking in the (1) MemoryRealm, (2) DataSourceRealm,\n and (3) JDBCRealm authentication realms, as demonstrated by a \\%\n (percent) value for the j_password parameter (CVE-2009-0580).\n \n Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0\n through 6.0.18 permits web applications to replace an XML parser used\n for other web applications, which allows local users to read or modify\n the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web\n applications via a crafted application that is loaded earlier than\n the target application (CVE-2009-0783).\n \n Directory traversal vulnerability in Apache Tomcat 5.5.0 through\n 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or\n overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file,\n as demonstrated by a ../../bin/catalina.bat entry (CVE-2009-2693).\n \n The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 a ... \n\n Description truncated, for more information please check the Reference URL\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"tomcat5 on Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-09/msg00010.php\");\n script_id(831148);\n script_version(\"$Revision: 8092 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-13 07:31:16 +0100 (Wed, 13 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-09-14 15:35:55 +0200 (Tue, 14 Sep 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_xref(name: \"MDVSA\", value: \"2010:176\");\n script_cve_id(\"CVE-2007-3385\", \"CVE-2007-5333\", \"CVE-2008-5515\", \"CVE-2009-0033\", \"CVE-2009-0580\", \"CVE-2009-0783\", \"CVE-2009-2693\", \"CVE-2009-2901\", \"CVE-2009-2902\", \"CVE-2010-1157\", \"CVE-2010-2227\");\n script_name(\"Mandriva Update for tomcat5 MDVSA-2010:176 (tomcat5)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tomcat5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.23~9.2.10.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.23~9.2.10.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.23~9.2.10.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.23~9.2.10.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.23~9.2.10.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.23~9.2.10.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.23~9.2.10.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.23~9.2.10.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.23~9.2.10.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.23~9.2.10.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.23~9.2.10.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2020-03-14T18:58:49", "description": "Oracle Linux Local Security Checks ELSA-2010-0580", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2010-0580", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2693", "CVE-2010-2227", "CVE-2009-2696", "CVE-2009-2902"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310122335", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122335", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122335\");\n script_version(\"2020-03-13T10:06:41+0000\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:17:01 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 10:06:41 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Oracle Linux Local Check: ELSA-2010-0580\");\n script_tag(name:\"insight\", value:\"ELSA-2010-0580 - tomcat5 security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2010-0580\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2010-0580.html\");\n script_cve_id(\"CVE-2009-2693\", \"CVE-2009-2696\", \"CVE-2009-2902\", \"CVE-2010-2227\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.23~0jpp.9.el5_5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.23~0jpp.9.el5_5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.23~0jpp.9.el5_5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.23~0jpp.9.el5_5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.23~0jpp.9.el5_5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.23~0jpp.9.el5_5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.23~0jpp.9.el5_5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.23~0jpp.9.el5_5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.23~0jpp.9.el5_5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.23~0jpp.9.el5_5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.23~0jpp.9.el5_5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2019-05-29T18:40:02", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for tomcat5 CESA-2010:0580 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2693", "CVE-2009-0781", "CVE-2010-2227", "CVE-2009-2696", "CVE-2009-2902"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310880632", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880632", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for tomcat5 CESA-2010:0580 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2010-August/016859.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880632\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_xref(name:\"CESA\", value:\"2010:0580\");\n script_cve_id(\"CVE-2009-2693\", \"CVE-2009-2696\", \"CVE-2009-2902\", \"CVE-2010-2227\", \"CVE-2009-0781\");\n script_name(\"CentOS Update for tomcat5 CESA-2010:0580 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat5'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"tomcat5 on CentOS 5\");\n script_tag(name:\"insight\", value:\"Apache Tomcat is a servlet container for the Java Servlet and JavaServer\n Pages (JSP) technologies.\n\n A flaw was found in the way Tomcat handled the Transfer-Encoding header in\n HTTP requests. A specially-crafted HTTP request could prevent Tomcat from\n sending replies, or cause Tomcat to return truncated replies, or replies\n containing data related to the requests of other users, for all subsequent\n HTTP requests. (CVE-2010-2227)\n\n The Tomcat security update RHSA-2009:1164 did not, unlike the erratum text\n stated, provide a fix for CVE-2009-0781, a cross-site scripting (XSS) flaw\n in the examples calendar application. With some web browsers, remote\n attackers could use this flaw to inject arbitrary web script or HTML via\n the 'time' parameter. (CVE-2009-2696)\n\n Two directory traversal flaws were found in the Tomcat deployment process.\n A specially-crafted WAR file could, when deployed, cause a file to be\n created outside of the web root into any directory writable by the Tomcat\n user, or could lead to the deletion of files in the Tomcat host's work\n directory. (CVE-2009-2693, CVE-2009-2902)\n\n Users of Tomcat should upgrade to these updated packages, which contain\n backported patches to resolve these issues. Tomcat must be restarted for\n this update to take effect.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.23~0jpp.9.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.23~0jpp.9.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.23~0jpp.9.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.23~0jpp.9.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.23~0jpp.9.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.23~0jpp.9.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.23~0jpp.9.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.23~0jpp.9.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.23~0jpp.9.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.23~0jpp.9.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.23~0jpp.9.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2018-01-02T10:54:35", "description": "Check for the Version of tomcat5", "cvss3": {}, "published": "2010-08-06T00:00:00", "type": "openvas", "title": "RedHat Update for tomcat5 RHSA-2010:0580-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2693", "CVE-2009-0781", "CVE-2010-2227", "CVE-2009-2696", "CVE-2009-2902"], "modified": "2017-12-21T00:00:00", "id": "OPENVAS:1361412562310870302", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870302", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for tomcat5 RHSA-2010:0580-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Apache Tomcat is a servlet container for the Java Servlet and JavaServer\n Pages (JSP) technologies.\n\n A flaw was found in the way Tomcat handled the Transfer-Encoding header in\n HTTP requests. A specially-crafted HTTP request could prevent Tomcat from\n sending replies, or cause Tomcat to return truncated replies, or replies\n containing data related to the requests of other users, for all subsequent\n HTTP requests. (CVE-2010-2227)\n\n The Tomcat security update RHSA-2009:1164 did not, unlike the erratum text\n stated, provide a fix for CVE-2009-0781, a cross-site scripting (XSS) flaw\n in the examples calendar application. With some web browsers, remote\n attackers could use this flaw to inject arbitrary web script or HTML via\n the "time" parameter. (CVE-2009-2696)\n\n Two directory traversal flaws were found in the Tomcat deployment process.\n A specially-crafted WAR file could, when deployed, cause a file to be\n created outside of the web root into any directory writable by the Tomcat\n user, or could lead to the deletion of files in the Tomcat host's work\n directory. (CVE-2009-2693, CVE-2009-2902)\n\n Users of Tomcat should upgrade to these updated packages, which contain\n backported patches to resolve these issues. Tomcat must be restarted for\n this update to take effect.\";\n\ntag_affected = \"tomcat5 on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2010-August/msg00000.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870302\");\n script_version(\"$Revision: 8207 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-21 08:30:12 +0100 (Thu, 21 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-06 10:34:50 +0200 (Fri, 06 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_xref(name: \"RHSA\", value: \"2010:0580-01\");\n script_cve_id(\"CVE-2009-2693\", \"CVE-2009-2696\", \"CVE-2009-2902\", \"CVE-2010-2227\", \"CVE-2009-0781\");\n script_name(\"RedHat Update for tomcat5 RHSA-2010:0580-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tomcat5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.23~0jpp.9.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.23~0jpp.9.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.23~0jpp.9.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-debuginfo\", rpm:\"tomcat5-debuginfo~5.5.23~0jpp.9.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.23~0jpp.9.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.23~0jpp.9.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.23~0jpp.9.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.23~0jpp.9.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.23~0jpp.9.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.23~0jpp.9.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.23~0jpp.9.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.23~0jpp.9.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-12-14T11:48:47", "description": "Check for the Version of tomcat5", "cvss3": {}, "published": "2010-08-06T00:00:00", "type": "openvas", "title": "RedHat Update for tomcat5 RHSA-2010:0580-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2693", "CVE-2009-0781", "CVE-2010-2227", "CVE-2009-2696", "CVE-2009-2902"], "modified": "2017-12-13T00:00:00", "id": "OPENVAS:870302", "href": "http://plugins.openvas.org/nasl.php?oid=870302", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for tomcat5 RHSA-2010:0580-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Apache Tomcat is a servlet container for the Java Servlet and JavaServer\n Pages (JSP) technologies.\n\n A flaw was found in the way Tomcat handled the Transfer-Encoding header in\n HTTP requests. A specially-crafted HTTP request could prevent Tomcat from\n sending replies, or cause Tomcat to return truncated replies, or replies\n containing data related to the requests of other users, for all subsequent\n HTTP requests. (CVE-2010-2227)\n\n The Tomcat security update RHSA-2009:1164 did not, unlike the erratum text\n stated, provide a fix for CVE-2009-0781, a cross-site scripting (XSS) flaw\n in the examples calendar application. With some web browsers, remote\n attackers could use this flaw to inject arbitrary web script or HTML via\n the "time" parameter. (CVE-2009-2696)\n\n Two directory traversal flaws were found in the Tomcat deployment process.\n A specially-crafted WAR file could, when deployed, cause a file to be\n created outside of the web root into any directory writable by the Tomcat\n user, or could lead to the deletion of files in the Tomcat host's work\n directory. (CVE-2009-2693, CVE-2009-2902)\n\n Users of Tomcat should upgrade to these updated packages, which contain\n backported patches to resolve these issues. Tomcat must be restarted for\n this update to take effect.\";\n\ntag_affected = \"tomcat5 on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2010-August/msg00000.html\");\n script_id(870302);\n script_version(\"$Revision: 8092 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-13 07:31:16 +0100 (Wed, 13 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-06 10:34:50 +0200 (Fri, 06 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_xref(name: \"RHSA\", value: \"2010:0580-01\");\n script_cve_id(\"CVE-2009-2693\", \"CVE-2009-2696\", \"CVE-2009-2902\", \"CVE-2010-2227\", \"CVE-2009-0781\");\n script_name(\"RedHat Update for tomcat5 RHSA-2010:0580-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tomcat5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.23~0jpp.9.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.23~0jpp.9.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.23~0jpp.9.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-debuginfo\", rpm:\"tomcat5-debuginfo~5.5.23~0jpp.9.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.23~0jpp.9.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.23~0jpp.9.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.23~0jpp.9.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.23~0jpp.9.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.23~0jpp.9.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.23~0jpp.9.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.23~0jpp.9.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.23~0jpp.9.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:55:30", "description": "Check for the Version of tomcat5", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for tomcat5 CESA-2010:0580 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2693", "CVE-2009-0781", "CVE-2010-2227", "CVE-2009-2696", "CVE-2009-2902"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880632", "href": "http://plugins.openvas.org/nasl.php?oid=880632", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for tomcat5 CESA-2010:0580 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Apache Tomcat is a servlet container for the Java Servlet and JavaServer\n Pages (JSP) technologies.\n\n A flaw was found in the way Tomcat handled the Transfer-Encoding header in\n HTTP requests. A specially-crafted HTTP request could prevent Tomcat from\n sending replies, or cause Tomcat to return truncated replies, or replies\n containing data related to the requests of other users, for all subsequent\n HTTP requests. (CVE-2010-2227)\n \n The Tomcat security update RHSA-2009:1164 did not, unlike the erratum text\n stated, provide a fix for CVE-2009-0781, a cross-site scripting (XSS) flaw\n in the examples calendar application. With some web browsers, remote\n attackers could use this flaw to inject arbitrary web script or HTML via\n the "time" parameter. (CVE-2009-2696)\n \n Two directory traversal flaws were found in the Tomcat deployment process.\n A specially-crafted WAR file could, when deployed, cause a file to be\n created outside of the web root into any directory writable by the Tomcat\n user, or could lead to the deletion of files in the Tomcat host's work\n directory. (CVE-2009-2693, CVE-2009-2902)\n \n Users of Tomcat should upgrade to these updated packages, which contain\n backported patches to resolve these issues. Tomcat must be restarted for\n this update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"tomcat5 on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2010-August/016859.html\");\n script_id(880632);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2010:0580\");\n script_cve_id(\"CVE-2009-2693\", \"CVE-2009-2696\", \"CVE-2009-2902\", \"CVE-2010-2227\", \"CVE-2009-0781\");\n script_name(\"CentOS Update for tomcat5 CESA-2010:0580 centos5 i386\");\n\n script_summary(\"Check for the Version of tomcat5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.23~0jpp.9.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.23~0jpp.9.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.23~0jpp.9.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.23~0jpp.9.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.23~0jpp.9.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.23~0jpp.9.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.23~0jpp.9.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.23~0jpp.9.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.23~0jpp.9.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.23~0jpp.9.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.23~0jpp.9.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:54", "description": "The remote host is missing updates announced in\nadvisory GLSA 201206-24.", "cvss3": {}, "published": "2012-08-10T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201206-24 (apache tomcat)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4312", "CVE-2009-0033", "CVE-2011-1088", "CVE-2010-4172", "CVE-2011-1183", "CVE-2012-0022", "CVE-2009-2693", "CVE-2009-0580", "CVE-2009-0781", "CVE-2008-5515", "CVE-2011-2204", "CVE-2011-1419", "CVE-2011-2526", "CVE-2011-2729", "CVE-2011-1582", "CVE-2010-1157", "CVE-2011-0013", "CVE-2011-4858", "CVE-2011-0534", "CVE-2011-5063", "CVE-2009-2901", "CVE-2011-5062", "CVE-2011-1184", "CVE-2010-2227", "CVE-2009-0783", "CVE-2010-3718", "CVE-2011-3375", "CVE-2011-5064", "CVE-2011-1475", "CVE-2009-2902", "CVE-2011-3190", "CVE-2011-2481"], "modified": "2018-10-12T00:00:00", "id": "OPENVAS:136141256231071550", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071550", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa_201206_24.nasl 11859 2018-10-12 08:53:01Z cfischer $\n#\n# Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71550\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2008-5515\", \"CVE-2009-0033\", \"CVE-2009-0580\", \"CVE-2009-0781\", \"CVE-2009-0783\", \"CVE-2009-2693\", \"CVE-2009-2901\", \"CVE-2009-2902\", \"CVE-2010-1157\", \"CVE-2010-2227\", \"CVE-2010-3718\", \"CVE-2010-4172\", \"CVE-2010-4312\", \"CVE-2011-0013\", \"CVE-2011-0534\", \"CVE-2011-1088\", \"CVE-2011-1183\", \"CVE-2011-1184\", \"CVE-2011-1419\", \"CVE-2011-1475\", \"CVE-2011-1582\", \"CVE-2011-2204\", \"CVE-2011-2481\", \"CVE-2011-2526\", \"CVE-2011-2729\", \"CVE-2011-3190\", \"CVE-2011-3375\", \"CVE-2011-4858\", \"CVE-2011-5062\", \"CVE-2011-5063\", \"CVE-2011-5064\", \"CVE-2012-0022\");\n script_version(\"$Revision: 11859 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 10:53:01 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-10 03:22:53 -0400 (Fri, 10 Aug 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201206-24 (apache tomcat)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities were found in Apache Tomcat, the worst of\nwhich allowing to read, modify and overwrite arbitrary files.\");\n script_tag(name:\"solution\", value:\"All Apache Tomcat 6.0.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/tomcat-6.0.35'\n\n\nAll Apache Tomcat 7.0.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/tomcat-7.0.23'\");\n\n script_xref(name:\"URL\", value:\"http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201206-24\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=272566\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=273662\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=303719\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=320963\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=329937\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=373987\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=374619\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=382043\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=386213\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=396401\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=399227\");\n script_tag(name:\"summary\", value:\"The remote host is missing updates announced in\nadvisory GLSA 201206-24.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-gentoo.inc\");\ninclude(\"revisions-lib.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"www-servers/tomcat\", unaffected: make_list(\"rge 6.0.35\", \"ge 7.0.23\"), vulnerable: make_list(\"rlt 5.5.34\", \"rlt 6.0.35\", \"lt 7.0.23\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:50:53", "description": "The remote host is missing updates announced in\nadvisory GLSA 201206-24.", "cvss3": {}, "published": "2012-08-10T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201206-24 (apache tomcat)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4312", "CVE-2009-0033", "CVE-2011-1088", "CVE-2010-4172", "CVE-2011-1183", "CVE-2012-0022", "CVE-2009-2693", "CVE-2009-0580", "CVE-2009-0781", "CVE-2008-5515", "CVE-2011-2204", "CVE-2011-1419", "CVE-2011-2526", "CVE-2011-2729", "CVE-2011-1582", "CVE-2010-1157", "CVE-2011-0013", "CVE-2011-4858", "CVE-2011-0534", "CVE-2011-5063", "CVE-2009-2901", "CVE-2011-5062", "CVE-2011-1184", "CVE-2010-2227", "CVE-2009-0783", "CVE-2010-3718", "CVE-2011-3375", "CVE-2011-5064", "CVE-2011-1475", "CVE-2009-2902", "CVE-2011-3190", "CVE-2011-2481"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:71550", "href": "http://plugins.openvas.org/nasl.php?oid=71550", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities were found in Apache Tomcat, the worst of\nwhich allowing to read, modify and overwrite arbitrary files.\";\ntag_solution = \"All Apache Tomcat 6.0.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/tomcat-6.0.35'\n \n\nAll Apache Tomcat 7.0.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/tomcat-7.0.23'\n \n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20201206-24\nhttp://bugs.gentoo.org/show_bug.cgi?id=272566\nhttp://bugs.gentoo.org/show_bug.cgi?id=273662\nhttp://bugs.gentoo.org/show_bug.cgi?id=303719\nhttp://bugs.gentoo.org/show_bug.cgi?id=320963\nhttp://bugs.gentoo.org/show_bug.cgi?id=329937\nhttp://bugs.gentoo.org/show_bug.cgi?id=373987\nhttp://bugs.gentoo.org/show_bug.cgi?id=374619\nhttp://bugs.gentoo.org/show_bug.cgi?id=382043\nhttp://bugs.gentoo.org/show_bug.cgi?id=386213\nhttp://bugs.gentoo.org/show_bug.cgi?id=396401\nhttp://bugs.gentoo.org/show_bug.cgi?id=399227\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 201206-24.\";\n\n \n \nif(description)\n{\n script_id(71550);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2008-5515\", \"CVE-2009-0033\", \"CVE-2009-0580\", \"CVE-2009-0781\", \"CVE-2009-0783\", \"CVE-2009-2693\", \"CVE-2009-2901\", \"CVE-2009-2902\", \"CVE-2010-1157\", \"CVE-2010-2227\", \"CVE-2010-3718\", \"CVE-2010-4172\", \"CVE-2010-4312\", \"CVE-2011-0013\", \"CVE-2011-0534\", \"CVE-2011-1088\", \"CVE-2011-1183\", \"CVE-2011-1184\", \"CVE-2011-1419\", \"CVE-2011-1475\", \"CVE-2011-1582\", \"CVE-2011-2204\", \"CVE-2011-2481\", \"CVE-2011-2526\", \"CVE-2011-2729\", \"CVE-2011-3190\", \"CVE-2011-3375\", \"CVE-2011-4858\", \"CVE-2011-5062\", \"CVE-2011-5063\", \"CVE-2011-5064\", \"CVE-2012-0022\");\n script_version(\"$Revision: 6589 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 10:27:50 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-10 03:22:53 -0400 (Fri, 10 Aug 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201206-24 (apache tomcat)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"www-servers/tomcat\", unaffected: make_list(\"rge 6.0.35\", \"ge 7.0.23\"), vulnerable: make_list(\"rlt 5.5.34\", \"rlt 6.0.35\", \"lt 7.0.23\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-04-27T19:22:38", "description": "This host is missing an important security update according to\n Mac OS X 10.6.8 Update/Mac OS X Security Update 2011-006.", "cvss3": {}, "published": "2011-10-20T00:00:00", "type": "openvas", "title": "Mac OS X v10.6.8 Multiple Vulnerabilities (2011-006)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0187", "CVE-2011-0421", "CVE-2011-1467", "CVE-2011-1153", "CVE-2011-1471", "CVE-2011-3221", "CVE-2011-3227", "CVE-2011-0259", "CVE-2011-3216", "CVE-2011-3246", "CVE-2011-1466", "CVE-2011-3435", "CVE-2011-3222", "CVE-2011-0229", "CVE-2011-1521", "CVE-2010-4172", "CVE-2011-0419", "CVE-2011-1092", "CVE-2011-0252", "CVE-2011-3223", "CVE-2011-0185", "CVE-2011-1755", "CVE-2011-3220", "CVE-2011-0224", "CVE-2011-2464", "CVE-2010-4645", "CVE-2011-3214", "CVE-2010-3436", "CVE-2010-1157", "CVE-2011-0013", "CVE-2011-0708", "CVE-2011-3228", "CVE-2011-0249", "CVE-2011-0231", "CVE-2011-0534", "CVE-2011-3437", "CVE-2011-2691", "CVE-2011-1468", "CVE-2011-0420", "CVE-2010-2089", "CVE-2011-3224", "CVE-2011-0226", "CVE-2011-1470", "CVE-2011-3192", "CVE-2011-3219", "CVE-2011-3436", "CVE-2011-3225", "CVE-2011-3215", "CVE-2011-0260", "CVE-2011-2692", "CVE-2010-2227", "CVE-2011-1469", "CVE-2011-3218", "CVE-2010-3614", "CVE-2011-3213", "CVE-2010-3718", "CVE-2011-0250", "CVE-2011-3217", "CVE-2010-3613", "CVE-2010-1634", "CVE-2010-0097", "CVE-2011-0251", "CVE-2011-0707", "CVE-2011-0230", "CVE-2011-3226", "CVE-2011-2690", "CVE-2011-0411", "CVE-2011-3212", "CVE-2009-4022", "CVE-2011-1910"], "modified": "2020-04-23T00:00:00", "id": "OPENVAS:1361412562310802336", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802336", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mac OS X v10.6.8 Multiple Vulnerabilities (2011-006)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802336\");\n script_version(\"2020-04-23T08:43:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-23 08:43:39 +0000 (Thu, 23 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2011-10-20 08:43:23 +0200 (Thu, 20 Oct 2011)\");\n script_cve_id(\"CVE-2011-0419\", \"CVE-2011-3192\", \"CVE-2011-0185\", \"CVE-2011-3437\",\n \"CVE-2011-0229\", \"CVE-2011-0230\", \"CVE-2011-1910\", \"CVE-2011-2464\",\n \"CVE-2009-4022\", \"CVE-2010-0097\", \"CVE-2010-3613\", \"CVE-2010-3614\",\n \"CVE-2011-0231\", \"CVE-2011-3246\", \"CVE-2011-0259\", \"CVE-2011-0187\",\n \"CVE-2011-0224\", \"CVE-2011-0260\", \"CVE-2011-3212\", \"CVE-2011-3213\",\n \"CVE-2011-3214\", \"CVE-2011-1755\", \"CVE-2011-3215\", \"CVE-2011-3216\",\n \"CVE-2011-3227\", \"CVE-2011-0707\", \"CVE-2011-3217\", \"CVE-2011-3435\",\n \"CVE-2010-3436\", \"CVE-2010-4645\", \"CVE-2011-0420\", \"CVE-2011-0421\",\n \"CVE-2011-0708\", \"CVE-2011-1092\", \"CVE-2011-1153\", \"CVE-2011-1466\",\n \"CVE-2011-1467\", \"CVE-2011-1468\", \"CVE-2011-1469\", \"CVE-2011-1470\",\n \"CVE-2011-1471\", \"CVE-2011-0411\", \"CVE-2010-1634\", \"CVE-2010-2089\",\n \"CVE-2011-1521\", \"CVE-2011-3228\", \"CVE-2011-0249\", \"CVE-2011-0250\",\n \"CVE-2011-0251\", \"CVE-2011-0252\", \"CVE-2011-3218\", \"CVE-2011-3219\",\n \"CVE-2011-3220\", \"CVE-2011-3221\", \"CVE-2011-3222\", \"CVE-2011-3223\",\n \"CVE-2011-3225\", \"CVE-2010-1157\", \"CVE-2010-2227\", \"CVE-2010-3718\",\n \"CVE-2010-4172\", \"CVE-2011-0013\", \"CVE-2011-0534\", \"CVE-2011-3224\",\n \"CVE-2011-2690\", \"CVE-2011-2691\", \"CVE-2011-2692\", \"CVE-2011-3436\",\n \"CVE-2011-3226\", \"CVE-2011-0226\");\n script_bugtraq_id(47820, 49303, 50092, 50112, 50091, 50099, 48007, 48566, 37118,\n 37865, 45133, 45137, 50098, 50115, 50067, 46992, 50095, 50120,\n 50109, 50116, 50111, 48250, 50113, 50121, 50129, 46464, 50117,\n 50114, 50146, 50153, 48619, 48660, 48618, 44723, 45668, 46429,\n 46354, 46365, 46786, 46854, 46967, 46968, 46977, 46970, 46969,\n 46975, 46767, 40370, 40863, 47024, 50127, 48993, 49038, 50122,\n 50068, 50130, 50131, 50100, 50101, 50144, 39635, 41544, 46177,\n 45015, 46174, 46164, 50150);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Mac OS X v10.6.8 Multiple Vulnerabilities (2011-006)\");\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT1222\");\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT5000\");\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT5002\");\n script_xref(name:\"URL\", value:\"http://lists.apple.com/archives/security-announce//2011//Oct//msg00003.html\");\n\n script_copyright(\"Copyright (C) 2011 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.6\\.8\");\n script_tag(name:\"impact\", value:\"Successful exploitation could allow attackers to execute arbitrary code in\n the context of the browser, inject scripts, bypass certain security\n restrictions or cause a denial of service condition.\");\n script_tag(name:\"affected\", value:\"Apache, Application Firewall, ATS, BIND, Certificate Trust Policy, CFNetwork,\n CoreFoundation, CoreMedia, CoreProcesses, CoreStorage, File Systems,\n iChat Server, IOGraphics, Kernel, libsecurity, Mailman, MediaKit,\n Open Directory, PHP, postfix, python, QuickTime, SMB File Server, Tomcat,\n User Documentation, Web Server and X11.\");\n script_tag(name:\"insight\", value:\"Please see the references for more information on the vulnerabilities.\");\n script_tag(name:\"solution\", value:\"Run Mac Updates and update the Security Update 2011-006\");\n script_tag(name:\"summary\", value:\"This host is missing an important security update according to\n Mac OS X 10.6.8 Update/Mac OS X Security Update 2011-006.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"pkg-lib-macosx.inc\");\n\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName)\n exit(0);\n\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer)\n exit(0);\n\nif(\"Mac OS X\" >< osName)\n{\n if(version_is_equal(version:osVer, test_version:\"10.6.8\"))\n {\n if(isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2011.006\"))\n {\n report = report_fixed_ver(installed_version:osVer, vulnerable_range:\"Equal to 10.6.8\");\n security_message(port:0, data:report);\n exit(0);\n }\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-09-04T14:19:54", "description": "This host is missing an important security update according to\n Mac OS X 10.6.8 Update/Mac OS X Security Update 2011-006.", "cvss3": {}, "published": "2011-10-20T00:00:00", "type": "openvas", "title": "Mac OS X v10.6.8 Multiple Vulnerabilities (2011-006)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0187", "CVE-2011-0421", "CVE-2011-1467", "CVE-2011-1153", "CVE-2011-1471", "CVE-2011-3221", "CVE-2011-3227", "CVE-2011-0259", "CVE-2011-3216", "CVE-2011-3246", "CVE-2011-1466", "CVE-2011-3435", "CVE-2011-3222", "CVE-2011-0229", "CVE-2011-1521", "CVE-2010-4172", "CVE-2011-0419", "CVE-2011-1092", "CVE-2011-0252", "CVE-2011-3223", "CVE-2011-0185", "CVE-2011-1755", "CVE-2011-3220", "CVE-2011-0224", "CVE-2011-2464", "CVE-2010-4645", "CVE-2011-3214", "CVE-2010-3436", "CVE-2010-1157", "CVE-2011-0013", "CVE-2011-0708", "CVE-2011-3228", "CVE-2011-0249", "CVE-2011-0231", "CVE-2011-0534", "CVE-2011-3437", "CVE-2011-2691", "CVE-2011-1468", "CVE-2011-0420", "CVE-2010-2089", "CVE-2011-3224", "CVE-2011-0226", "CVE-2011-1470", "CVE-2011-3192", "CVE-2011-3219", "CVE-2011-3436", "CVE-2011-3225", "CVE-2011-3215", "CVE-2011-0260", "CVE-2011-2692", "CVE-2010-2227", "CVE-2011-1469", "CVE-2011-3218", "CVE-2010-3614", "CVE-2011-3213", "CVE-2010-3718", "CVE-2011-0250", "CVE-2011-3217", "CVE-2010-3613", "CVE-2010-1634", "CVE-2010-0097", "CVE-2011-0251", "CVE-2011-0707", "CVE-2011-0230", "CVE-2011-3226", "CVE-2011-2690", "CVE-2011-0411", "CVE-2011-3212", "CVE-2009-4022", "CVE-2011-1910"], "modified": "2017-08-31T00:00:00", "id": "OPENVAS:802336", "href": "http://plugins.openvas.org/nasl.php?oid=802336", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_macosx_su11-006.nasl 7029 2017-08-31 11:51:40Z teissa $\n#\n# Mac OS X v10.6.8 Multiple Vulnerabilities (2011-006)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation could allow attackers to execute arbitrary code in\n the context of the browser, inject scripts, bypass certain security\n restrictions or cause a denial of service condition.\n Impact Level: System/Application\";\ntag_affected = \"Apache, Application Firewall, ATS, BIND, Certificate Trust Policy, CFNetwork,\n CoreFoundation, CoreMedia, CoreProcesses, CoreStorage, File Systems,\n iChat Server, IOGraphics, Kernel, libsecurity, Mailman, MediaKit,\n Open Directory, PHP, postfix, python, QuickTime, SMB File Server, Tomcat,\n User Documentation, Web Server and X11.\";\ntag_insight = \"For more information on the vulnerabilities refer to the links below.\";\ntag_solution = \"Run Mac Updates and update the Security Update 2011-006\n For updates refer to http://support.apple.com/kb/HT1222\";\ntag_summary = \"This host is missing an important security update according to\n Mac OS X 10.6.8 Update/Mac OS X Security Update 2011-006.\";\n\nif(description)\n{\n script_id(802336);\n script_version(\"$Revision: 7029 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-08-31 13:51:40 +0200 (Thu, 31 Aug 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-20 08:43:23 +0200 (Thu, 20 Oct 2011)\");\n script_cve_id(\"CVE-2011-0419\", \"CVE-2011-3192\", \"CVE-2011-0185\", \"CVE-2011-3437\",\n \"CVE-2011-0229\", \"CVE-2011-0230\", \"CVE-2011-1910\", \"CVE-2011-2464\",\n \"CVE-2009-4022\", \"CVE-2010-0097\", \"CVE-2010-3613\", \"CVE-2010-3614\",\n \"CVE-2011-0231\", \"CVE-2011-3246\", \"CVE-2011-0259\", \"CVE-2011-0187\",\n \"CVE-2011-0224\", \"CVE-2011-0260\", \"CVE-2011-3212\", \"CVE-2011-3213\",\n \"CVE-2011-3214\", \"CVE-2011-1755\", \"CVE-2011-3215\", \"CVE-2011-3216\",\n \"CVE-2011-3227\", \"CVE-2011-0707\", \"CVE-2011-3217\", \"CVE-2011-3435\",\n \"CVE-2010-3436\", \"CVE-2010-4645\", \"CVE-2011-0420\", \"CVE-2011-0421\",\n \"CVE-2011-0708\", \"CVE-2011-1092\", \"CVE-2011-1153\", \"CVE-2011-1466\",\n \"CVE-2011-1467\", \"CVE-2011-1468\", \"CVE-2011-1469\", \"CVE-2011-1470\",\n \"CVE-2011-1471\", \"CVE-2011-0411\", \"CVE-2010-1634\", \"CVE-2010-2089\",\n \"CVE-2011-1521\", \"CVE-2011-3228\", \"CVE-2011-0249\", \"CVE-2011-0250\",\n \"CVE-2011-0251\", \"CVE-2011-0252\", \"CVE-2011-3218\", \"CVE-2011-3219\",\n \"CVE-2011-3220\", \"CVE-2011-3221\", \"CVE-2011-3222\", \"CVE-2011-3223\",\n \"CVE-2011-3225\", \"CVE-2010-1157\", \"CVE-2010-2227\", \"CVE-2010-3718\",\n \"CVE-2010-4172\", \"CVE-2011-0013\", \"CVE-2011-0534\", \"CVE-2011-3224\",\n \"CVE-2011-2690\", \"CVE-2011-2691\", \"CVE-2011-2692\", \"CVE-2011-3436\",\n \"CVE-2011-3226\", \"CVE-2011-0226\");\n script_bugtraq_id(47820, 49303, 50092, 50112, 50091, 50099, 48007, 48566, 37118,\n 37865, 45133, 45137, 50098, 50115, 50067, 46992, 50095, 50120,\n 50109, 50116, 50111, 48250, 50113, 50121, 50129, 46464, 50117,\n 50114, 50146, 50153, 48619, 48660, 48618, 44723, 45668, 46429,\n 46354, 46365, 46786, 46854, 46967, 46968, 46977, 46970, 46969,\n 46975, 46767, 40370, 40863, 47024, 50127, 48993, 49038, 50122,\n 50068, 50130, 50131, 50100, 50101, 50144, 39635, 41544, 46177,\n 45015, 46174, 46164, 50150);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Mac OS X v10.6.8 Multiple Vulnerabilities (2011-006)\");\n script_xref(name : \"URL\" , value : \"http://support.apple.com/kb/HT1222\");\n script_xref(name : \"URL\" , value : \"http://support.apple.com/kb/HT5000\");\n script_xref(name : \"URL\" , value : \"http://support.apple.com/kb/HT5002\");\n script_xref(name : \"URL\" , value : \"http://lists.apple.com/archives/security-announce//2011//Oct//msg00003.html\");\n\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\ninclude(\"pkg-lib-macosx.inc\");\n\n## Get the OS name\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName){\n exit (0);\n}\n\n## Get the OS Version\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer){\n exit(0);\n}\n\n## Check for the Mac OS X and Mac OS X Server\nif(\"Mac OS X\" >< osName)\n{\n ## Check the affected OS versions\n if(version_is_equal(version:osVer, test_version:\"10.6.8\"))\n {\n ## Check for the security update 2011.006\n if(isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2011.006\"))\n {\n security_message(0);\n exit(0);\n }\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-30T10:48:18", "description": "The remote ESXi is missing one or more security related Updates from VMSA-2011-0003.2.\n\nSummary\n\nUpdate 1 for vCenter Server 4.x, vCenter Update Manager 4.x, vSphere Hypervisor (ESXi) 4.1, ESXi 4.1,\naddresses several security issues.\n\nRelevant releases\n\nvCenter Server 4.1 without Update 1,\nvCenter Server 4.0 without Update 3,\nvCenter Update Manager 4.1 without Update 1,\nvCenter Update Manager 4.0 without Update 3,\nESXi 4.1 without patch ESXi410-201101201-SG,\nESXi 4.0 without patch ESXi400-201103401-SG.\nESX 4.1 without patch ESX410-201101201-SG.\nESX 4.0 without patches ESX400-201103401-SG, ESX400-201103403-SG.\n \nProblem Description\n\na. vCenter Server and vCenter Update Manager update Microsoft SQL Server 2005 Express Edition to Service Pack 3\n\n Microsoft SQL Server 2005 Express Edition (SQL Express) distributed with vCenter Server 4.1 Update 1 and vCenter\n Update Manager 4.1 Update 1 is upgraded from SQL Express Service Pack 2 to SQL Express Service Pack 3, to address\n multiple security issues that exist in the earlier releases of Microsoft SQL Express. Customers using other database\n solutions need not update for these issues.\n\nb. vCenter Apache Tomcat Management Application Credential Disclosure\n\n The Apache Tomcat Manager application configuration file contains logon credentials that can be read by unprivileged local\n users. The issue is resolved by removing the Manager application in vCenter 4.1 Update 1. If vCenter 4.1 is updated to vCenter\n 4.1 Update 1 the logon credentials are not present in the configuration file after the update.\n\nc. vCenter Server and ESX, Oracle (Sun) JRE is updated to version 1.6.0_21\n\n Oracle (Sun) JRE update to version 1.6.0_21, which addresses multiple security issues that existed in earlier releases of \n Oracle (Sun) JRE.\n\nd. vCenter Update Manager Oracle (Sun) JRE is updated to version 1.5.0_26\n\n Oracle (Sun) JRE update to version 1.5.0_26, which addresses multiple security issues that existed in earlier releases of \n Oracle (Sun) JRE.\n\ne. vCenter Server and ESX Apache Tomcat updated to version 6.0.28\n\n Apache Tomcat updated to version 6.0.28, which addresses multiple security issues that existed in earlier releases of Apache\n Tomcat\n\nf. vCenter Server third party component OpenSSL updated to version 0.9.8n\n\n The version of the OpenSSL library in vCenter Server is updated to 0.9.8n.\n\ng. ESX third party component OpenSSL updated to version 0.9.8p\n\n The version of the ESX OpenSSL library is updated to 0.9.8p.\n\nh. ESXi third party component cURL updated\n\n The version of cURL library in ESXi is updated.\n\ni. ESX third party component pam_krb5 updated\n\n The version of pam_krb5 library is updated.\n\nj. ESX third party update for Service Console kernel\n\n The Service Console kernel is updated to include kernel version 2.6.18-194.11.1.", "cvss3": {}, "published": "2012-03-16T00:00:00", "type": "openvas", "title": "VMSA-2011-0003.2 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0307", "CVE-2010-3562", "CVE-2010-0740", "CVE-2010-2066", "CVE-2010-0089", "CVE-2010-0008", "CVE-2010-0886", "CVE-2010-3557", "CVE-2010-1641", "CVE-2008-0106", "CVE-2010-2248", "CVE-2010-0088", "CVE-2010-2226", "CVE-2010-0410", "CVE-2010-3551", "CVE-2010-0730", "CVE-2010-0085", "CVE-2008-3825", "CVE-2010-0007", "CVE-2008-0086", "CVE-2010-3553", "CVE-2010-3550", "CVE-2010-2521", "CVE-2010-0087", "CVE-2010-1437", "CVE-2010-3566", "CVE-2010-2939", "CVE-2010-3565", "CVE-2010-0092", "CVE-2010-1187", "CVE-2010-3572", "CVE-2009-2693", "CVE-2010-0848", "CVE-2010-0291", "CVE-2010-0082", "CVE-2010-0838", "CVE-2010-0840", "CVE-2010-0095", "CVE-2010-2070", "CVE-2010-2524", "CVE-2010-0839", "CVE-2010-0094", "CVE-2010-3574", "CVE-2010-0415", "CVE-2010-1157", "CVE-2010-1084", "CVE-2010-0847", "CVE-2010-0842", "CVE-2010-3541", "CVE-2010-0845", "CVE-2010-3571", "CVE-2009-3555", "CVE-2010-0841", "CVE-2010-0844", "CVE-2010-0846", "CVE-2010-2240", "CVE-2010-0837", "CVE-2009-2901", "CVE-2010-3559", "CVE-2010-1321", "CVE-2010-3081", "CVE-2010-3556", "CVE-2010-0734", "CVE-2010-0849", "CVE-2008-0085", "CVE-2010-3561", "CVE-2008-5416", "CVE-2010-2227", "CVE-2010-0091", "CVE-2010-0622", "CVE-2010-3549", "CVE-2010-1085", "CVE-2010-1086", "CVE-2010-0090", "CVE-2010-3554", "CVE-2010-0433", "CVE-2010-1436", "CVE-2010-2928", "CVE-2010-1173", "CVE-2010-0437", "CVE-2010-3864", "CVE-2010-0093", "CVE-2009-4308", "CVE-2008-0107", "CVE-2010-1088", "CVE-2009-1384", "CVE-2010-3567", "CVE-2010-3573", "CVE-2010-0003", "CVE-2010-1087", "CVE-2009-2902", "CVE-2010-3548", "CVE-2010-0843", "CVE-2010-3568", "CVE-2010-0084", "CVE-2010-0850", "CVE-2010-3569", "CVE-2009-3548"], "modified": "2017-10-26T00:00:00", "id": "OPENVAS:103454", "href": "http://plugins.openvas.org/nasl.php?oid=103454", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_VMSA-2011-0003.nasl 7583 2017-10-26 12:07:01Z cfischer $\n#\n# VMSA-2011-0003.2 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_solution = \"Apply the missing patch(es).\n\nSee Also:\nhttp://www.vmware.com/security/advisories/VMSA-2011-0003.html\";\n\ntag_summary = \"The remote ESXi is missing one or more security related Updates from VMSA-2011-0003.2.\n\nSummary\n\nUpdate 1 for vCenter Server 4.x, vCenter Update Manager 4.x, vSphere Hypervisor (ESXi) 4.1, ESXi 4.1,\naddresses several security issues.\n\nRelevant releases\n\nvCenter Server 4.1 without Update 1,\nvCenter Server 4.0 without Update 3,\nvCenter Update Manager 4.1 without Update 1,\nvCenter Update Manager 4.0 without Update 3,\nESXi 4.1 without patch ESXi410-201101201-SG,\nESXi 4.0 without patch ESXi400-201103401-SG.\nESX 4.1 without patch ESX410-201101201-SG.\nESX 4.0 without patches ESX400-201103401-SG, ESX400-201103403-SG.\n \nProblem Description\n\na. vCenter Server and vCenter Update Manager update Microsoft SQL Server 2005 Express Edition to Service Pack 3\n\n Microsoft SQL Server 2005 Express Edition (SQL Express) distributed with vCenter Server 4.1 Update 1 and vCenter\n Update Manager 4.1 Update 1 is upgraded from SQL Express Service Pack 2 to SQL Express Service Pack 3, to address\n multiple security issues that exist in the earlier releases of Microsoft SQL Express. Customers using other database\n solutions need not update for these issues.\n\nb. vCenter Apache Tomcat Management Application Credential Disclosure\n\n The Apache Tomcat Manager application configuration file contains logon credentials that can be read by unprivileged local\n users. The issue is resolved by removing the Manager application in vCenter 4.1 Update 1. If vCenter 4.1 is updated to vCenter\n 4.1 Update 1 the logon credentials are not present in the configuration file after the update.\n\nc. vCenter Server and ESX, Oracle (Sun) JRE is updated to version 1.6.0_21\n\n Oracle (Sun) JRE update to version 1.6.0_21, which addresses multiple security issues that existed in earlier releases of \n Oracle (Sun) JRE.\n\nd. vCenter Update Manager Oracle (Sun) JRE is updated to version 1.5.0_26\n\n Oracle (Sun) JRE update to version 1.5.0_26, which addresses multiple security issues that existed in earlier releases of \n Oracle (Sun) JRE.\n\ne. vCenter Server and ESX Apache Tomcat updated to version 6.0.28\n\n Apache Tomcat updated to version 6.0.28, which addresses multiple security issues that existed in earlier releases of Apache\n Tomcat\n\nf. vCenter Server third party component OpenSSL updated to version 0.9.8n\n\n The version of the OpenSSL library in vCenter Server is updated to 0.9.8n.\n\ng. ESX third party component OpenSSL updated to version 0.9.8p\n\n The version of the ESX OpenSSL library is updated to 0.9.8p.\n\nh. ESXi third party component cURL updated\n\n The version of cURL library in ESXi is updated.\n\ni. ESX third party component pam_krb5 updated\n\n The version of pam_krb5 library is updated.\n\nj. ESX third party update for Service Console kernel\n\n The Service Console kernel is updated to include kernel version 2.6.18-194.11.1.\";\n\n\nif (description)\n{\n script_id(103454);\n script_cve_id(\"CVE-2009-2693\",\"CVE-2009-2901\",\"CVE-2009-2902\",\"CVE-2009-3548\",\"CVE-2010-2227\",\"CVE-2010-1157\",\"CVE-2010-2928\",\"CVE-2010-0734\",\"CVE-2010-1084\",\"CVE-2010-2066\",\"CVE-2010-2070\",\"CVE-2010-2226\",\"CVE-2010-2248\",\"CVE-2010-2521\",\"CVE-2010-2524\",\"CVE-2010-0008\",\"CVE-2010-0415\",\"CVE-2010-0437\",\"CVE-2009-4308\",\"CVE-2010-0003\",\"CVE-2010-0007\",\"CVE-2010-0307\",\"CVE-2010-1086\",\"CVE-2010-0410\",\"CVE-2010-0730\",\"CVE-2010-1085\",\"CVE-2010-0291\",\"CVE-2010-0622\",\"CVE-2010-1087\",\"CVE-2010-1173\",\"CVE-2010-1437\",\"CVE-2010-1088\",\"CVE-2010-1187\",\"CVE-2010-1436\",\"CVE-2010-1641\",\"CVE-2010-3081\",\"CVE-2010-2240\",\"CVE-2008-5416\",\"CVE-2008-0085\",\"CVE-2008-0086\",\"CVE-2008-0107\",\"CVE-2008-0106\",\"CVE-2010-0740\",\"CVE-2010-0433\",\"CVE-2010-3864\",\"CVE-2010-2939\",\"CVE-2009-3555\",\"CVE-2010-0082\",\"CVE-2010-0084\",\"CVE-2010-0085\",\"CVE-2010-0087\",\"CVE-2010-0088\",\"CVE-2010-0089\",\"CVE-2010-0090\",\"CVE-2010-0091\",\"CVE-2010-0092\",\"CVE-2010-0093\",\"CVE-2010-0094\",\"CVE-2010-0095\",\"CVE-2010-0837\",\"CVE-2010-0838\",\"CVE-2010-0839\",\"CVE-2010-0840\",\"CVE-2010-0841\",\"CVE-2010-0842\",\"CVE-2010-0843\",\"CVE-2010-0844\",\"CVE-2010-0845\",\"CVE-2010-0846\",\"CVE-2010-0847\",\"CVE-2010-0848\",\"CVE-2010-0849\",\"CVE-2010-0850\",\"CVE-2010-0886\",\"CVE-2010-3556\",\"CVE-2010-3566\",\"CVE-2010-3567\",\"CVE-2010-3550\",\"CVE-2010-3561\",\"CVE-2010-3573\",\"CVE-2010-3565\",\"CVE-2010-3568\",\"CVE-2010-3569\",\"CVE-2010-1321\",\"CVE-2010-3548\",\"CVE-2010-3551\",\"CVE-2010-3562\",\"CVE-2010-3571\",\"CVE-2010-3554\",\"CVE-2010-3559\",\"CVE-2010-3572\",\"CVE-2010-3553\",\"CVE-2010-3549\",\"CVE-2010-3557\",\"CVE-2010-3541\",\"CVE-2010-3574\",\"CVE-2008-3825\",\"CVE-2009-1384\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_version (\"$Revision: 7583 $\");\n script_name(\"VMSA-2011-0003.2 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX\");\n\n script_tag(name:\"last_modification\", value:\"$Date: 2017-10-26 14:07:01 +0200 (Thu, 26 Oct 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-16 11:19:42 +0100 (Fri, 16 Mar 2012)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"VMware Local Security Checks\");\n script_copyright(\"This script is Copyright (C) 2012 Greenbone Networks GmbH\");\n script_dependencies(\"gb_vmware_esxi_init.nasl\");\n script_mandatory_keys(\"VMware/ESXi/LSC\",\"VMware/ESX/version\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"version_func.inc\"); # Used in _esxi_patch_missing()\ninclude(\"vmware_esx.inc\");\n\nif(!get_kb_item('VMware/ESXi/LSC'))exit(0);\nif(! esxVersion = get_kb_item(\"VMware/ESX/version\"))exit(0);\n\npatches = make_array(\"4.1.0\",\"ESXi410-201101201-SG\",\n \"4.0.0\",\"ESXi400-201103401-SG\");\n\nif(!patches[esxVersion])exit(0);\n\nif(_esxi_patch_missing(esxi_version:esxVersion, patch:patches[esxVersion])) {\n\n security_message(port:0);\n exit(0);\n\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-12-19T16:08:51", "description": "The remote ESXi is missing one or more security related Updates from VMSA-2011-0003.2.", "cvss3": {}, "published": "2012-03-16T00:00:00", "type": "openvas", "title": "VMware ESXi/ESX Third party component updates (VMSA-2011-0003.2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0307", "CVE-2010-3562", "CVE-2010-0740", "CVE-2010-2066", "CVE-2010-0089", "CVE-2010-0008", "CVE-2010-0886", "CVE-2010-3557", "CVE-2010-1641", "CVE-2008-0106", "CVE-2010-2248", "CVE-2010-0088", "CVE-2010-2226", "CVE-2010-0410", "CVE-2010-3551", "CVE-2010-0730", "CVE-2010-0085", "CVE-2008-3825", "CVE-2010-0007", "CVE-2008-0086", "CVE-2010-3553", "CVE-2010-3550", "CVE-2010-2521", "CVE-2010-0087", "CVE-2010-1437", "CVE-2010-3566", "CVE-2010-2939", "CVE-2010-3565", "CVE-2010-0092", "CVE-2010-1187", "CVE-2010-3572", "CVE-2009-2693", "CVE-2010-0848", "CVE-2010-0291", "CVE-2010-0082", "CVE-2010-0838", "CVE-2010-0840", "CVE-2010-0095", "CVE-2010-2070", "CVE-2010-2524", "CVE-2010-0839", "CVE-2010-0094", "CVE-2010-3574", "CVE-2010-0415", "CVE-2010-1157", "CVE-2010-1084", "CVE-2010-0847", "CVE-2010-0842", "CVE-2010-3541", "CVE-2010-0845", "CVE-2010-3571", "CVE-2009-3555", "CVE-2010-0841", "CVE-2010-0844", "CVE-2010-0846", "CVE-2010-2240", "CVE-2010-0837", "CVE-2009-2901", "CVE-2010-3559", "CVE-2010-1321", "CVE-2010-3081", "CVE-2010-3556", "CVE-2010-0734", "CVE-2010-0849", "CVE-2008-0085", "CVE-2010-3561", "CVE-2008-5416", "CVE-2010-2227", "CVE-2010-0091", "CVE-2010-0622", "CVE-2010-3549", "CVE-2010-1085", "CVE-2010-1086", "CVE-2010-0090", "CVE-2010-3554", "CVE-2010-0433", "CVE-2010-1436", "CVE-2010-2928", "CVE-2010-1173", "CVE-2010-0437", "CVE-2010-3864", "CVE-2010-0093", "CVE-2009-4308", "CVE-2008-0107", "CVE-2010-1088", "CVE-2009-1384", "CVE-2010-3567", "CVE-2010-3573", "CVE-2010-0003", "CVE-2010-1087", "CVE-2009-2902", "CVE-2010-3548", "CVE-2010-0843", "CVE-2010-3568", "CVE-2010-0084", "CVE-2010-0850", "CVE-2010-3569", "CVE-2009-3548"], "modified": "2019-12-18T00:00:00", "id": "OPENVAS:1361412562310103454", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310103454", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# VMSA-2011-0003.2 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.103454\");\n script_cve_id(\"CVE-2009-2693\", \"CVE-2009-2901\", \"CVE-2009-2902\", \"CVE-2009-3548\", \"CVE-2010-2227\", \"CVE-2010-1157\", \"CVE-2010-2928\", \"CVE-2010-0734\", \"CVE-2010-1084\", \"CVE-2010-2066\", \"CVE-2010-2070\", \"CVE-2010-2226\", \"CVE-2010-2248\", \"CVE-2010-2521\", \"CVE-2010-2524\", \"CVE-2010-0008\", \"CVE-2010-0415\", \"CVE-2010-0437\", \"CVE-2009-4308\", \"CVE-2010-0003\", \"CVE-2010-0007\", \"CVE-2010-0307\", \"CVE-2010-1086\", \"CVE-2010-0410\", \"CVE-2010-0730\", \"CVE-2010-1085\", \"CVE-2010-0291\", \"CVE-2010-0622\", \"CVE-2010-1087\", \"CVE-2010-1173\", \"CVE-2010-1437\", \"CVE-2010-1088\", \"CVE-2010-1187\", \"CVE-2010-1436\", \"CVE-2010-1641\", \"CVE-2010-3081\", \"CVE-2010-2240\", \"CVE-2008-5416\", \"CVE-2008-0085\", \"CVE-2008-0086\", \"CVE-2008-0107\", \"CVE-2008-0106\", \"CVE-2010-0740\", \"CVE-2010-0433\", \"CVE-2010-3864\", \"CVE-2010-2939\", \"CVE-2009-3555\", \"CVE-2010-0082\", \"CVE-2010-0084\", \"CVE-2010-0085\", \"CVE-2010-0087\", \"CVE-2010-0088\", \"CVE-2010-0089\", \"CVE-2010-0090\", \"CVE-2010-0091\", \"CVE-2010-0092\", \"CVE-2010-0093\", \"CVE-2010-0094\", \"CVE-2010-0095\", \"CVE-2010-0837\", \"CVE-2010-0838\", \"CVE-2010-0839\", \"CVE-2010-0840\", \"CVE-2010-0841\", \"CVE-2010-0842\", \"CVE-2010-0843\", \"CVE-2010-0844\", \"CVE-2010-0845\", \"CVE-2010-0846\", \"CVE-2010-0847\", \"CVE-2010-0848\", \"CVE-2010-0849\", \"CVE-2010-0850\", \"CVE-2010-0886\", \"CVE-2010-3556\", \"CVE-2010-3566\", \"CVE-2010-3567\", \"CVE-2010-3550\", \"CVE-2010-3561\", \"CVE-2010-3573\", \"CVE-2010-3565\", \"CVE-2010-3568\", \"CVE-2010-3569\", \"CVE-2010-1321\", \"CVE-2010-3548\", \"CVE-2010-3551\", \"CVE-2010-3562\", \"CVE-2010-3571\", \"CVE-2010-3554\", \"CVE-2010-3559\", \"CVE-2010-3572\", \"CVE-2010-3553\", \"CVE-2010-3549\", \"CVE-2010-3557\", \"CVE-2010-3541\", \"CVE-2010-3574\", \"CVE-2008-3825\", \"CVE-2009-1384\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"2019-12-18T11:13:08+0000\");\n script_name(\"VMware ESXi/ESX Third party component updates (VMSA-2011-0003.2)\");\n script_tag(name:\"last_modification\", value:\"2019-12-18 11:13:08 +0000 (Wed, 18 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2012-03-16 11:19:42 +0100 (Fri, 16 Mar 2012)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"VMware Local Security Checks\");\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_dependencies(\"gb_vmware_esxi_init.nasl\");\n script_mandatory_keys(\"VMware/ESXi/LSC\", \"VMware/ESX/version\");\n\n script_xref(name:\"URL\", value:\"http://www.vmware.com/security/advisories/VMSA-2011-0003.html\");\n\n script_tag(name:\"summary\", value:\"The remote ESXi is missing one or more security related Updates from VMSA-2011-0003.2.\");\n\n script_tag(name:\"affected\", value:\"ESXi 4.1 without patch ESXi410-201101201-SG\n\n ESXi 4.0 without patch ESXi400-201103401-SG\n\n ESX 4.1 without patch ESX410-201101201-SG\n\n ESX 4.0 without patches ESX400-201103401-SG, ESX400-201103403-SG\");\n\n script_tag(name:\"insight\", value:\"a. vCenter Server and vCenter Update Manager update Microsoft SQL Server 2005 Express Edition to Service Pack 3\n\n Microsoft SQL Server 2005 Express Edition (SQL Express) distributed with vCenter Server 4.1 Update 1 and vCenter\n Update Manager 4.1 Update 1 is upgraded from SQL Express Service Pack 2 to SQL Express Service Pack 3, to address\n multiple security issues that exist in the earlier releases of Microsoft SQL Express. Customers using other database\n solutions need not update for these issues.\n\n b. vCenter Apache Tomcat Management Application Credential Disclosure\n\n The Apache Tomcat Manager application configuration file contains logon credentials that can be read by unprivileged local\n users. The issue is resolved by removing the Manager application in vCenter 4.1 Update 1. If vCenter 4.1 is updated to vCenter\n 4.1 Update 1 the logon credentials are not present in the configuration file after the update.\n\n c. vCenter Server and ESX, Oracle (Sun) JRE is updated to version 1.6.0_21\n\n Oracle (Sun) JRE update to version 1.6.0_21, which addresses multiple security issues that existed in earlier releases of\n Oracle (Sun) JRE.\n\n d. vCenter Update Manager Oracle (Sun) JRE is updated to version 1.5.0_26\n\n Oracle (Sun) JRE update to version 1.5.0_26, which addresses multiple security issues that existed in earlier releases of\n Oracle (Sun) JRE.\n\n e. vCenter Server and ESX Apache Tomcat updated to version 6.0.28\n\n Apache Tomcat updated to version 6.0.28, which addresses multiple security issues that existed in earlier releases of Apache\n Tomcat\n\n f. vCenter Server third party component OpenSSL updated to version 0.9.8n\n\n The version of the OpenSSL library in vCenter Server is updated to 0.9.8n.\n\n g. ESX third party component OpenSSL updated to version 0.9.8p\n\n The version of the ESX OpenSSL library is updated to 0.9.8p.\n\n h. ESXi third party component cURL updated\n\n The version of cURL library in ESXi is updated.\n\n i. ESX third party component pam_krb5 updated\n\n The version of pam_krb5 library is updated.\n\n j. ESX third party update for Service Console kernel\n\n The Service Console kernel is updated to include kernel version 2.6.18-194.11.1.\");\n\n script_tag(name:\"solution\", value:\"Apply the missing patch(es).\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if the target host is missing one or more patch(es).\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"vmware_esx.inc\");\n\nif(!get_kb_item(\"VMware/ESXi/LSC\"))\n exit(0);\n\nif(!esxVersion = get_kb_item(\"VMware/ESX/version\"))\n exit(0);\n\npatches = make_array(\"4.1.0\", \"ESXi410-201101201-SG\",\n \"4.0.0\", \"ESXi400-201103401-SG\");\n\nif(!patches[esxVersion])\n exit(99);\n\nif(report = esxi_patch_missing(esxi_version:esxVersion, patch:patches[esxVersion])) {\n security_message(port:0, data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2022-03-23T12:08:44", "description": "Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with \"recycling of a buffer.\"", "cvss3": {}, "published": "2010-07-13T17:30:00", "type": "cve", "title": "CVE-2010-2227", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2227"], "modified": "2019-03-25T11:32:00", "cpe": ["cpe:/a:apache:tomcat:5.5.15", "cpe:/a:apache:tomcat:6.0.12", "cpe:/a:apache:tomcat:7.0.0", "cpe:/a:apache:tomcat:5.5.19", "cpe:/a:apache:tomcat:6.0.2", "cpe:/a:apache:tomcat:5.5.26", "cpe:/a:apache:tomcat:5.5.23", "cpe:/a:apache:tomcat:5.5.28", "cpe:/a:apache:tomcat:5.5.12", "cpe:/a:apache:tomcat:6.0.7", "cpe:/a:apache:tomcat:6.0.10", "cpe:/a:apache:tomcat:5.5.25", "cpe:/a:apache:tomcat:6.0.6", "cpe:/a:apache:tomcat:6.0.26", "cpe:/a:apache:tomcat:5.5.10", "cpe:/a:apache:tomcat:5.5.3", "cpe:/a:apache:tomcat:5.5.20", "cpe:/a:apache:tomcat:6.0.14", "cpe:/a:apache:tomcat:5.5.1", "cpe:/a:apache:tomcat:5.5.9", "cpe:/a:apache:tomcat:6.0.11", "cpe:/a:apache:tomcat:6.0.18", "cpe:/a:apache:tomcat:6.0.16", "cpe:/a:apache:tomcat:6.0.17", "cpe:/a:apache:tomcat:5.5.13", "cpe:/a:apache:tomcat:5.5.4", "cpe:/a:apache:tomcat:5.5.5", "cpe:/a:apache:tomcat:5.5.8", "cpe:/a:apache:tomcat:6.0.1", "cpe:/a:apache:tomcat:5.5.22", "cpe:/a:apache:tomcat:6.0.3", "cpe:/a:apache:tomcat:6.0.9", "cpe:/a:apache:tomcat:5.5.24", "cpe:/a:apache:tomcat:6.0.20", "cpe:/a:apache:tomcat:6.0.0", "cpe:/a:apache:tomcat:5.5.29", "cpe:/a:apache:tomcat:6.0.4", "cpe:/a:apache:tomcat:6.0.19", "cpe:/a:apache:tomcat:5.5.7", "cpe:/a:apache:tomcat:6.0.27", "cpe:/a:apache:tomcat:6.0.13", "cpe:/a:apache:tomcat:6.0.15", "cpe:/a:apache:tomcat:5.5.11", "cpe:/a:apache:tomcat:6.0.5", "cpe:/a:apache:tomcat:5.5.27", "cpe:/a:apache:tomcat:5.5.14", "cpe:/a:apache:tomcat:5.5.0", "cpe:/a:apache:tomcat:6.0.8", "cpe:/a:apache:tomcat:5.5.16", "cpe:/a:apache:tomcat:5.5.17", "cpe:/a:apache:tomcat:5.5.2", "cpe:/a:apache:tomcat:5.5.6", "cpe:/a:apache:tomcat:6.0.24", "cpe:/a:apache:tomcat:5.5.21", "cpe:/a:apache:tomcat:5.5.18"], "id": "CVE-2010-2227", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2227", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}, "cpe23": ["cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.27:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.29:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.25:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.26:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.28:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T11:48:53", "description": "Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.", "cvss3": {}, "published": "2010-04-23T14:30:00", "type": "cve", "title": "CVE-2010-1157", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1157"], "modified": "2019-03-25T11:32:00", "cpe": ["cpe:/a:apache:tomcat:5.5.15", "cpe:/a:apache:tomcat:6.0.12", "cpe:/a:apache:tomcat:5.5.19", "cpe:/a:apache:tomcat:6.0.2", "cpe:/a:apache:tomcat:5.5.26", "cpe:/a:apache:tomcat:5.5.23", "cpe:/a:apache:tomcat:5.5.12", "cpe:/a:apache:tomcat:5.5.28", "cpe:/a:apache:tomcat:6.0.7", "cpe:/a:apache:tomcat:6.0.10", "cpe:/a:apache:tomcat:5.5.25", "cpe:/a:apache:tomcat:6.0.6", "cpe:/a:apache:tomcat:6.0.26", "cpe:/a:apache:tomcat:5.5.10", "cpe:/a:apache:tomcat:5.5.3", "cpe:/a:apache:tomcat:5.5.20", "cpe:/a:apache:tomcat:6.0.14", "cpe:/a:apache:tomcat:5.5.1", "cpe:/a:apache:tomcat:5.5.9", "cpe:/a:apache:tomcat:6.0.11", "cpe:/a:apache:tomcat:6.0.18", "cpe:/a:apache:tomcat:6.0.16", "cpe:/a:apache:tomcat:6.0.17", "cpe:/a:apache:tomcat:5.5.13", "cpe:/a:apache:tomcat:5.5.4", "cpe:/a:apache:tomcat:5.5.5", "cpe:/a:apache:tomcat:5.5.8", "cpe:/a:apache:tomcat:6.0.1", "cpe:/a:apache:tomcat:5.5.22", "cpe:/a:apache:tomcat:6.0.3", "cpe:/a:apache:tomcat:6.0.9", "cpe:/a:apache:tomcat:5.5.24", "cpe:/a:apache:tomcat:6.0.20", "cpe:/a:apache:tomcat:6.0.19", "cpe:/a:apache:tomcat:5.5.29", "cpe:/a:apache:tomcat:6.0.0", "cpe:/a:apache:tomcat:6.0.4", "cpe:/a:apache:tomcat:5.5.7", "cpe:/a:apache:tomcat:6.0.13", "cpe:/a:apache:tomcat:6.0.15", "cpe:/a:apache:tomcat:5.5.11", "cpe:/a:apache:tomcat:6.0.5", "cpe:/a:apache:tomcat:5.5.27", "cpe:/a:apache:tomcat:5.5.14", "cpe:/a:apache:tomcat:5.5.0", "cpe:/a:apache:tomcat:6.0.8", "cpe:/a:apache:tomcat:5.5.16", "cpe:/a:apache:tomcat:5.5.17", "cpe:/a:apache:tomcat:5.5.2", "cpe:/a:apache:tomcat:5.5.6", "cpe:/a:apache:tomcat:6.0.24", "cpe:/a:apache:tomcat:5.5.21", "cpe:/a:apache:tomcat:5.5.18"], "id": "CVE-2010-1157", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1157", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.27:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.29:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.25:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.26:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.28:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*"]}], "ubuntucve": [{"lastseen": "2022-08-04T14:36:34", "description": "Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta\ndoes not properly handle an invalid Transfer-Encoding header, which allows\nremote attackers to cause a denial of service (application outage) or\nobtain sensitive information via a crafted header that interferes with\n\"recycling of a buffer.\"\n\n#### Bugs\n\n * <https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2227>\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=588813>\n", "cvss3": {}, "published": "2010-07-13T00:00:00", "type": "ubuntucve", "title": "CVE-2010-2227", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2227"], "modified": "2010-07-13T00:00:00", "id": "UB:CVE-2010-2227", "href": "https://ubuntu.com/security/CVE-2010-2227", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "securityvulns": [{"lastseen": "2021-06-08T19:14:41", "description": "Several flaws in the handling of the 'Transfer-Encoding' header.", "edition": 2, "cvss3": {}, "published": "2010-07-13T00:00:00", "type": "securityvulns", "title": "Apache Tomcat DoS and information leak", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2227"], "modified": "2010-07-13T00:00:00", "id": "SECURITYVULNS:VULN:10986", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10986", "sourceData": "", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:35", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nCVE-2010-2227: Apache Tomcat Remote Denial Of Service and Information\r\n Disclosure Vulnerability\r\n\r\nSeverity: Important\r\n\r\nVendor:\r\nThe Apache Software Foundation\r\n\r\nVersions Affected:\r\nTomcat 5.5.0 to 5.5.29\r\nTomcat 6.0.0 to 6.0.27\r\nTomcat 7.0.0\r\n\r\nNote: 7.0.0 is still beta.\r\nNote: The unsupported Tomcat 3.x, 4.x and 5.0.x versions may also be\r\naffected.\r\n\r\nDescription:\r\nSeveral flaws in the handling of the 'Transfer-Encoding' header were\r\nfound that prevented the recycling of a buffer. A remote attacker could\r\ntrigger this flaw which would cause subsequent requests to fail and/or\r\ninformation to leak between requests.\r\n\r\nMitigation:\r\n- - Tomcat 5.5.x users should upgrade to 5.5.30 or apply this patch:\r\n http://svn.apache.org/viewvc?view=revision&revision=959428\r\n- - Tomcat 6.0.x users should upgrade to 6.0.28 or apply this patch:\r\n http://svn.apache.org/viewvc?view=revision&revision=958977\r\n- - Tomcat 7.0.x users should upgrade to 7.0.1 when released or apply this\r\npatch:\r\n http://svn.apache.org/viewvc?view=revision&revision=958911\r\n\r\n- - All users may mitigate this flaw by running Tomcat behind a reverse\r\nproxy (such as Apache httpd 2.2) that rejects invalid values for\r\nTransfer-Encoding.\r\n\r\nCredit:\r\nThis issue was discovered by Steve Jones\r\n\r\nReferences:\r\nhttp://tomcat.apache.org/security.html\r\nhttp://tomcat.apache.org/security-7.html\r\nhttp://tomcat.apache.org/security-6.html\r\nhttp://tomcat.apache.org/security-5.html\r\n\r\nThe Apache Tomcat Security Team\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (MingW32)\r\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/\r\n\r\niQIcBAEBAgAGBQJMN07EAAoJEBDAHFovYFnn8U4P/2wJuP+JYoqeIpPJwK7stqfd\r\njKO01S999v9lnYpIfPXEaFgGXTedo7BYo4X+OTuR7OLiAR6DVa1PhVzDd4bzoeW3\r\nsY9zbOiXEvM6Ps5eVPJuR9P4YVs8O6qeLA8UKWV28KIFX/N4hZ5KAAJTSdlP0DuB\r\n2dLB8cWtldTJrYmLVXbG//1j4S/k/PfHU/+MpZRIs8GWUPOpCxrWyvg+rTQN2zWP\r\niKsUzEEfXyoeHJmD/KM7OTbxfmL0HsUgeHPUBi4A6zPZt6e8614MZcr9FuwK4BBt\r\n+8lCrZhP9XgxbTqp2qMRtF49ObK2gWVav3o2uruaK6NDvGLrAjgvV+mCxKVx6yjl\r\ni9kL1K8S1FIO2eqTdVrQulega2NatYJxyG2ofDsb92+6mio/vLYKBxtI4bworQli\r\nVf/EWmYCuueKrZzde6k+HWhy9cR8JFdws/EGZ5UUaMiVB5Rvk5jPHwBgJDUdnSqC\r\n75HEQBTsowsVKLGuHSnIjkg4B0IiAT6COsOsTfXsUSUn8f95a40GTynE70xvL0Ii\r\n17wr2aK3fC8z9XG3Grbx1s4KiIW41iPBDSh9I7WWSQ+hhq+VHsBKJoubQsWW4qVb\r\nsRuMx6kHTRq1DqEiTtAQFdMiE1oyDNB1ro99j44LH4azJvi5hS5S5R5QOyt9PshE\r\nx6KDdVdqZF3+d64YwjtE\r\n=KHN9\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "cvss3": {}, "published": "2010-07-13T00:00:00", "type": "securityvulns", "title": "[SECURITY] CVE-2010-2227: Apache Tomcat Remote Denial Of Service and Information Disclosure Vulnerability", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2227"], "modified": "2010-07-13T00:00:00", "id": "SECURITYVULNS:DOC:24207", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:24207", "sourceData": "", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2021-06-08T19:14:42", "description": "Internal computer name and port may be used as a realm name for HTTP basic authentication.", "edition": 2, "cvss3": {}, "published": "2010-04-23T00:00:00", "type": "securityvulns", "title": "Apache Tomcat information leak", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1157"], "modified": "2010-04-23T00:00:00", "id": "SECURITYVULNS:VULN:10784", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10784", "sourceData": "", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:34", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nCVE-2010-1157: Apache Tomcat information disclosure vulnerability\r\n\r\nSeverity: Low\r\n\r\nVendor: The Apache Software Foundation\r\n\r\nVersions Affected:\r\n- - Tomcat 6.0.0 to 6.0.26\r\n- - Tomcat 5.5.0 to 5.5.29\r\nNote: The unsupported Tomcat 3.x, 4.x and 5.0.x versions may also be\r\naffected.\r\n\r\nDescription:\r\nThe "WWW-Authenticate" header for BASIC and DIGEST authentication\r\nincludes a realm name. If a <realm-name> element is specified for the\r\napplication in web.xml it will be used. However, a <realm-name> is not\r\nspecified then Tomcat will generate one using the code snippet:\r\nrequest.getServerName() + ":" + request.getServerPort()\r\nIn some circumstances this can expose the local hostname or IP address\r\nof the machine running Tomcat.\r\n\r\nExample:\r\nGET /application/j_security_check HTTP/1.0\r\n\r\n\r\nHTTP/1.1 401 Unauthorized\r\nServer: Apache-Coyote/1.1\r\nWWW-Authenticate: Basic realm="tomcat01:8080"\r\nContent-Type: text/html;charset=utf-8\r\nContent-Length: 954\r\nDate: Thu, 31 Dec 2009 12:18:11 GMT\r\nConnection: close\r\n\r\nMitigation:\r\nAdministrators of web applications that use BASIC or DIGEST\r\nauthentication are recommended to set an appropriate realm name in the\r\nweb application's web.xml file.\r\nAlternatively, the following patches may be used to change the default\r\nrealm to "Authentication required" (without the quotes):\r\n- - Tomcat 6.0.x: http://svn.apache.org/viewvc?view=rev&rev=936540\r\n- - Tomcat 5.5.x: http://svn.apache.org/viewvc?view=rev&rev=936541\r\nThese patches will be included in the next releases of Tomcat 5.5.x and\r\nTomcat 6.0.x. No release date has been set for the next Tomcat 5.5.x and\r\nTomcat 6.0.x releases.\r\n\r\nCredit:\r\nThis issue was discovered by Deniz Cevik.\r\n\r\nReferences:\r\nhttp://tomcat.apache.org/security.html\r\nhttp://tomcat.apache.org/security-6.html\r\nhttp://tomcat.apache.org/security-5.html\r\n\r\nThe Apache Tomcat Security Team\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (MingW32)\r\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/\r\n\r\niQIcBAEBAgAGBQJLz3o5AAoJEBDAHFovYFnn7NgP/jyjnqK98FfruhzL0eB/b748\r\n7EYP8k//kbmq8SIYyDkHkmlGfDNE+epxLudgSLbwg8QJdNG50JHwjTzAcclPCyu6\r\njx3NuJVKxn8KloD3rmxhrIItLG/yQ50JP3tnNO3xC4pS4j8dzdrTS2lFPXxcna6e\r\no9rMUwPLTEsLvNhd93sUIpdXuLhG9TP7dOeAD737ybvmRcz612igGyyT3hVUeGsK\r\nTvJ+uzZTLJi+Wz0UMRdseqsgp1OW2DeMyao67bPaUrbX9EfLA+yUfXV6TRByT4C5\r\nS5BB3mTz8WBgWkscCmKB0mqmtiPfv7PxlRDfMyPAkFhezPAnL5UD4fSZ3Aes8rTO\r\nIF6CM/lWXm+eMECVwuIh7RdiPJtpe/1ZTQ2EtAQ/JZOIoDX2sKNF92opGeNiZPp9\r\nP78tfksI23tLNJeDcJmL1a2L1yP8pcvAnd6AhYwZPc+LoZBKOsqEMMDU9CmbT3LY\r\n2Fyn8h5yV9Fql9TR9J87aB9BDcQ5vqtdJ17qO20ur54SockI/oNi45tpDf76sJQB\r\n0iOVY1MDu9J4c3xvtmWrdsAZF8VFDhW8nXdKOATh2cVQg/P4aELW2eyGUbiL5hLZ\r\nEWgiZRQWm815MqEwikbztMON4OipensBx1wNuKvj2VKs3VK8tkSuXigViOCTYo+c\r\nmm73gFAt6VWTF5sbfTuA\r\n=mtgX\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "cvss3": {}, "published": "2010-04-23T00:00:00", "title": "[SECURITY] CVE-2010-1157: Apache Tomcat information disclosure vulnerability", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1157"], "modified": "2010-04-23T00:00:00", "id": "SECURITYVULNS:DOC:23687", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:23687", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:42", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2011-10-12-3 OS X Lion v10.7.2 and Security Update 2011-006\r\n\r\nOS X Lion v10.7.2 and Security Update 2011-006 is now available and\r\naddresses the following:\r\n\r\nApache\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: Multiple vulnerabilities in Apache\r\nDescription: Apache is updated to version 2.2.20 to address several\r\nvulnerabilities, the most serious of which may lead to a denial of\r\nservice. CVE-2011-0419 does not affect OS X Lion systems. Further\r\ninformation is available via the Apache web site at\r\nhttp://httpd.apache.org/\r\nCVE-ID\r\nCVE-2011-0419\r\nCVE-2011-3192\r\n\r\nApplication Firewall\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: Executing a binary with a maliciously crafted name may lead\r\nto arbitrary code execution with elevated privileges\r\nDescription: A format string vulnerability existed in Application\r\nFirewall's debug logging.\r\nCVE-ID\r\nCVE-2011-0185 : an anonymous reporter\r\n\r\nATS\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: Viewing or downloading a document containing a maliciously\r\ncrafted embedded font may lead to arbitrary code execution\r\nDescription: A signedness issue existed in ATS' handling of Type 1\r\nfonts. This issue does not affect systems prior to OS X Lion.\r\nCVE-ID\r\nCVE-2011-3437\r\n\r\nATS\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Viewing or downloading a document containing a maliciously\r\ncrafted embedded font may lead to arbitrary code execution\r\nDescription: An out of bounds memory access issue existed in ATS'\r\nhandling of Type 1 fonts. This issue does not affect OS X Lion\r\nsystems.\r\nCVE-ID\r\nCVE-2011-0229 : Will Dormann of the CERT/CC\r\n\r\nATS\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: Applications which use the ATSFontDeactivate API may be\r\nvulnerable to an unexpected application termination or arbitrary code\r\nexecution\r\nDescription: A buffer overflow issue existed in the\r\nATSFontDeactivate API.\r\nCVE-ID\r\nCVE-2011-0230 : Steven Michaud of Mozilla\r\n\r\nBIND\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: Multiple vulnerabilities in BIND 9.7.3\r\nDescription: Multiple denial of service issues existed in BIND\r\n9.7.3. These issues are addressed by updating BIND to version\r\n9.7.3-P3.\r\nCVE-ID\r\nCVE-2011-1910\r\nCVE-2011-2464\r\n\r\nBIND\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Multiple vulnerabilities in BIND\r\nDescription: Multiple denial of service issues existed in BIND.\r\nThese issues are addressed by updating BIND to version 9.6-ESV-R4-P3.\r\nCVE-ID\r\nCVE-2009-4022\r\nCVE-2010-0097\r\nCVE-2010-3613\r\nCVE-2010-3614\r\nCVE-2011-1910\r\nCVE-2011-2464\r\n\r\nCertificate Trust Policy\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1.\r\nImpact: Root certificates have been updated\r\nDescription: Several trusted certificates were added to the list of\r\nsystem roots. Several existing certificates were updated to their\r\nmost recent version. The complete list of recognized system roots may\r\nbe viewed via the Keychain Access application.\r\n\r\nCFNetwork\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Safari may store cookies it is not configured to accept\r\nDescription: A synchronization issue existed in CFNetwork's handling\r\nof cookie policies. Safari's cookie preferences may not be honored,\r\nallowing websites to set cookies that would be blocked were the\r\npreference enforced. This update addresses the issue through improved\r\nhandling of cookie storage.\r\nCVE-ID\r\nCVE-2011-0231 : Martin Tessarek, Steve Riggins of Geeks R Us, Justin\r\nC. Walker, and Stephen Creswell\r\n\r\nCFNetwork\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: Visiting a maliciously crafted website may lead to the\r\ndisclosure of sensitive information\r\nDescription: An issue existed in CFNetwork's handling of HTTP\r\ncookies. When accessing a maliciously crafted HTTP or HTTPS URL,\r\nCFNetwork could incorrectly send the cookies for a domain to a server\r\noutside that domain. This issue does not affect systems prior to OS X\r\nLion.\r\nCVE-ID\r\nCVE-2011-3246 : Erling Ellingsen of Facebook\r\n\r\nCoreFoundation\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Viewing a maliciously crafted website or e-mail message may\r\nlead to an unexpected application termination or arbitrary code\r\nexecution\r\nDescription: A memory corruption issue existed in CoreFoundation's\r\nhandling of string tokenization. This issue does not affect OS X Lion\r\nsystems. This update addresses the issue through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2011-0259 : Apple\r\n\r\nCoreMedia\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: Visiting a maliciously crafted website may lead to the\r\ndisclosure of video data from another site\r\nDescription: A cross-origin issue existed in CoreMedia's handling of\r\ncross-site redirects. This issue is addressed through improved origin\r\ntracking.\r\nCVE-ID\r\nCVE-2011-0187 : Nirankush Panchbhai and Microsoft Vulnerability\r\nResearch (MSVR)\r\n\r\nCoreMedia\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in the\r\nhandling of QuickTime movie files. These issues do not affect OS X\r\nLion systems.\r\nCVE-ID\r\nCVE-2011-0224 : Apple\r\n\r\nCoreProcesses\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: A person with physical access to a system may partially\r\nbypass the screen lock\r\nDescription: A system window, such as a VPN password prompt, that\r\nappeared while the screen was locked may have accepted keystrokes\r\nwhile the screen was locked. This issue is addressed by preventing\r\nsystem windows from requesting keystrokes while the screen is locked.\r\nThis issue does not affect systems prior to OS X Lion.\r\nCVE-ID\r\nCVE-2011-0260 : Clint Tseng of the University of Washington, Michael\r\nKobb, and Adam Kemp\r\n\r\nCoreStorage\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: Converting to FileVault does not erase all existing data\r\nDescription: After enabling FileVault, approximately 250MB at the\r\nstart of the volume was left unencrypted on the disk in an unused\r\narea. Only data which was present on the volume before FileVault was\r\nenabled was left unencrypted. This issue is addressed by erasing this\r\narea when enabling FileVault, and on the first use of an encrypted\r\nvolume affected by this issue. This issue does not affect systems\r\nprior to OS X Lion.\r\nCVE-ID\r\nCVE-2011-3212 : Judson Powers of ATC-NY\r\n\r\nFile Systems\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: An attacker in a privileged network position may manipulate\r\nHTTPS server certificates, leading to the disclosure of sensitive\r\ninformation\r\nDescription: An issue existed in the handling of WebDAV volumes on\r\nHTTPS servers. If the server presented a certificate chain that could\r\nnot be automatically verified, a warning was displayed and the\r\nconnection was closed. If the user clicked the "Continue" button in\r\nthe warning dialog, any certificate was accepted on the following\r\nconnection to that server. An attacker in a privileged network\r\nposition may have manipulated the connection to obtain sensitive\r\ninformation or take action on the server on the user's behalf. This\r\nupdate addresses the issue by validating that the certificate\r\nreceived on the second connection is the same certificate originally\r\npresented to the user.\r\nCVE-ID\r\nCVE-2011-3213 : Apple\r\n\r\nIOGraphics\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: A person with physical access may be able to bypass the\r\nscreen lock\r\nDescription: An issue existed with the screen lock when used with\r\nApple Cinema Displays. When a password is required to wake from\r\nsleep, a person with physical access may be able to access the system\r\nwithout entering a password if the system is in display sleep mode.\r\nThis update addresses the issue by ensuring that the lock screen is\r\ncorrectly activated in display sleep mode. This issue does not affect\r\nOS X Lion systems.\r\nCVE-ID\r\nCVE-2011-3214 : Apple\r\n\r\niChat Server\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: A remote attacker may cause the Jabber server to consume\r\nsystem resources disproportionately\r\nDescription: An issue existed in the handling of XML external\r\nentities in jabberd2, a server for the Extensible Messaging and\r\nPresence Protocol (XMPP). jabberd2 expands external entities in\r\nincoming requests. This allows an attacker to consume system\r\nresources very quickly, denying service to legitimate users of the\r\nserver. This update addresses the issue by disabling entity expansion\r\nin incoming requests.\r\nCVE-ID\r\nCVE-2011-1755\r\n\r\nKernel\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: A person with physical access may be able to access the\r\nuser's password\r\nDescription: A logic error in the kernel's DMA protection permitted\r\nfirewire DMA at loginwindow, boot, and shutdown, although not at\r\nscreen lock. This update addresses the issue by preventing firewire\r\nDMA at all states where the user is not logged in.\r\nCVE-ID\r\nCVE-2011-3215 : Passware, Inc.\r\n\r\nKernel\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: An unprivileged user may be able to delete another user's\r\nfiles in a shared directory\r\nDescription: A logic error existed in the kernel's handling of file\r\ndeletions in directories with the sticky bit.\r\nCVE-ID\r\nCVE-2011-3216 : Gordon Davisson of Crywolf, Linc Davis, R. Dormer,\r\nand Allan Schmid and Oliver Jeckel of brainworks Training\r\n\r\nlibsecurity\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: Viewing a maliciously crafted website or e-mail message may\r\nlead to an unexpected application termination or arbitrary code\r\nexecution\r\nDescription: An error handling issue existed when parsing a\r\nnonstandard certificate revocation list extension.\r\nCVE-ID\r\nCVE-2011-3227 : Richard Godbee of Virginia Tech\r\n\r\nMailman\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Multiple vulnerabilities in Mailman 2.1.14\r\nDescription: Multiple cross-site scripting issues existed in Mailman\r\n2.1.14. These issues are addressed by improved encoding of characters\r\nin HTML output. Further information is available via the Mailman site\r\nat http://mail.python.org/pipermail/mailman-\r\nannounce/2011-February/000158.html This issue does not affect OS X\r\nLion systems.\r\nCVE-ID\r\nCVE-2011-0707\r\n\r\nMediaKit\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Opening a maliciously crafted disk image may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in the\r\nhandling of disk images. These issues do not affect OS X Lion\r\nsystems.\r\nCVE-ID\r\nCVE-2011-3217 : Apple\r\n\r\nOpen Directory\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: Any user may read another local user's password data\r\nDescription: An access control issue existed in Open Directory. This\r\nissue does not affect systems prior to OS X Lion.\r\nCVE-ID\r\nCVE-2011-3435 : Arek Dreyer of Dreyer Network Consultants, Inc, and\r\nPatrick Dunstan at defenseindepth.net\r\n\r\nOpen Directory\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: An authenticated user may change that account's password\r\nwithout providing the current password\r\nDescription: An access control issue existed in Open Directory. This\r\nissue does not affect systems prior to OS X Lion.\r\nCVE-ID\r\nCVE-2011-3436 : Patrick Dunstan at defenceindepth.net\r\n\r\nOpen Directory\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: A user may be able to log in without a password\r\nDescription: When Open Directory is bound to an LDAPv3 server using\r\nRFC2307 or custom mappings, such that there is no\r\nAuthenticationAuthority attribute for a user, an LDAP user may be\r\nallowed to log in without a password. This issue does not affect\r\nsystems prior to OS X Lion.\r\nCVE-ID\r\nCVE-2011-3226 : Jeffry Strunk of The University of Texas at Austin,\r\nSteven Eppler of Colorado Mesa University, Hugh Cole-Baker, and\r\nFrederic Metoz of Institut de Biologie Structurale\r\n\r\nPHP\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: Viewing a maliciously crafted PDF file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A signedness issue existed in FreeType's handling of\r\nType 1 fonts. This issue is addressed by updating FreeType to version\r\n2.4.6. This issue does not affect systems prior to OS X Lion. Further\r\ninformation is available via the FreeType site at\r\nhttp://www.freetype.org/\r\nCVE-ID\r\nCVE-2011-0226\r\n\r\nPHP\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: Multiple vulnerabilities in libpng 1.4.3\r\nDescription: libpng is updated to version 1.5.4 to address multiple\r\nvulnerabilities, the most serious of which may lead to arbitrary code\r\nexecution. Further information is available via the libpng website at\r\nhttp://www.libpng.org/pub/png/libpng.html\r\nCVE-ID\r\nCVE-2011-2690\r\nCVE-2011-2691\r\nCVE-2011-2692\r\n\r\nPHP\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Multiple vulnerabilities in PHP 5.3.4\r\nDescription: PHP is updated to version 5.3.6 to address multiple\r\nvulnerabilities, the most serious of which may lead to arbitrary code\r\nexecution. This issues do not affect OS X Lion systems. Further\r\ninformation is available via the PHP website at http://www.php.net/\r\nCVE-ID\r\nCVE-2010-3436\r\nCVE-2010-4645\r\nCVE-2011-0420\r\nCVE-2011-0421\r\nCVE-2011-0708\r\nCVE-2011-1092\r\nCVE-2011-1153\r\nCVE-2011-1466\r\nCVE-2011-1467\r\nCVE-2011-1468\r\nCVE-2011-1469\r\nCVE-2011-1470\r\nCVE-2011-1471\r\n\r\npostfix\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: An attacker in a privileged network position may manipulate\r\nmail sessions, resulting in the disclosure of sensitive information\r\nDescription: A logic issue existed in Postfix in the handling of the\r\nSTARTTLS command. After receiving a STARTTLS command, Postfix may\r\nprocess other plain-text commands. An attacker in a privileged\r\nnetwork position may manipulate the mail session to obtain sensitive\r\ninformation from the encrypted traffic. This update addresses the\r\nissue by clearing the command queue after processing a STARTTLS\r\ncommand. This issue does not affect OS X Lion systems. Further\r\ninformation is available via the Postfix site at\r\nhttp://www.postfix.org/announcements/postfix-2.7.3.html\r\nCVE-ID\r\nCVE-2011-0411\r\n\r\npython\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: Multiple vulnerabilities in python\r\nDescription: Multiple vulnerabilities existed in python, the most\r\nserious of which may lead to arbitrary code execution. This update\r\naddresses the issues by applying patches from the python project.\r\nFurther information is available via the python site at\r\nhttp://www.python.org/download/releases/\r\nCVE-ID\r\nCVE-2010-1634\r\nCVE-2010-2089\r\nCVE-2011-1521\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in\r\nQuickTime's handling of movie files.\r\nCVE-ID\r\nCVE-2011-3228 : Apple\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A heap buffer overflow existed in the handling of STSC\r\natoms in QuickTime movie files. This issue does not affect OS X Lion\r\nsystems.\r\nCVE-ID\r\nCVE-2011-0249 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero\r\nDay Initiative\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A heap buffer overflow existed in the handling of STSS\r\natoms in QuickTime movie files. This issue does not affect OS X Lion\r\nsystems.\r\nCVE-ID\r\nCVE-2011-0250 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero\r\nDay Initiative\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A heap buffer overflow existed in the handling of STSZ\r\natoms in QuickTime movie files. This issue does not affect OS X Lion\r\nsystems.\r\nCVE-ID\r\nCVE-2011-0251 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero\r\nDay Initiative\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A heap buffer overflow existed in the handling of STTS\r\natoms in QuickTime movie files. This issue does not affect OS X Lion\r\nsystems.\r\nCVE-ID\r\nCVE-2011-0252 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero\r\nDay Initiative\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: An attacker in a privileged network position may inject\r\nscript in the local domain when viewing template HTML\r\nDescription: A cross-site scripting issue existed in QuickTime\r\nPlayer's "Save for Web" export. The template HTML files generated by\r\nthis feature referenced a script file from a non-encrypted origin. An\r\nattacker in a privileged network position may be able to inject\r\nmalicious scripts in the local domain if the user views a template\r\nfile locally. This issue is resolved by removing the reference to an\r\nonline script. This issue does not affect OS X Lion systems.\r\nCVE-ID\r\nCVE-2011-3218 : Aaron Sigel of vtty.com\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in QuickTime's handling of\r\nH.264 encoded movie files.\r\nCVE-ID\r\nCVE-2011-3219 : Damian Put working with TippingPoint's Zero Day\r\nInitiative\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: Viewing a maliciously crafted movie file may lead to the\r\ndisclosure of memory contents\r\nDescription: An uninitialized memory access issue existed in\r\nQuickTime's handling of URL data handlers within movie files.\r\nCVE-ID\r\nCVE-2011-3220 : Luigi Auriemma working with TippingPoint's Zero Day\r\nInitiative\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: An implementation issue existed in QuickTime's handling\r\nof the atom hierarchy within a movie file.\r\nCVE-ID\r\nCVE-2011-3221 : an anonymous researcher working with TippingPoint's\r\nZero Day Initiative\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: Viewing a maliciously crafted FlashPix file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in QuickTime's handling of\r\nFlashPix files.\r\nCVE-ID\r\nCVE-2011-3222 : Damian Put working with TippingPoint's Zero Day\r\nInitiative\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in QuickTime's handling of\r\nFLIC files.\r\nCVE-ID\r\nCVE-2011-3223 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero\r\nDay Initiative\r\n\r\nSMB File Server\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: A guest user may browse shared folders\r\nDescription: An access control issue existed in the SMB File Server.\r\nDisallowing guest access to the share point record for a folder\r\nprevented the '_unknown' user from browsing the share point but not\r\nguests (user 'nobody'). This issue is addressed by applying the\r\naccess control to the guest user. This issue does not affect systems\r\nprior to OS X Lion.\r\nCVE-ID\r\nCVE-2011-3225\r\n\r\nTomcat\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Multiple vulnerabilities in Tomcat 6.0.24\r\nDescription: Tomcat is updated to version 6.0.32 to address multiple\r\nvulnerabilities, the most serious of which may lead to a cross site\r\nscripting attack. Tomcat is only provided on Mac OS X Server systems.\r\nThis issue does not affect OS X Lion systems. Further information is\r\navailable via the Tomcat site at http://tomcat.apache.org/\r\nCVE-ID\r\nCVE-2010-1157\r\nCVE-2010-2227\r\nCVE-2010-3718\r\nCVE-2010-4172\r\nCVE-2011-0013\r\nCVE-2011-0534\r\n\r\nUser Documentation\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: An attacker in a privileged network position may manipulate\r\nApp Store help content, leading to arbitrary code execution\r\nDescription: App Store help content was updated over HTTP. This\r\nupdate addresses the issue by updating App Store help content over\r\nHTTPS. This issue does not affect OS X Lion systems.\r\nCVE-ID\r\nCVE-2011-3224 : Aaron Sigel of vtty.com\r\n\r\nWeb Server\r\nAvailable for: Mac OS X Server v10.6.8\r\nImpact: Clients may be unable to access web services that require\r\ndigest authentication\r\nDescription: An issue in the handling of HTTP Digest authentication\r\nwas addressed. Users may be denied access to the server's resources,\r\nwhen the server configuration should have allowed the access. This\r\nissue does not represent a security risk, and was addressed to\r\nfacilitate the use of stronger authentication mechanisms. Systems\r\nrunning OS X Lion Server are not affected by this issue.\r\n\r\nX11\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: Multiple vulnerabilities in libpng\r\nDescription: Multiple vulnerabilities existed in libpng, the most\r\nserious of which may lead to arbitrary code execution. These issues\r\nare addressed by updating libpng to version 1.5.4 on OS Lion systems,\r\nand to 1.2.46 on Mac OS X v10.6 systems. Further information is\r\navailable via the libpng website at\r\nhttp://www.libpng.org/pub/png/libpng.html\r\nCVE-ID\r\nCVE-2011-2690\r\nCVE-2011-2691\r\nCVE-2011-2692\r\n\r\nOS X Lion v10.7.2 also includes Safari 5.1.1. For information on\r\nthe security content of Safari 5.1.1, please visit:\r\nhttp://support.apple.com/kb/HT5000\r\n\r\nOS X Lion v10.7.2 and Security Update 2011-006 may be obtained from\r\nthe Software Update pane in System Preferences, or Apple's Software\r\nDownloads web site:\r\nhttp://www.apple.com/support/downloads/\r\n\r\nThe Software Update utility will present the update that applies\r\nto your system configuration. Only one is needed, either\r\nSecurity Update 2011-006 or OS X v10.7.2.\r\n\r\nFor OS X Lion v10.7.1\r\nThe download file is named: MacOSXUpd10.7.2.dmg\r\nIts SHA-1 digest is: 37f784e08d4461e83a891a7f8b8af24c2ceb8229\r\n\r\nFor OS X Lion v10.7\r\nThe download file is named: MacOSXUpdCombo10.7.2.dmg\r\nIts SHA-1 digest is: accd06d610af57df24f62ce7af261395944620eb\r\n\r\nFor OS X Lion Server v10.7.1\r\nThe download file is named: MacOSXServerUpd10.7.2.dmg\r\nIts SHA-1 digest is: e4084bf1dfa295a42f619224d149e515317955da\r\n\r\nFor OS X Lion Server v10.7\r\nThe download file is named: MacOSXServerUpdCombo10.7.2.dmg\r\nIts SHA-1 digest is: 25e86f5cf97b6644c7a025230431b1992962ec4a\r\n\r\nFor Mac OS X v10.6.8\r\nThe download file is named: SecUpd2011-006Snow.dmg\r\nIts SHA-1 digest is: 0f9c29610a06370d0c85a4c92dc278a48ba17a84\r\n\r\nFor Mac OS X Server v10.6.8\r\nThe download file is named: SecUpdSrvr2011-006.dmg\r\nIts SHA-1 digest is: 12de3732710bb03059f93527189d221c97ef8a06\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.16 (Darwin)\r\n\r\niQEcBAEBAgAGBQJOlc/zAAoJEGnF2JsdZQeeWFcH/RDHS+dCP8T4a92uYRIbs9T3\r\nTFbT7hnOoTB0H+2eN3oziLNime2N4mO921heHobiAKSXv/luU41ZPHxVd6rE77Md\r\n/BHDqLv65RA0XFTIPmrTcfpLhI5UgXDLfOLrsmdwTm52l5zQZkoxufYFf3mB3h7U\r\nZJUD1s081Pjy45/Cbao097+JrDwS7ahhgkvTmpmSvJK/wWRz4JtZkvIYcQ2uQFR4\r\nsTg4l6pmi3d8sJJ4wzrEaxDpclRjvjURI4DiBMYwGAXeCMRgYi0y03tYtkjXoaSG\r\n69h2yD8EXQBuJkDyouak7/M/eMwUfb2S6o1HyXTldjdvFBFvvwvl+Y3xp8YmDzU=\r\n=gsvn\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "cvss3": {}, "published": "2011-10-16T00:00:00", "title": "APPLE-SA-2011-10-12-3 OS X Lion v10.7.2 and Security Update 2011-006", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-0187", "CVE-2011-0421", "CVE-2011-1467", "CVE-2011-1153", "CVE-2011-1471", "CVE-2011-3221", "CVE-2011-3227", "CVE-2011-0259", "CVE-2011-3216", "CVE-2011-3246", "CVE-2011-1466", "CVE-2011-3435", "CVE-2011-3222", "CVE-2011-0229", "CVE-2011-1521", "CVE-2010-4172", "CVE-2011-0419", "CVE-2011-1092", "CVE-2011-0252", "CVE-2011-3223", "CVE-2011-0185", "CVE-2011-1755", "CVE-2011-3220", "CVE-2011-0224", "CVE-2011-2464", "CVE-2010-4645", "CVE-2011-3214", "CVE-2010-3436", "CVE-2010-1157", "CVE-2011-0013", "CVE-2011-0708", "CVE-2011-3228", "CVE-2011-0249", "CVE-2011-0231", "CVE-2011-0534", "CVE-2011-3437", "CVE-2011-2691", "CVE-2011-1468", "CVE-2011-0420", "CVE-2010-2089", "CVE-2011-3224", "CVE-2011-0226", "CVE-2011-1470", "CVE-2011-3192", "CVE-2011-3219", "CVE-2011-3436", "CVE-2011-3225", "CVE-2011-3215", "CVE-2011-0260", "CVE-2011-2692", "CVE-2010-2227", "CVE-2011-1469", "CVE-2011-3218", "CVE-2010-3614", "CVE-2011-3213", "CVE-2010-3718", "CVE-2011-0250", "CVE-2011-3217", "CVE-2010-3613", "CVE-2010-1634", "CVE-2010-0097", "CVE-2011-0251", "CVE-2011-0707", "CVE-2011-0230", "CVE-2011-3226", "CVE-2011-2690", "CVE-2011-0411", "CVE-2011-3212", "CVE-2009-4022", "CVE-2011-1910"], "modified": "2011-10-16T00:00:00", "id": "SECURITYVULNS:DOC:27155", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27155", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T19:03:07", "description": "Multiple vulnerabilities in different system components.", "edition": 2, "cvss3": {}, "published": "2011-10-24T00:00:00", "type": "securityvulns", "title": "Apple OS X multiple security vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-0187", "CVE-2011-0421", "CVE-2011-1467", "CVE-2011-1153", "CVE-2011-1471", "CVE-2011-3221", "CVE-2011-3227", "CVE-2011-0259", "CVE-2011-3216", "CVE-2011-3246", "CVE-2011-1466", "CVE-2011-3435", "CVE-2011-3222", "CVE-2011-0229", "CVE-2011-1521", "CVE-2010-4172", "CVE-2011-0419", "CVE-2011-1092", "CVE-2011-0252", "CVE-2011-3223", "CVE-2011-0185", "CVE-2011-1755", "CVE-2011-3220", "CVE-2011-0224", "CVE-2011-2464", "CVE-2010-4645", "CVE-2011-3214", "CVE-2010-3436", "CVE-2010-1157", "CVE-2011-0013", "CVE-2011-0708", "CVE-2011-3228", "CVE-2011-0249", "CVE-2011-0231", "CVE-2011-0534", "CVE-2011-3437", "CVE-2011-2691", "CVE-2011-1468", "CVE-2011-0420", "CVE-2010-2089", "CVE-2011-3224", "CVE-2011-0226", "CVE-2011-1470", "CVE-2011-3192", "CVE-2011-3219", "CVE-2011-3436", "CVE-2011-3225", "CVE-2011-3215", "CVE-2011-0260", "CVE-2011-2692", "CVE-2010-2227", "CVE-2011-1469", "CVE-2011-3218", "CVE-2010-3614", "CVE-2011-3213", "CVE-2010-3718", "CVE-2011-0250", "CVE-2011-3217", "CVE-2010-3613", "CVE-2010-1634", "CVE-2010-0097", "CVE-2011-0251", "CVE-2011-0707", "CVE-2011-0230", "CVE-2011-3226", "CVE-2011-2690", "CVE-2011-0411", "CVE-2011-3212", "CVE-2009-4022", "CVE-2011-1910"], "modified": "2011-10-24T00:00:00", "id": "SECURITYVULNS:VULN:11973", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11973", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:50", "description": "Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License version 2.0. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world. ", "cvss3": {}, "published": "2010-11-01T20:57:28", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: tomcat6-6.0.26-11.fc13", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2227"], "modified": "2010-11-01T20:57:28", "id": "FEDORA:8D209110894", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/CKMHZEEDAPGWI7Z6PZ6XJZFIGBU6UW7M/", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "description": "Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License version 2.0. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world. ", "cvss3": {}, "published": "2010-11-14T21:34:08", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: tomcat6-6.0.26-14.fc14", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2227"], "modified": "2010-11-14T21:34:08", "id": "FEDORA:C1251110652", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/L57NNSVDR3C3DJLNPH3TU4AI6LRIXTIK/", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "description": "Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License version 2.0. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world. ", "cvss3": {}, "published": "2010-11-01T20:55:02", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: tomcat6-6.0.26-3.fc12", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-0033", "CVE-2009-0580", "CVE-2010-2227"], "modified": "2010-11-01T20:55:02", "id": "FEDORA:6A09010FBB7", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/UVLVKAZLXYNLS5GH6UWJCHPOXOTBKR72/", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "myhack58": [{"lastseen": "2016-11-14T18:16:28", "edition": 2, "description": "The present article is an analysis of the POC process, the pressure of the N months, and now before the issue. Using the analysis of POC, Tomcat in addition to the latest version(see the specific website), and JBOSS in addition to the latest version, can fight, POC see the article. JBOSS official has secretly released a new version, including bug fixes, but no release announcement. \n\nThis vulnerability is really enough cruel! Only need one data packet, directly killed! See Figure, the console information. \n\nAlthough the official didn't give out the POC, but through simple analysis, we can get out! \n\n(Below is the TOMCAT attack proof) \n! [](/Article/UploadPic/2010-11/20101123101149970.jpg)\n\nSimple analysis: \n\nI see the official patch is such a fight. \n\nhttp://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11AprProcessor.java?r1=952026&r2=9 5 8 9 7 7&pathrev=9 5 8 9 7 7&diff_format=h \n\n\n! [](/Article/UploadPic/2010-11/20101123101150518.jpg)\n\nThis sentence should read.\n\n! [](/Article/UploadPic/2010-11/20101123101150937.jpg)\n\npluggableFilterIndex the value of\n\n! [](/Article/UploadPic/2010-11/20101123101150502.jpg)\n\nint type maximum value, and an int will never be greater than int type maximum value, so to say, official patch, never want the program to go into here. \n\nThen look at another file \n\nhttp://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/filters/BufferedInputFilter.java?r1=533164&r2=9 5 8 9 7 7&pathrev=9 5 8 9 7 7&diff_format=h \n\nAdded \n\nif (buffered != null) { \n\nJudgment. \n\n\nThat is, as long as we send a data packet, allowing the program flow normal to go to here. And buffered is null, you can trigger the vulnerability, it just hung up! \n\nTo continue the forward analysis with a few debug, it is easy to locate as long as two conditions are met, you can go here: \n\n1, http, head transfer-encoding: buffered \n\n2, using HTTP/1.1 Protocol \n\nPOC \n\nSo just a tomcat, the non-the latest version of can be, after Contracting(POC), which are head-head: \n\n\n! [](/Article/UploadPic/2010-11/20101123101150672.jpg)\n\nAfter my test, swap the two tomcat6. X version, are all directly hang off! \n\nWe see the following exception information(This is the JBOSS explosion): \n\n\n! [](/Article/UploadPic/2010-11/20101123101150846.jpg)\n\nIs org. apache. coyote. http11. filters. BufferedInputFilter the exception. \n\nAfter I later test found that JBOSS also the existence of this vulnerability, the reason is that JBOSS also uses this package, it is the core of this is the tomcat! Hit a JBOSS, and sometimes also will cause JBOSS to restart, if the first packet is not killed, it is constantly sent dozens of packages, look back, already dead, the effect is very obvious! \n\nThe official recommended use: \n\napache-tomcat-6.0.28 after my test, is not affected. \n\napache-tomcat-5.5.30 after my test, is not affected. \n\nThe official description of the vulnerability mentioned, saying that if the front end using the apache proxy, it will not be a problem, the principle is that apache encounters this header directly is intercepted, then return an error. \n\n\nBut this may not be absolutely safe, if you have apache and tomcat for some character meanings, understanding of the inconsistencies, or the intermediate layer have the character filter mod or the like, may be bypassed. This is purely YY. \n\nI've tested the version: \n\napache-tomcat-5.5.29 after my test, a dozen hung! \n\napache-tomcat-6.0.26 after my test, hit the like did not hang, but the message is abnormal, after all the normal access, the message console is the exception, I believe it is also insist on not how long, the rotation playing it will hang. \n\nTomcat a 6. x and a 5. x version, is also directly linked to, I forget the version number. If your embedded system has installed the tomcat service, you own it. \n\njboss-6.0.0.20100429-M3 a dozen hung, constantly playing, it will restart! \n\n\nSpecific phenomenon: \n\nThe first is not accessible, then tomcat does not know from where did you get the file, directly. \n\nEach refresh will change the member content, no matter how the display, not the normal page that should be a buffer hang! \n\nThe following figure should be a htm, but I accessed directly, without seeing the source code, that is such a page. \n\n\n! [](/Article/UploadPic/2010-11/20101123101151992.jpg)\n\nPatch and Description and the solution will not say, see the official announcement. \n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2227 \n\nhttp://tomcat.apache.org/security-6.html \n\nJBOSS sneak up on the patch version: \n\nhttp://repository.jboss.org/jboss/web/2.0.0.GA_CP14-brew/src/ \n\n", "cvss3": {}, "published": "2010-11-23T00:00:00", "type": "myhack58", "title": "Tomcat remote denial of service vulnerability analysis(CVE-2 0 1 0-2 2 2 7)-vulnerability warning-the black bar safety net", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2227"], "modified": "2010-11-23T00:00:00", "id": "MYHACK58:62201028404", "href": "http://www.myhack58.com/Article/html/3/62/2010/28404.htm", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2023-01-26T13:40:16", "description": "## Releases\n\n * Ubuntu 10.04 \n * Ubuntu 9.10 \n * Ubuntu 9.04 \n\n## Packages\n\n * tomcat6 \\- \n\nIt was discovered that Tomcat incorrectly handled invalid Transfer-Encoding \nheaders. A remote attacker could send specially crafted requests containing \ninvalid headers to the server and cause a denial of service, or possibly \nobtain sensitive information from other requests.\n", "cvss3": {}, "published": "2010-08-25T00:00:00", "type": "ubuntu", "title": "Tomcat vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2227"], "modified": "2010-08-25T00:00:00", "id": "USN-976-1", "href": "https://ubuntu.com/security/notices/USN-976-1", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "seebug": [{"lastseen": "2017-11-19T14:00:52", "description": "No description provided by source.", "cvss3": {}, "published": "2014-07-01T00:00:00", "title": "Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability", "type": "seebug", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2010-1157"], "modified": "2014-07-01T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-68397", "id": "SSV:68397", "sourceData": "\n CVE-2010-1157: Apache Tomcat information disclosure vulnerability\r\n\r\nSeverity: Low\r\n\r\nVendor: The Apache Software Foundation\r\n\r\nVersions Affected:\r\n\r\n- - Tomcat 6.0.0 to 6.0.26\r\n\r\n- - Tomcat 5.5.0 to 5.5.29\r\n\r\nNote: The unsupported Tomcat 3.x, 4.x and 5.0.x versions may also be\r\naffected.\r\n\r\n\r\nDescription:\r\n\r\nThe "WWW-Authenticate" header for BASIC and DIGEST authentication includes a\r\nrealm name. If a <realm-name> element is specified for the application in\r\nweb.xml it will be used. However, a <realm-name> is not specified then\r\nTomcat will generate one using the code snippet:\r\n\r\nrequest.getServerName() + ":" + request.getServerPort() In some\r\ncircumstances this can expose the local hostname or IP address of the\r\nmachine running Tomcat.\r\n\r\nExample:\r\n\r\nGET /application/j_security_check HTTP/1.0\r\n\r\n\r\nHTTP/1.1 401 Unauthorized\r\n\r\nServer: Apache-Coyote/1.1\r\n\r\nWWW-Authenticate: Basic realm="tomcat01:8080"\r\n\r\nContent-Type: text/html;charset=utf-8\r\n\r\nContent-Length: 954\r\n\r\nDate: Thu, 31 Dec 2009 12:18:11 GMT\r\n\r\nConnection: close\r\n\r\n\r\nMitigation:\r\n\r\nAdministrators of web applications that use BASIC or DIGEST authentication\r\nare recommended to set an appropriate realm name in the web application's\r\nweb.xml file.\r\n\r\nAlternatively, the following patches may be used to change the default realm\r\nto "Authentication required" (without the quotes):\r\n\r\n- - Tomcat 6.0.x: http://svn.apache.org/viewvc?view=rev&rev=936540\r\n\r\n- - Tomcat 5.5.x: http://svn.apache.org/viewvc?view=rev&rev=936541\r\n\r\nThese patches will be included in the next releases of Tomcat 5.5.x and\r\nTomcat 6.0.x. No release date has been set for the next Tomcat 5.5.x and\r\nTomcat 6.0.x releases.\r\n\r\n\r\nCredit:\r\n\r\nThis issue was discovered by Deniz Cevik.\r\n\r\n\r\nReferences:\r\n\r\nhttp://tomcat.apache.org/security.html\r\n\r\nhttp://tomcat.apache.org/security-6.html\r\n\r\nhttp://tomcat.apache.org/security-5.html\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-68397", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-11-19T18:12:31", "description": "No description provided by source.", "cvss3": {}, "published": "2010-04-23T00:00:00", "type": "seebug", "title": "Apache Tomcat v. 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 information disclosure vulnerability", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2010-1157"], "modified": "2010-04-23T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-19493", "id": "SSV:19493", "sourceData": "\n CVE-2010-1157: Apache Tomcat information disclosure vulnerability\r\n \r\nSeverity: Low\r\n \r\nVendor: The Apache Software Foundation\r\n \r\nVersions Affected:\r\n \r\n- - Tomcat 6.0.0 to 6.0.26\r\n \r\n- - Tomcat 5.5.0 to 5.5.29\r\n \r\nNote: The unsupported Tomcat 3.x, 4.x and 5.0.x versions may also be\r\naffected.\r\n \r\n \r\nDescription:\r\n \r\nThe "WWW-Authenticate" header for BASIC and DIGEST authentication includes a\r\nrealm name. If a <realm-name> element is specified for the application in\r\nweb.xml it will be used. However, a <realm-name> is not specified then\r\nTomcat will generate one using the code snippet:\r\n \r\nrequest.getServerName() + ":" + request.getServerPort() In some\r\ncircumstances this can expose the local hostname or IP address of the\r\nmachine running Tomcat.\r\n \r\nExample:\r\n \r\nGET /application/j_security_check HTTP/1.0\r\n \r\n \r\nHTTP/1.1 401 Unauthorized\r\n \r\nServer: Apache-Coyote/1.1\r\n \r\nWWW-Authenticate: Basic realm="tomcat01:8080"\r\n \r\nContent-Type: text/html;charset=utf-8\r\n \r\nContent-Length: 954\r\n \r\nDate: Thu, 31 Dec 2009 12:18:11 GMT\r\n \r\nConnection: close\r\n \r\n \r\nMitigation:\r\n \r\nAdministrators of web applications that use BASIC or DIGEST authentication\r\nare recommended to set an appropriate realm name in the web application's\r\nweb.xml file.\r\n \r\nAlternatively, the following patches may be used to change the default realm\r\nto "Authentication required" (without the quotes):\r\n \r\n- - Tomcat 6.0.x: http://svn.apache.org/viewvc?view=rev&rev=936540\r\n \r\n- - Tomcat 5.5.x: http://svn.apache.org/viewvc?view=rev&rev=936541\r\n \r\nThese patches will be included in the next releases of Tomcat 5.5.x and\r\nTomcat 6.0.x. No release date has been set for the next Tomcat 5.5.x and\r\nTomcat 6.0.x releases.\r\n \r\nCredit:\r\n \r\nThis issue was discovered by Deniz Cevik.\r\n \r\n \r\nReferences:\r\n \r\nhttp://tomcat.apache.org/security.html\r\n \r\nhttp://tomcat.apache.org/security-6.html\r\n \r\nhttp://tomcat.apache.org/security-5.html\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-19493", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-11-19T18:16:58", "description": "BUGTRAQ ID: 39635\r\nCVE ID: CVE-2010-1157\r\n\r\nApache Tomcat\u662f\u4e00\u4e2a\u6d41\u884c\u7684\u5f00\u653e\u6e90\u7801\u7684JSP\u5e94\u7528\u670d\u52a1\u5668\u7a0b\u5e8f\u3002\r\n\r\nBASIC\u548cDIGEST\u8ba4\u8bc1\u7684WWW-Authenticate\u5934\u5305\u542b\u6709\u533a\u57df\u540d\u3002\u5982\u679cweb.xml\u4e2d\u5bf9\u5e94\u7528\u6307\u5b9a\u4e86<realm- name>\u5143\u7d20\uff0c\u5c31\u4f1a\u4f7f\u7528\u6307\u5b9a\u7684\u533a\u57df\u540d\uff0c\u5426\u5219Tomcat\u5c31\u4f1a\u4f7f\u7528\u4ee5\u4e0b\u4ee3\u7801\u6bb5\u751f\u6210\u4e00\u4e2a\u533a\u57df\u540d\uff1a\r\n \r\nrequest.getServerName() + ":" + request.getServerPort()\r\n\r\n\u5728\u67d0\u4e9b\u73af\u5883\u4e2d\u8fd9\u53ef\u80fd\u4f1a\u66b4\u9732\u8fd0\u884cTomcat\u673a\u5668\u7684\u672c\u5730\u4e3b\u673a\u540d\u6216IP\u5730\u5740\u3002\n\nApache Group Tomcat 6.0.x\r\nApache Group Tomcat 5.5.x\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nApache Group\r\n------------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://svn.apache.org/viewvc?view=rev&rev=936540 \r\nhttp://svn.apache.org/viewvc?view=rev&rev=936541", "cvss3": {}, "published": "2010-04-26T00:00:00", "title": "Apache Tomcat\u8ba4\u8bc1\u5934\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2010-1157"], "modified": "2010-04-26T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-19510", "id": "SSV:19510", "sourceData": "\n HTTP/1.1 401 Unauthorized\r\nServer: Apache-Coyote/1.1 \r\nWWW-Authenticate: Basic realm="tomcat01:8080" \r\nContent-Type: text/html;charset=utf-8 \r\nContent-Length: 954 \r\nDate: Thu, 31 Dec 2009 12:18:11 GMT \r\nConnection: close\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-19510", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "osv": [{"lastseen": "2022-06-17T23:02:05", "description": "Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.", "edition": 1, "cvss3": {}, "published": "2022-05-02T06:19:37", "type": "osv", "title": "Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1157"], "modified": "2022-06-17T22:33:12", "id": "OSV:GHSA-W6Q7-WW2X-7GM3", "href": "https://osv.dev/vulnerability/GHSA-w6q7-ww2x-7gm3", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-08-10T07:07:57", "description": "\nVarious vulnerabilities have been discovered in the Tomcat Servlet and\nJSP engine, resulting in denial of service, cross-site scripting,\ninformation disclosure and WAR file traversal. Further details on the\nindividual security issues can be found on the [Apache\nTomcat 5 vulnerabilities page](http://tomcat.apache.org/security-5.html).\n\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 5.5.26-5lenny2.\n\n\nThe stable distribution (squeeze) no longer contains tomcat5.5. tomcat6\nis already fixed.\n\n\nThe unstable distribution (sid) no longer contains tomcat5.5. tomcat6\nis already fixed.\n\n\nWe recommend that you upgrade your tomcat5.5 packages.\n\n\n", "edition": 1, "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "baseScore": 4.2, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.4}, "published": "2011-03-30T00:00:00", "type": "osv", "title": "tomcat5.5 - several", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-0033", "CVE-2009-2693", "CVE-2009-0580", "CVE-2009-0781", "CVE-2008-5515", "CVE-2010-1157", "CVE-2010-2227", "CVE-2009-0783", "CVE-2009-2902"], "modified": "2022-08-10T07:07:50", "id": "OSV:DSA-2207-1", "href": "https://osv.dev/vulnerability/DSA-2207-1", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "exploitpack": [{"lastseen": "2020-04-01T19:04:03", "description": "\nApache Tomcat 5.5.0 5.5.29 6.0.0 6.0.26 - Information Disclosure", "edition": 2, "cvss3": {}, "published": "2010-04-22T00:00:00", "title": "Apache Tomcat 5.5.0 5.5.29 6.0.0 6.0.26 - Information Disclosure", "type": "exploitpack", "bulletinFamily": "exploit", "cvss2": {"severity": "LOW", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1157"], "modified": "2010-04-22T00:00:00", "id": "EXPLOITPACK:B817C3837AAE1BBA6FEB9BABE212CE90", "href": "", "sourceData": "CVE-2010-1157: Apache Tomcat information disclosure vulnerability\n\nSeverity: Low\n\nVendor: The Apache Software Foundation\n\nVersions Affected:\n\n- - Tomcat 6.0.0 to 6.0.26\n\n- - Tomcat 5.5.0 to 5.5.29\n\nNote: The unsupported Tomcat 3.x, 4.x and 5.0.x versions may also be\naffected.\n\n\nDescription:\n\nThe \"WWW-Authenticate\" header for BASIC and DIGEST authentication includes a\nrealm name. If a <realm-name> element is specified for the application in\nweb.xml it will be used. However, a <realm-name> is not specified then\nTomcat will generate one using the code snippet:\n\nrequest.getServerName() + \":\" + request.getServerPort() In some\ncircumstances this can expose the local hostname or IP address of the\nmachine running Tomcat.\n\nExample:\n\nGET /application/j_security_check HTTP/1.0\n\n\nHTTP/1.1 401 Unauthorized\n\nServer: Apache-Coyote/1.1\n\nWWW-Authenticate: Basic realm=\"tomcat01:8080\"\n\nContent-Type: text/html;charset=utf-8\n\nContent-Length: 954\n\nDate: Thu, 31 Dec 2009 12:18:11 GMT\n\nConnection: close\n\n\nMitigation:\n\nAdministrators of web applications that use BASIC or DIGEST authentication\nare recommended to set an appropriate realm name in the web application's\nweb.xml file.\n\nAlternatively, the following patches may be used to change the default realm\nto \"Authentication required\" (without the quotes):\n\n- - Tomcat 6.0.x: http://svn.apache.org/viewvc?view=rev&rev=936540\n\n- - Tomcat 5.5.x: http://svn.apache.org/viewvc?view=rev&rev=936541\n\nThese patches will be included in the next releases of Tomcat 5.5.x and\nTomcat 6.0.x. No release date has been set for the next Tomcat 5.5.x and\nTomcat 6.0.x releases.\n\n\nCredit:\n\nThis issue was discovered by Deniz Cevik.\n\n\nReferences:\n\nhttp://tomcat.apache.org/security.html\n\nhttp://tomcat.apache.org/security-6.html\n\nhttp://tomcat.apache.org/security-5.html", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N"}}], "freebsd": [{"lastseen": "2022-01-19T16:03:50", "description": "\n\nThe Apache software foundation reports:\n\nThe \"WWW-Authenticate\" header for BASIC and DIGEST\n\t authentication includes a realm name. If a <realm-name>\n\t element is specified for the application in web.xml it\n\t will be used. However, a <realm-name> is not\n\t specified then Tomcat will generate one.\nIn some circumstances this can expose the local\n\t hostname or IP address of the machine running Tomcat.\n\n\n", "cvss3": {}, "published": "2010-04-22T00:00:00", "type": "freebsd", "title": "tomcat -- information disclosure vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1157"], "modified": "2010-04-22T00:00:00", "id": "3383E706-4FC3-11DF-83FB-0015587E2CC1", "href": "https://vuxml.freebsd.org/freebsd/3383e706-4fc3-11df-83fb-0015587e2cc1.html", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N"}}], "github": [{"lastseen": "2023-01-27T05:07:00", "description": "Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.", "cvss3": {}, "published": "2022-05-02T06:19:37", "type": "github", "title": "Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1157"], "modified": "2023-01-27T05:02:03", "id": "GHSA-W6Q7-WW2X-7GM3", "href": "https://github.com/advisories/GHSA-w6q7-ww2x-7gm3", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N"}}], "exploitdb": [{"lastseen": "2022-08-16T04:59:09", "description": "", "cvss3": {}, "published": "2010-04-22T00:00:00", "type": "exploitdb", "title": "Apache Tomcat 5.5.0 < 5.5.29 / 6.0.0 < 6.0.26 - Information Disclosure", "bulletinFamily": "exploit", "cvss2": {"severity": "LOW", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["2010-1157", "CVE-2010-1157"], "modified": "2010-04-22T00:00:00", "id": "EDB-ID:12343", "href": "https://www.exploit-db.com/exploits/12343", "sourceData": "CVE-2010-1157: Apache Tomcat information disclosure vulnerability\r\n\r\nSeverity: Low\r\n\r\nVendor: The Apache Software Foundation\r\n\r\nVersions Affected:\r\n\r\n- - Tomcat 6.0.0 to 6.0.26\r\n\r\n- - Tomcat 5.5.0 to 5.5.29\r\n\r\nNote: The unsupported Tomcat 3.x, 4.x and 5.0.x versions may also be\r\naffected.\r\n\r\n\r\nDescription:\r\n\r\nThe \"WWW-Authenticate\" header for BASIC and DIGEST authentication includes a\r\nrealm name. If a <realm-name> element is specified for the application in\r\nweb.xml it will be used. However, a <realm-name> is not specified then\r\nTomcat will generate one using the code snippet:\r\n\r\nrequest.getServerName() + \":\" + request.getServerPort() In some\r\ncircumstances this can expose the local hostname or IP address of the\r\nmachine running Tomcat.\r\n\r\nExample:\r\n\r\nGET /application/j_security_check HTTP/1.0\r\n\r\n\r\nHTTP/1.1 401 Unauthorized\r\n\r\nServer: Apache-Coyote/1.1\r\n\r\nWWW-Authenticate: Basic realm=\"tomcat01:8080\"\r\n\r\nContent-Type: text/html;charset=utf-8\r\n\r\nContent-Length: 954\r\n\r\nDate: Thu, 31 Dec 2009 12:18:11 GMT\r\n\r\nConnection: close\r\n\r\n\r\nMitigation:\r\n\r\nAdministrators of web applications that use BASIC or DIGEST authentication\r\nare recommended to set an appropriate realm name in the web application's\r\nweb.xml file.\r\n\r\nAlternatively, the following patches may be used to change the default realm\r\nto \"Authentication required\" (without the quotes):\r\n\r\n- - Tomcat 6.0.x: http://svn.apache.org/viewvc?view=rev&rev=936540\r\n\r\n- - Tomcat 5.5.x: http://svn.apache.org/viewvc?view=rev&rev=936541\r\n\r\nThese patches will be included in the next releases of Tomcat 5.5.x and\r\nTomcat 6.0.x. No release date has been set for the next Tomcat 5.5.x and\r\nTomcat 6.0.x releases.\r\n\r\n\r\nCredit:\r\n\r\nThis issue was discovered by Deniz Cevik.\r\n\r\n\r\nReferences:\r\n\r\nhttp://tomcat.apache.org/security.html\r\n\r\nhttp://tomcat.apache.org/security-6.html\r\n\r\nhttp://tomcat.apache.org/security-5.html", "sourceHref": "https://www.exploit-db.com/download/12343", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N"}}], "debian": [{"lastseen": "2021-10-22T00:24:43", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2207-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nMarch 30, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : tomcat5.5\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2008-5515 CVE-2009-0033 CVE-2009-0580 CVE-2009-0781 CVE-2009-0783 CVE-2009-2693 CVE-2009-2902 CVE-2010-1157 CVE-2010-2227\n\nVarious vulnerabilities have been discovered in the Tomcat Servlet and \nJSP engine, resulting in denial of service, cross-site scripting, \ninformation disclosure and WAR file traversal. Further details on the\nindividual security issues can be found at \nhttp://tomcat.apache.org/security-5.html.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 5.5.26-5lenny2.\n\nThe stable distribution (squeeze) no longer contains tomcat5.5. tomcat6\nis already fixed.\n\nThe unstable distribution (sid) no longer contains tomcat5.5. tomcat6\nis already fixed.\n\nWe recommend that you upgrade your tomcat5.5 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "LOW", "integrityImpact": "LOW", "baseScore": 4.2, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.4}, "published": "2011-03-29T22:35:34", "type": "debian", "title": "[SECURITY] [DSA 2207-1] tomcat5.5 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5515", "CVE-2009-0033", "CVE-2009-0580", "CVE-2009-0781", "CVE-2009-0783", "CVE-2009-2693", "CVE-2009-2902", "CVE-2010-1157", "CVE-2010-2227"], "modified": "2011-03-29T22:35:34", "id": "DEBIAN:DSA-2207-1:6DF41", "href": "https://lists.debian.org/debian-security-announce/2011/msg00075.html", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:39:16", "description": "[0:5.5.23-0jpp.9]\n- Resolves: rhbz#619424 fixed servlet-api typo. serve4-api to servlet-api\n- RHSA-2010:9748\n[0:5.5.23-0jpp.8]\n- Patches backported from RHEL-5 tomcat5-5.5.23-0jpp.10.el5\n- Updated init script for LSB compliance, catalina.log permissions\n- Resolves: CVE-2009-2693, CVE-2009-2902, CVE-2010-2227\n- CVE_2010-0781 ", "cvss3": {}, "published": "2010-08-02T00:00:00", "type": "oraclelinux", "title": "tomcat5 security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2009-2693", "CVE-2010-2227", "CVE-2009-2696", "CVE-2009-2902"], "modified": "2010-08-02T00:00:00", "id": "ELSA-2010-0580", "href": "http://linux.oracle.com/errata/ELSA-2010-0580.html", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "centos": [{"lastseen": "2023-01-01T04:48:17", "description": "**CentOS Errata and Security Advisory** CESA-2010:0580\n\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nA flaw was found in the way Tomcat handled the Transfer-Encoding header in\nHTTP requests. A specially-crafted HTTP request could prevent Tomcat from\nsending replies, or cause Tomcat to return truncated replies, or replies\ncontaining data related to the requests of other users, for all subsequent\nHTTP requests. (CVE-2010-2227)\n\nThe Tomcat security update RHSA-2009:1164 did not, unlike the erratum text\nstated, provide a fix for CVE-2009-0781, a cross-site scripting (XSS) flaw\nin the examples calendar application. With some web browsers, remote\nattackers could use this flaw to inject arbitrary web script or HTML via\nthe \"time\" parameter. (CVE-2009-2696)\n\nTwo directory traversal flaws were found in the Tomcat deployment process.\nA specially-crafted WAR file could, when deployed, cause a file to be\ncreated outside of the web root into any directory writable by the Tomcat\nuser, or could lead to the deletion of files in the Tomcat host's work\ndirectory. (CVE-2009-2693, CVE-2009-2902)\n\nUsers of Tomcat should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. Tomcat must be restarted for\nthis update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2010-August/066333.html\nhttps://lists.centos.org/pipermail/centos-announce/2010-August/066334.html\n\n**Affected packages:**\ntomcat5\ntomcat5-admin-webapps\ntomcat5-common-lib\ntomcat5-jasper\ntomcat5-jasper-javadoc\ntomcat5-jsp-2.0-api\ntomcat5-jsp-2.0-api-javadoc\ntomcat5-server-lib\ntomcat5-servlet-2.4-api\ntomcat5-servlet-2.4-api-javadoc\ntomcat5-webapps\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2010:0580", "cvss3": {}, "published": "2010-08-03T00:39:04", "type": "centos", "title": "tomcat5 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-0781", "CVE-2009-2693", "CVE-2009-2696", "CVE-2009-2902", "CVE-2010-2227"], "modified": "2010-08-03T00:39:04", "id": "CESA-2010:0580", "href": "https://lists.centos.org/pipermail/centos-announce/2010-August/066333.html", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "gentoo": [{"lastseen": "2022-01-17T19:12:44", "description": "### Background\n\nApache Tomcat is a Servlet-3.0/JSP-2.2 Container.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Apache Tomcat. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nThe vulnerabilities allow an attacker to cause a Denial of Service, to hijack a session, to bypass authentication, to inject webscript, to enumerate valid usernames, to read, modify and overwrite arbitrary files, to bypass intended access restrictions, to delete work-directory files, to discover the server\u2019s hostname or IP, to bypass read permissions for files or HTTP headers, to read or write files outside of the intended working directory, and to obtain sensitive information by reading a log file. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Apache Tomcat 6.0.x users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-servers/tomcat-6.0.35\"\n \n\nAll Apache Tomcat 7.0.x users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-servers/tomcat-7.0.23\"", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "LOW", "integrityImpact": "LOW", "baseScore": 4.2, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.4}, "published": "2012-06-24T00:00:00", "type": "gentoo", "title": "Apache Tomcat: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5515", "CVE-2009-0033", "CVE-2009-0580", "CVE-2009-0781", "CVE-2009-0783", "CVE-2009-2693", "CVE-2009-2901", "CVE-2009-2902", "CVE-2010-1157", "CVE-2010-2227", "CVE-2010-3718", "CVE-2010-4172", "CVE-2010-4312", "CVE-2011-0013", "CVE-2011-0534", "CVE-2011-1088", "CVE-2011-1183", "CVE-2011-1184", "CVE-2011-1419", "CVE-2011-1475", "CVE-2011-1582", "CVE-2011-2204", "CVE-2011-2481", "CVE-2011-2526", "CVE-2011-2729", "CVE-2011-3190", "CVE-2011-3375", "CVE-2011-4858", "CVE-2011-5062", "CVE-2011-5063", "CVE-2011-5064", "CVE-2012-0022"], "modified": "2016-03-20T00:00:00", "id": "GLSA-201206-24", "href": "https://security.gentoo.org/glsa/201206-24", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ibm": [{"lastseen": "2022-10-01T01:49:46", "description": "## Summary\n\nIBM Sterling B2B Integrator has integrated multiple security vulnerability fixes from Apache Log4j, please see list of CVEs for vulnerability details\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2017-5645](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5645>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by an error when using the TCP socket server or UDP socket server to receive serialized log events from another application. By deserializing a specially crafted binary payload, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/127479](<https://exchange.xforce.ibmcloud.com/vulnerabilities/127479>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-9488](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9488>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a man-in-the-middle attack, caused by improper certificate validation with host mismatch in the SMTP appender. An attacker could exploit this vulnerability to launch a man-in-the-middle attack and gain access to the communication channel between endpoints to obtain sensitive information or further compromise the system. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/180824](<https://exchange.xforce.ibmcloud.com/vulnerabilities/180824>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2019-17571](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17571>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by improper deserialization of untrusted data in SocketServer. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/173314](<https://exchange.xforce.ibmcloud.com/vulnerabilities/173314>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2010-1157](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1157>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an error related to the generation of a realm name when one isn't specified for a web.xml application. A remote attacker could exploit this vulnerability using the WWW-Authenticate header to obtain the IP address or local hostname of the system. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/58055](<https://exchange.xforce.ibmcloud.com/vulnerabilities/58055>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) \n \n** CVEID: **[CVE-2010-2227](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2227>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service, caused by multiple flaws when handling Transfer-Encoding headers that prevents a buffer from recycling. By sending a specially-crafted request in a Transfer-Encoding header, a remote attacker could exploit this vulnerability to trigger the failure of subsequent requests or information leaks between the requests. \nCVSS Base score: 6.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/60264](<https://exchange.xforce.ibmcloud.com/vulnerabilities/60264>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:P) \n \n** CVEID: **[CVE-2010-4172](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4172>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the sessionsList.jsp script. A remote attacker could exploit this vulnerability using the sort or orderby parameter in a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/63422](<https://exchange.xforce.ibmcloud.com/vulnerabilities/63422>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2010-4312](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4312>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to hijack a valid user's session, caused by a missing HttpOnly mechanism flag in a Set-Cookie header. By persuading a victim to visit a specially-crafted link and log into the application, a remote attacker could exploit this vulnerability to hijack another user's account and possibly launch further attacks on the system. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/63477](<https://exchange.xforce.ibmcloud.com/vulnerabilities/63477>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2010-3718](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3718>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the ServletContect attribute being improperly restricted to read-only setting. An attacker could exploit this vulnerability to gain unauthorized read and write access to the system. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/65159](<https://exchange.xforce.ibmcloud.com/vulnerabilities/65159>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2011-0534](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0534>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service, caused by an error in the NIO connector when processing a request line. By sending a specially-crafted request, a remote attacker could exploit the vulnerability to cause an OutOfMemory error and crash the server. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/65162](<https://exchange.xforce.ibmcloud.com/vulnerabilities/65162>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n** CVEID: **[CVE-2011-0013](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0013>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by when displaying web application data. A remote attacker could exploit this vulnerability using the HTML Manager interface to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/65160](<https://exchange.xforce.ibmcloud.com/vulnerabilities/65160>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2011-2526](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2526>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the improper validation of request attributes by sendfile. A remote attacker could exploit this vulnerability to obtain sensitive information and cause the JVM to crash. \nCVSS Base score: 6.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/68541](<https://exchange.xforce.ibmcloud.com/vulnerabilities/68541>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:P) \n \n** CVEID: **[CVE-2011-3190](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3190>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the improper handling of messages by the AJP protocol. A remote attacker could exploit this vulnerability to inject arbitrary AJP messages to bypass the authentication process and possibly obtain sensitive information. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/69472](<https://exchange.xforce.ibmcloud.com/vulnerabilities/69472>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n \n** CVEID: **[CVE-2011-4858](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4858>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service, caused by insufficient randomization of hash data structures. By sending multiple specially-crafted HTTP POST requests to an affected application containing conflicting hash key values, a remote attacker could exploit this vulnerability to cause the consumption of CPU resources. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/72016](<https://exchange.xforce.ibmcloud.com/vulnerabilities/72016>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n** CVEID: **[CVE-2011-1184](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1184>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by multiple errors related to the implementation of HTTP DIGEST authentication. A remote attacker could exploit this vulnerability to perform unauthorized actions. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/70052](<https://exchange.xforce.ibmcloud.com/vulnerabilities/70052>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2011-5063](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5063>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the failure to check realm values by the HTTP Digest Access Authentication implementation. A remote attacker could exploit this vulnerability to bypass security restrictions. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/72437](<https://exchange.xforce.ibmcloud.com/vulnerabilities/72437>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n \n** CVEID: **[CVE-2012-2733](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2733>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service, caused by the improper verification of the request headers by the parseHeaders() function. A remote attacker could exploit this vulnerability using specially-crafted headers to cause an out-of-memory exception. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/79806](<https://exchange.xforce.ibmcloud.com/vulnerabilities/79806>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n** CVEID: **[CVE-2011-5064](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5064>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the use of Catalina as the hard-coded private key by DigestAuthenticator.java within the HTTP Digest Access Authentication implementation. A remote attacker could exploit this vulnerability to bypass cryptographic protection mechanisms. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/72438](<https://exchange.xforce.ibmcloud.com/vulnerabilities/72438>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n \n** CVEID: **[CVE-2012-0022](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0022>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service, caused by the improper handling of an overly large number of parameter and parameter values. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to consume an overly large amount of CPU resources. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/72425](<https://exchange.xforce.ibmcloud.com/vulnerabilities/72425>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n** CVEID: **[CVE-2011-5062](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5062>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the failure to check qop values by the HTTP Digest Access Authentication implementation. A remote attacker could exploit this vulnerability to bypass intended integrity-protection requirements. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/72436](<https://exchange.xforce.ibmcloud.com/vulnerabilities/72436>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) \n \n** CVEID: **[CVE-2012-5885](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5885>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the tracking of cnonce values instead of nonce and nc values by the replay-countermeasure functionality in the HTTP Digest Access Authentication implementation. By sniffing the network, a remote attacker could exploit this vulnerability to bypass security restrictions. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/80408](<https://exchange.xforce.ibmcloud.com/vulnerabilities/80408>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2012-5886](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5886>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the caching of information about the authenticated user within the session state by the HTTP Digest Access Authentication implementation. A remote attacker could exploit this vulnerability to bypass security restrictions. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/80407](<https://exchange.xforce.ibmcloud.com/vulnerabilities/80407>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2012-5887](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5887>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the failure to properly check server nonces by the DIGEST authentication mechanism. A remote attacker could exploit this vulnerability to gain unauthorized access to the system. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/79809](<https://exchange.xforce.ibmcloud.com/vulnerabilities/79809>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2012-3546](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3546>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by an error in the FormAuthenticator component during FORM authentication. By leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI, an attacker could exploit his vulnerability to bypass the authentication mechanism and gain unauthorized access to the system. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/80517](<https://exchange.xforce.ibmcloud.com/vulnerabilities/80517>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2012-4431](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4431>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by an error in the doFilter() method. By sending a specially-crafted request to a protected source without a session identifier present in the request, an attacker could exploit this vulnerability to bypass the CSRF prevention filter and gain unauthorized access to the system. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/80518](<https://exchange.xforce.ibmcloud.com/vulnerabilities/80518>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2012-4534](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4534>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service, caused by an error when using the NIO connector with sendfile and HTTPS enabled. A remote attacker could exploit this vulnerability to cause the application to enter an infinite loop and consume all available CPU resources. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/80516](<https://exchange.xforce.ibmcloud.com/vulnerabilities/80516>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n** CVEID: **[CVE-2012-3544](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3544>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service, caused by the failure to properly handle chunk extensions in chunked transfer coding. By streaming data, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/84952](<https://exchange.xforce.ibmcloud.com/vulnerabilities/84952>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n** CVEID: **[CVE-2013-2067](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2067>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to hijack a valid user's session, caused by the improper validation of session cookies by the FormAuthenticator module. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to hijack another user's session and possibly launch further attacks on the system. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/84154](<https://exchange.xforce.ibmcloud.com/vulnerabilities/84154>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2013-2185](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2185>) \n** DESCRIPTION: **Red Hat JBoss Enterprise Application Platform could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions by the implementation of the DiskFileItem class. By sending a specially-crafted HTTP request, a remote attacker could exploit this vulnerability using serialized instance of the DiskFileItem class to upload a file containing a NULL byte, which could allow the attacker to execute arbitrary PHP code on the vulnerable system. \nCVSS Base score: 6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/87273](<https://exchange.xforce.ibmcloud.com/vulnerabilities/87273>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:P) \n \n** CVEID: **[CVE-2013-4286](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4286>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to HTTP request smuggling, caused by an incomplete fix related to the handling of malicious request. By sending a specially-crafted request in a Transfer-Encoding: chunked header and a Content-length header to the Apache HTTP server that will be reassembled with the original Content-Length header value, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/91426](<https://exchange.xforce.ibmcloud.com/vulnerabilities/91426>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2013-4322](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4322>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service, caused by an incomplete fix related to the processing of chunked transfer coding without properly handling a large total amount of chunked data or whitespace characters in an HTTP header value. A remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/91625](<https://exchange.xforce.ibmcloud.com/vulnerabilities/91625>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n** CVEID: **[CVE-2013-4590](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4590>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection (XXE) error when running untrusted web applications. By sending a specially-crafted request, an attacker could exploit this vulnerability to read arbitrary files and obtain sensitive information. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/91424](<https://exchange.xforce.ibmcloud.com/vulnerabilities/91424>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n \n** CVEID: **[CVE-2014-0075](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0075>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service, caused by an integer overflow in the parseChunkHeader function. A remote attacker could exploit this vulnerability using a malformed chunk size as part of a chunked request to consume all available resources. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/93365](<https://exchange.xforce.ibmcloud.com/vulnerabilities/93365>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n** CVEID: **[CVE-2014-0096](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0096>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection (XXE) error when processing XML data by the default server. By sending specially-crafted XML data, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/93367](<https://exchange.xforce.ibmcloud.com/vulnerabilities/93367>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n \n** CVEID: **[CVE-2014-0099](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0099>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the failure to check for overflows when parsing content length headers. By sending specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/93369](<https://exchange.xforce.ibmcloud.com/vulnerabilities/93369>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) \n \n** CVEID: **[CVE-2014-0119](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0119>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the replacement of the XML parsers used to process XSLTs for the default servlet. An attacker could exploit this vulnerability using a specially-crafted application to obtain sensitive information. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/93368](<https://exchange.xforce.ibmcloud.com/vulnerabilities/93368>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) \n \n** CVEID: **[CVE-2013-4444](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4444>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions by the File Upload feature. By sending a specially-crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious JSP, which could allow the attacker to execute arbitrary JSP code on the vulnerable system. \nCVSS Base score: 6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/95876](<https://exchange.xforce.ibmcloud.com/vulnerabilities/95876>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:P) \n \n** CVEID: **[CVE-2014-0227](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0227>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to HTTP request smuggling. A remote attacker could send a specially-crafted request in a malformed chunked header to the Web server to cause multiple processing conflicts on the servers. An attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/100751](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100751>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2014-0230](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0230>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service, caused by an error when an HTTP response is returned before the entire request body is fully read. An attacker could exploit this vulnerability using a series of aborted upload attempts to cause a denial of service. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/102131](<https://exchange.xforce.ibmcloud.com/vulnerabilities/102131>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n** CVEID: **[CVE-2014-7810](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7810>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the use of expression language. An attacker could exploit this vulnerability to bypass the protections of a Security Manager. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/103155](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103155>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2015-5174](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5174>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) in the getResource(), getResourceAsStream() and getResourcePaths() ServletContext methods to obtain a directory listing for the directory. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/110860](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110860>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2015-5345](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5345>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an error when accessing a protected directory. By redirecting to the URL, an attacker could exploit this vulnerability to determine the presence of a directory. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/110857](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110857>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2016-0706](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0706>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the loading of the StatusManagerServlet during the configuration of a security manager. An attacker could exploit this vulnerability to obtain deployed applications and other sensitive information. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/110855](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110855>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2016-0714](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0714>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by an error in multiple session persistence mechanisms. By placing a malicious object into a session, an attacker could exploit this vulnerability to bypass a security manager and possibly execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/110856](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110856>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2016-6816](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6816>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/119158](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119158>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2017-5647](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5647>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an error in the processing of pipelined requests in send file. An attacker could exploit this vulnerability to obtain sensitive information from the wrong response. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/124400](<https://exchange.xforce.ibmcloud.com/vulnerabilities/124400>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2016-0762](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0762>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the failure to process the user supplied password if the specified user name does not exist by the Realm implementation. An attacker could exploit this vulnerability to conduct a timing attack and determine valid usernames on the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/118407](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118407>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2016-5018](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5018>) \n** DESCRIPTION: **Apache Tomcat could allow a local attacker to bypass security restrictions. An attacker could exploit this vulnerability using a Tomcat utility method to bypass a configured SecurityManager. \nCVSS Base score: 4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/118406](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118406>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2016-6794](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6794>) \n** DESCRIPTION: **Apache Tomcat could allow a local attacker to obtain sensitive information, caused by an error in the system property replacement feature. An attacker could exploit this vulnerability to bypass the SecurityManager and read system properties. \nCVSS Base score: 4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/118405](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118405>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2016-6796](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6796>) \n** DESCRIPTION: **Apache Tomcat could allow a local attacker to bypass security restrictions. By modifying configuration parameters for the JSP Servlet, an attacker could exploit this vulnerability to bypass a configured SecurityManager. \nCVSS Base score: 4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/118404](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118404>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2020-8022](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8022>) \n** DESCRIPTION: **tomcat package for openSUSE could allow a local authenticated attacker to gain elevated privileges on the system, caused by an incorrect default permission flaw. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges as root. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/184110](<https://exchange.xforce.ibmcloud.com/vulnerabilities/184110>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| APAR(s)| Version(s) \n---|---|--- \nIBM Sterling B2B Integrator| IT37848| 5.2.0.0 - 6.0.3.4 \nIBM Sterling B2B Integrator| IT37848| 6.1.0.0 - 6.1.0.3 \n \n\n\n## Remediation/Fixes\n\nProduct & Version| Remediation & Fix \n---|--- \n5.2.0.0 - 6.0.3.4| Apply IBM Sterling B2B Integrator version 6.0.3.5 or 6.1.1.0 on [Fix Central](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/Sterling+B2B+Integrator&release=All&platform=All&function=all>) \n6.1.0.0 - 6.1.0.3| Apply IBM Sterling B2B Integrator version 6.1.1.0 on [Fix Central](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/Sterling+B2B+Integrator&release=All&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n1st Oct 2021: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SS3JSW\",\"label\":\"Sterling B2B Integrator\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF051\",\"label\":\"Linux on IBM Z Systems\"},{\"code\":\"PF033\",\"label\":\"Windows\"},{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF010\",\"label\":\"HP-UX\"},{\"code\":\"PF027\",\"label\":\"Solaris\"},{\"code\":\"PF012\",\"label\":\"IBM i\"}],\"Version\":\"5.2.0.0 - 6.1.1.0\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB59\",\"label\":\"Sustainability Software\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-10-06T14:56:49", "type": "ibm", "title": "Security Bulletin: Apache Log4j Vulnerabilities Affect IBM Sterling B2B Integrator", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1157", "CVE-2010-2227", "CVE-2010-3718", "CVE-2010-4172", "CVE-2010-4312", "CVE-2011-0013", "CVE-2011-0534", "CVE-2011-1184", "CVE-2011-2526", "CVE-2011-3190", "CVE-2011-4858", "CVE-2011-5062", "CVE-2011-5063", "CVE-2011-5064", "CVE-2012-0022", "CVE-2012-2733", "CVE-2012-3544", "CVE-2012-3546", "CVE-2012-4431", "CVE-2012-4534", "CVE-2012-5885", "CVE-2012-5886", "CVE-2012-5887", "CVE-2013-2067", "CVE-2013-2185", "CVE-2013-4286", "CVE-2013-4322", "CVE-2013-4444", "CVE-2013-4590", "CVE-2014-0075", "CVE-2014-0096", "CVE-2014-0099", "CVE-2014-0119", "CVE-2014-0227", "CVE-2014-0230", "CVE-2014-7810", "CVE-2015-5174", "CVE-2015-5345", "CVE-2016-0706", "CVE-2016-0714", "CVE-2016-0762", "CVE-2016-5018", "CVE-2016-6794", "CVE-2016-6796", "CVE-2016-6816", "CVE-2017-5645", "CVE-2017-5647", "CVE-2019-17571", "CVE-2020-8022", "CVE-2020-9488"], "modified": "2021-10-06T14:56:49", "id": "B5810DD31544DECD338CCD71F5C05C78B267068FE3FD01928B5545B05BEE5FA0", "href": "https://www.ibm.com/support/pages/node/6496741", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}]}

Apache Tomcat 6.0.x &lt; 6.0.28 Multiple Vulnerabilities

Description

Related

Apache Tomcat 6.0.x < 6.0.28 Multiple Vulnerabilities