Versions of Tomcat 5.x earlier than 5.5.30 are potentially affected by multiple vulnerabilities :
- The 'WWW-Authenticate' HTTP header for BASIC and DIGEST authentcation may expose the local host name or IP address of the machine running Tomcat. (CVE-2010-1157)
- Several flaws in the handling of the 'Tansfer-Encoding' header could prevent the recycling of buffer. (CVE-2010-2227)
- When running under a SecurityManager, it is possible for web applications to be granted read/write permissions to any area on the file system. (CVE-2010-3718)
{"nessus": [{"lastseen": "2023-01-11T15:14:36", "description": "According to its self-reported version number, the Apache Tomcat server listening on the remote host is 5.5.x prior to 5.5.30. It is, therefore, affected by multiple vulnerabilities :\n\n - An error in the access restriction on a 'ServletContext' attribute which holds the location of the work directory in Tomcat's SecurityManager. A remote attacker may be able to modify the location of the working directory which then allows improper read and write access to arbitrary files and directories in the context of Tomcat.(CVE-2010-3718)\n\n - An error exists in the handling of the 'Transfer-Encoding' header of a client request. This error affects buffer recycling and may lead to the disclosure of sensitive information or allow a denial of service attack to be successful. (CVE-2010-2227)\n\n - An error exists in the handling of the '<realm-name>' element in a web application's web.xml file. If the element is missing from the web.xml file and the application is using BASIC or DIGEST authentication, Tomcat will include the server's hostname or IP address in the 'WWW-Authenticate' header of the response.\n (CVE-2010-1157)\n\nNote that Nessus did not actually test for the flaws but instead has relied on the version in Tomcat's banner or error page so this may be a false positive.", "cvss3": {}, "published": "2010-07-16T00:00:00", "type": "nessus", "title": "Apache Tomcat 5.5.x < 5.5.30", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1157", "CVE-2010-2227", "CVE-2010-3718"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_TRANSFER_ENCODING.NASL", "href": "https://www.tenable.com/plugins/nessus/47749", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(47749);\n script_version(\"1.36\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2010-1157\", \"CVE-2010-2227\", \"CVE-2010-3718\");\n script_bugtraq_id(39635, 41544, 46177);\n script_xref(name:\"SECUNIA\", value:\"39574\");\n script_xref(name:\"SECUNIA\", value:\"43198\");\n\n script_name(english:\"Apache Tomcat 5.5.x < 5.5.30\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apache Tomcat server is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the Apache Tomcat\nserver listening on the remote host is 5.5.x prior to 5.5.30. It is,\ntherefore, affected by multiple vulnerabilities :\n\n - An error in the access restriction on a 'ServletContext'\n attribute which holds the location of the work\n directory in Tomcat's SecurityManager. A remote attacker\n may be able to modify the location of the working\n directory which then allows improper read and write\n access to arbitrary files and directories in the context\n of Tomcat.(CVE-2010-3718)\n\n - An error exists in the handling of the\n 'Transfer-Encoding' header of a client request. This\n error affects buffer recycling and may lead to the\n disclosure of sensitive information or allow a denial\n of service attack to be successful. (CVE-2010-2227)\n\n - An error exists in the handling of the '<realm-name>'\n element in a web application's web.xml file. If the\n element is missing from the web.xml file and the\n application is using BASIC or DIGEST authentication,\n Tomcat will include the server's hostname or IP address\n in the 'WWW-Authenticate' header of the response.\n (CVE-2010-1157)\n\nNote that Nessus did not actually test for the flaws but instead has\nrelied on the version in Tomcat's banner or error page so this may be\na false positive.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://tomcat.apache.org/security-5.html#Fixed_in_Apache_Tomcat_5.5.30\");\n script_set_attribute(attribute:\"see_also\", value:\"http://seclists.org/bugtraq/2010/Apr/200\");\n # http://old.nabble.com/How-to-reproduce-tomcat-security-vulnerabilities-td29775490.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?809a4670\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/fulldisclosure/2011/Feb/74\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Tomcat version 5.5.30 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2010-2227\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/07/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_ATTACK);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n\n exit(0);\n}\n\ninclude(\"tomcat_version.inc\");\n\ntomcat_check_version(fixed:\"5.5.30\", min:\"5.5.0\", severity:SECURITY_WARNING, granularity_regex:\"^5(\\.5)?$\");\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-01-11T14:22:39", "description": "According to its self-reported version number, the Apache Tomcat server listening on the remote host is 5.5.x prior to 5.5.30. It is, therefore, affected by multiple vulnerabilities:\n\n - An error in the access restriction on a 'ServletContext' attribute which holds the location of the work directory in Tomcat's SecurityManager. A remote attacker may be able to modify the location of the working directory which then allows improper read and write access to arbitrary files and directories in the context of Tomcat.(CVE-2010-3718)\n\n - An error exists in the handling of the 'Transfer-Encoding' header of a client request. This error affects buffer recycling and may lead to the disclosure of sensitive information or allow a denial of service attack to be successful. (CVE-2010-2227)\n\n - An error exists in the handling of the '<realm-name>' element in a web application's web.xml file. If the element is missing from the web.xml file and the application is using BASIC or DIGEST authentication, Tomcat will include the server's hostname or IP address in the 'WWW-Authenticate' header of the response. (CVE-2010-1157)\n\nNote that Nessus Network Monitor did not actually test for the flaws but instead has relied on the version in Tomcat's banner or error page so this may be a false positive.", "cvss3": {}, "published": "2011-02-11T00:00:00", "type": "nessus", "title": "Apache Tomcat 5.5.x < 5.5.30 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1157", "CVE-2010-2227", "CVE-2010-3718"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*"], "id": "5786.PASL", "href": "https://www.tenable.com/plugins/nnm/5786", "sourceData": "Binary data 5786.pasl", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-01-11T14:22:28", "description": "Versions of Tomcat 6.x earlier than 6.0.28 are potentially affected by multiple vulnerabilities : \n\n - The 'WWW-Authenticate' HTTP header for BASIC and DIGEST authentication could potentially expose the local host name or IP adddress of the machine running Tomcat. (CVE-2010-1157)\n\n - Several flaws in handling of the 'Transfer-Encoding' header exist that could prevent the recycling of a buffer. (CVE-2010-2227)", "cvss3": {}, "published": "2011-02-11T00:00:00", "type": "nessus", "title": "Apache Tomcat 6.0.x < 6.0.28 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1157", "CVE-2010-2227"], "modified": "2011-02-11T00:00:00", "cpe": [], "id": "800595.PRM", "href": "https://www.tenable.com/plugins/lce/800595", "sourceData": "Binary data 800595.prm", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-01-11T15:20:41", "description": "This update of tomcat fixes denial of service and information disclosure vulnerabilities which could potentially be exploited by remote attackers to crash tomcat or to obtain sensitive information (CVE-2010-2227, CVE-2010-1157).", "cvss3": {}, "published": "2010-09-16T00:00:00", "type": "nessus", "title": "openSUSE Security Update : tomcat6 (openSUSE-SU-2010:0616-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1157", "CVE-2010-2227"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:tomcat6", "p-cpe:/a:novell:opensuse:tomcat6-admin-webapps", "p-cpe:/a:novell:opensuse:tomcat6-docs-webapp", "p-cpe:/a:novell:opensuse:tomcat6-javadoc", "p-cpe:/a:novell:opensuse:tomcat6-jsp-2_1-api", "p-cpe:/a:novell:opensuse:tomcat6-lib", "p-cpe:/a:novell:opensuse:tomcat6-servlet-2_5-api", "p-cpe:/a:novell:opensuse:tomcat6-webapps", "cpe:/o:novell:opensuse:11.2"], "id": "SUSE_11_2_TOMCAT6-100719.NASL", "href": "https://www.tenable.com/plugins/nessus/49259", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update tomcat6-2739.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(49259);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1157\", \"CVE-2010-2227\");\n\n script_name(english:\"openSUSE Security Update : tomcat6 (openSUSE-SU-2010:0616-1)\");\n script_summary(english:\"Check for the tomcat6-2739 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of tomcat fixes denial of service and information\ndisclosure vulnerabilities which could potentially be exploited by\nremote attackers to crash tomcat or to obtain sensitive information\n(CVE-2010-2227, CVE-2010-1157).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=622188\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-09/msg00022.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat6 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-jsp-2_1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-servlet-2_5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/09/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"tomcat6-6.0.20-24.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"tomcat6-admin-webapps-6.0.20-24.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"tomcat6-docs-webapp-6.0.20-24.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"tomcat6-javadoc-6.0.20-24.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"tomcat6-jsp-2_1-api-6.0.20-24.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"tomcat6-lib-6.0.20-24.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"tomcat6-servlet-2_5-api-6.0.20-24.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"tomcat6-webapps-6.0.20-24.7.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-01-11T15:21:33", "description": "This update of tomcat fixes denial of service and information disclosure vulnerabilities which could potentially be exploited by remote attackers to crash tomcat or to obtain sensitive information (CVE-2010-2227, CVE-2010-1157).", "cvss3": {}, "published": "2010-09-16T00:00:00", "type": "nessus", "title": "openSUSE Security Update : tomcat6 (openSUSE-SU-2010:0616-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1157", "CVE-2010-2227"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:tomcat6", "p-cpe:/a:novell:opensuse:tomcat6-admin-webapps", "p-cpe:/a:novell:opensuse:tomcat6-docs-webapp", "p-cpe:/a:novell:opensuse:tomcat6-javadoc", "p-cpe:/a:novell:opensuse:tomcat6-jsp-2_1-api", "p-cpe:/a:novell:opensuse:tomcat6-lib", "p-cpe:/a:novell:opensuse:tomcat6-servlet-2_5-api", "p-cpe:/a:novell:opensuse:tomcat6-webapps", "cpe:/o:novell:opensuse:11.1"], "id": "SUSE_11_1_TOMCAT6-100719.NASL", "href": "https://www.tenable.com/plugins/nessus/49258", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update tomcat6-2739.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(49258);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1157\", \"CVE-2010-2227\");\n\n script_name(english:\"openSUSE Security Update : tomcat6 (openSUSE-SU-2010:0616-1)\");\n script_summary(english:\"Check for the tomcat6-2739 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of tomcat fixes denial of service and information\ndisclosure vulnerabilities which could potentially be exploited by\nremote attackers to crash tomcat or to obtain sensitive information\n(CVE-2010-2227, CVE-2010-1157).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=622188\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-09/msg00022.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat6 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-jsp-2_1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-servlet-2_5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/09/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"tomcat6-6.0.18-16.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"tomcat6-admin-webapps-6.0.18-16.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"tomcat6-docs-webapp-6.0.18-16.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"tomcat6-javadoc-6.0.18-16.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"tomcat6-jsp-2_1-api-6.0.18-16.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"tomcat6-lib-6.0.18-16.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"tomcat6-servlet-2_5-api-6.0.18-16.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"tomcat6-webapps-6.0.18-16.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-01-11T14:41:05", "description": "An updated jbossweb package that fixes two security issues is now available for JBoss Enterprise Application Platform 4.2 and 4.3 for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nJBoss Web is the web container, based on Apache Tomcat, in JBoss Enterprise Application Platform. It provides a single deployment platform for the JavaServer Pages (JSP) and Java Servlet technologies, Microsoft .NET, PHP, and CGI.\n\nA flaw was found in the way JBoss Web handled the Transfer-Encoding header in HTTP requests. A specially crafted HTTP request could prevent JBoss Web from sending replies, or cause JBoss Web to return truncated replies, or replies containing data related to the requests of other users, for all subsequent HTTP requests. (CVE-2010-2227)\n\nA possible minor information leak was found in the way JBoss Web generated HTTP BASIC and DIGEST authentication requests. For configurations where a realm name was not specified and JBoss Web was accessed via a proxy, the default generated realm contained the hostname and port used by the proxy to send requests to the JBoss Web server. (CVE-2010-1157)\n\nUsers of JBoss Web should upgrade to this updated package, which upgrades JBoss Web to version 2.0.0.CP14, and resolves these issues.\nThe JBoss server process must be restarted for this update to take effect.", "cvss3": {}, "published": "2013-01-24T00:00:00", "type": "nessus", "title": "RHEL 4 / 5 : jbossweb (RHSA-2010:0584)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1157", "CVE-2010-2227"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:jbossweb", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2010-0584.NASL", "href": "https://www.tenable.com/plugins/nessus/63942", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0584. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63942);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1157\", \"CVE-2010-2227\");\n script_bugtraq_id(39635, 41544);\n script_xref(name:\"RHSA\", value:\"2010:0584\");\n\n script_name(english:\"RHEL 4 / 5 : jbossweb (RHSA-2010:0584)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated jbossweb package that fixes two security issues is now\navailable for JBoss Enterprise Application Platform 4.2 and 4.3 for\nRed Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nJBoss Web is the web container, based on Apache Tomcat, in JBoss\nEnterprise Application Platform. It provides a single deployment\nplatform for the JavaServer Pages (JSP) and Java Servlet technologies,\nMicrosoft .NET, PHP, and CGI.\n\nA flaw was found in the way JBoss Web handled the Transfer-Encoding\nheader in HTTP requests. A specially crafted HTTP request could\nprevent JBoss Web from sending replies, or cause JBoss Web to return\ntruncated replies, or replies containing data related to the requests\nof other users, for all subsequent HTTP requests. (CVE-2010-2227)\n\nA possible minor information leak was found in the way JBoss Web\ngenerated HTTP BASIC and DIGEST authentication requests. For\nconfigurations where a realm name was not specified and JBoss Web was\naccessed via a proxy, the default generated realm contained the\nhostname and port used by the proxy to send requests to the JBoss Web\nserver. (CVE-2010-1157)\n\nUsers of JBoss Web should upgrade to this updated package, which\nupgrades JBoss Web to version 2.0.0.CP14, and resolves these issues.\nThe JBoss server process must be restarted for this update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-1157\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2227\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://tomcat.apache.org/security-6.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0584\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected jbossweb package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/04/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0584\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"jbossweb-2.0.0-6.CP14.0jpp.ep1.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"jbossweb-2.0.0-6.CP14.0jpp.ep1.1.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"jbossweb\");\n }\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-01-11T15:22:49", "description": "This update of tomcat fixes denial of service and information disclosure vulnerabilities which could potentially be exploited by remote attackers to crash tomcat or to obtain sensitive information.\n(CVE-2010-2227 / CVE-2010-1157)", "cvss3": {}, "published": "2010-10-11T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : tomcat5 (ZYPP Patch Number 7099)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1157", "CVE-2010-2227"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_TOMCAT5-7099.NASL", "href": "https://www.tenable.com/plugins/nessus/49930", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(49930);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1157\", \"CVE-2010-2227\");\n\n script_name(english:\"SuSE 10 Security Update : tomcat5 (ZYPP Patch Number 7099)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of tomcat fixes denial of service and information\ndisclosure vulnerabilities which could potentially be exploited by\nremote attackers to crash tomcat or to obtain sensitive information.\n(CVE-2010-2227 / CVE-2010-1157)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1157.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2227.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7099.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"tomcat5-5.5.27-0.10.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"tomcat5-admin-webapps-5.5.27-0.10.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"tomcat5-webapps-5.5.27-0.10.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-01-11T15:21:32", "description": "This update of tomcat fixes a denial of service vulnerability and two information disclosure flaws which could potentially be exploited by remote attackers to crash tomcat or to obtain sensitive information.\n(CVE-2010-2227, CVE-2010-1157)", "cvss3": {}, "published": "2010-09-16T00:00:00", "type": "nessus", "title": "SuSE9 Security Update : Tomcat (YOU Patch Number 12625)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1157", "CVE-2010-2227"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE9_12625.NASL", "href": "https://www.tenable.com/plugins/nessus/49255", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(49255);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1157\", \"CVE-2010-2227\");\n\n script_name(english:\"SuSE9 Security Update : Tomcat (YOU Patch Number 12625)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of tomcat fixes a denial of service vulnerability and two\ninformation disclosure flaws which could potentially be exploited by\nremote attackers to crash tomcat or to obtain sensitive information.\n(CVE-2010-2227, CVE-2010-1157)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1157.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2227.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12625.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/09/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"apache-jakarta-tomcat-connectors-5.0.19-29.27\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"apache2-jakarta-tomcat-connectors-5.0.19-29.27\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"jakarta-tomcat-5.0.19-29.27\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"jakarta-tomcat-doc-5.0.19-29.27\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"jakarta-tomcat-examples-5.0.19-29.27\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-01-11T14:22:31", "description": "According to its self-reported version number, the instance of Apache Tomcat 6.0 listening on the remote host is prior to 6.0.28. It is, therefore, affected by multiple vulnerabilities:\n\n - If a web app is configured to use BASIC or DIGEST authentication and the 'realm-name' attribute is not configured in that web app's 'web.xml' file, the remote server's hostname or IP will be included in replies. (CVE-2010-1157)\n\n - An error exists in the handling of invalid values in the 'Transfer-Encoding' header of a request. An attacker can exploit this to cause a denial of service or to disclose sensitive information. (CVE-2010-2227)\n\nNote that Nessus Network Monitor has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2011-02-11T00:00:00", "type": "nessus", "title": "Apache Tomcat 6.0.x < 6.0.28 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1157", "CVE-2010-2227"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*"], "id": "5788.PASL", "href": "https://www.tenable.com/plugins/nnm/5788", "sourceData": "Binary data 5788.pasl", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-01-18T14:32:17", "description": "This update of tomcat fixes denial of service and information disclosure vulnerabilities which could potentially be exploited by remote attackers to crash tomcat or to obtain sensitive information (CVE-2010-2227, CVE-2010-1157).", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : tomcat6 (openSUSE-SU-2010:0616-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1157", "CVE-2010-2227"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:tomcat6", "p-cpe:/a:novell:opensuse:tomcat6-admin-webapps", "p-cpe:/a:novell:opensuse:tomcat6-docs-webapp", "p-cpe:/a:novell:opensuse:tomcat6-el-1_0-api", "p-cpe:/a:novell:opensuse:tomcat6-javadoc", "p-cpe:/a:novell:opensuse:tomcat6-jsp-2_1-api", "p-cpe:/a:novell:opensuse:tomcat6-lib", "p-cpe:/a:novell:opensuse:tomcat6-servlet-2_5-api", "p-cpe:/a:novell:opensuse:tomcat6-webapps", "cpe:/o:novell:opensuse:11.3"], "id": "SUSE_11_3_TOMCAT6-100719.NASL", "href": "https://www.tenable.com/plugins/nessus/75759", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update tomcat6-2739.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75759);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1157\", \"CVE-2010-2227\");\n\n script_name(english:\"openSUSE Security Update : tomcat6 (openSUSE-SU-2010:0616-1)\");\n script_summary(english:\"Check for the tomcat6-2739 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of tomcat fixes denial of service and information\ndisclosure vulnerabilities which could potentially be exploited by\nremote attackers to crash tomcat or to obtain sensitive information\n(CVE-2010-2227, CVE-2010-1157).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=622188\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-09/msg00022.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat6 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-el-1_0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-jsp-2_1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-servlet-2_5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"tomcat6-6.0.24-5.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"tomcat6-admin-webapps-6.0.24-5.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"tomcat6-docs-webapp-6.0.24-5.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"tomcat6-el-1_0-api-6.0.24-5.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"tomcat6-javadoc-6.0.24-5.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"tomcat6-jsp-2_1-api-6.0.24-5.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"tomcat6-lib-6.0.24-5.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"tomcat6-servlet-2_5-api-6.0.24-5.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"tomcat6-webapps-6.0.24-5.1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-01-11T15:19:23", "description": "According to its self-reported version number, the instance of Apache Tomcat 6.0 listening on the remote host is prior to 6.0.28. It is, therefore, affected by multiple vulnerabilities:\n\n - If a web app is configured to use BASIC or DIGEST authentication and the 'realm-name' attribute is not configured in that web app's 'web.xml' file, the remote server's hostname or IP will be included in replies.\n (CVE-2010-1157)\n\n - An error exists in the handling of invalid values in the 'Transfer-Encoding' header of a request. An attacker can exploit this to cause a denial of service or to disclose sensitive information. (CVE-2010-2227)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2010-08-05T00:00:00", "type": "nessus", "title": "Apache Tomcat 6.0 < 6.0.28 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1157", "CVE-2010-2227"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_6_0_28.NASL", "href": "https://www.tenable.com/plugins/nessus/48255", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48255);\n script_version(\"1.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2010-1157\", \"CVE-2010-2227\");\n script_bugtraq_id(41544);\n script_xref(name:\"SECUNIA\", value:\"39574\");\n\n script_name(english:\"Apache Tomcat 6.0 < 6.0.28 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apache Tomcat server is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the instance of Apache\nTomcat 6.0 listening on the remote host is prior to 6.0.28. It is,\ntherefore, affected by multiple vulnerabilities:\n\n - If a web app is configured to use BASIC or DIGEST\n authentication and the 'realm-name' attribute is not\n configured in that web app's 'web.xml' file, the remote\n server's hostname or IP will be included in replies.\n (CVE-2010-1157)\n\n - An error exists in the handling of invalid values in\n the 'Transfer-Encoding' header of a request. An attacker\n can exploit this to cause a denial of service or to\n disclose sensitive information. (CVE-2010-2227)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://seclists.org/bugtraq/2010/Apr/200\");\n script_set_attribute(attribute:\"see_also\", value:\"http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.28\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Tomcat version 6.0.28 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2010-2227\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/04/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n\n exit(0);\n}\n\ninclude(\"tomcat_version.inc\");\n\ntomcat_check_version(fixed:\"6.0.28\", min:\"6.0.0\", severity:SECURITY_WARNING, granularity_regex:\"^6(\\.0)?$\");\n\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-01-11T15:21:55", "description": "Multiple vulnerabilities has been found and corrected in tomcat5 :\n\nDirectory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry (CVE-2009-2693).\n\nThe autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests (CVE-2009-2901).\n\nDirectory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename (CVE-2009-2902).\n\nApache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply (CVE-2010-1157).\n\nApache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with recycling of a buffer. (CVE-2010-2227)\n\nPackages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149&products_id=4 90\n\nThe updated packages have been patched to correct these issues.", "cvss3": {}, "published": "2010-09-13T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : tomcat5 (MDVSA-2010:177)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2693", "CVE-2009-2901", "CVE-2009-2902", "CVE-2010-1157", "CVE-2010-2227"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:tomcat5", "p-cpe:/a:mandriva:linux:tomcat5-admin-webapps", "p-cpe:/a:mandriva:linux:tomcat5-common-lib", "p-cpe:/a:mandriva:linux:tomcat5-jasper", "p-cpe:/a:mandriva:linux:tomcat5-jasper-eclipse", "p-cpe:/a:mandriva:linux:tomcat5-jasper-javadoc", "p-cpe:/a:mandriva:linux:tomcat5-jsp-2.0-api", "p-cpe:/a:mandriva:linux:tomcat5-jsp-2.0-api-javadoc", "p-cpe:/a:mandriva:linux:tomcat5-server-lib", "p-cpe:/a:mandriva:linux:tomcat5-servlet-2.4-api", "p-cpe:/a:mandriva:linux:tomcat5-servlet-2.4-api-javadoc", "p-cpe:/a:mandriva:linux:tomcat5-webapps", "cpe:/o:mandriva:linux:2009.0", "cpe:/o:mandriva:linux:2009.1", "cpe:/o:mandriva:linux:2010.0", "cpe:/o:mandriva:linux:2010.1"], "id": "MANDRIVA_MDVSA-2010-177.NASL", "href": "https://www.tenable.com/plugins/nessus/49207", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2010:177. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(49207);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-2693\", \"CVE-2009-2901\", \"CVE-2009-2902\", \"CVE-2010-1157\", \"CVE-2010-2227\");\n script_bugtraq_id(37942, 37945, 39635, 41544);\n script_xref(name:\"MDVSA\", value:\"2010:177\");\n\n script_name(english:\"Mandriva Linux Security Advisory : tomcat5 (MDVSA-2010:177)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been found and corrected in tomcat5 :\n\nDirectory traversal vulnerability in Apache Tomcat 5.5.0 through\n5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or\noverwrite arbitrary files via a .. (dot dot) in an entry in a WAR\nfile, as demonstrated by a ../../bin/catalina.bat entry\n(CVE-2009-2693).\n\nThe autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and\n6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase\nfiles that remain from a failed undeploy, which might allow remote\nattackers to bypass intended authentication requirements via HTTP\nrequests (CVE-2009-2901).\n\nDirectory traversal vulnerability in Apache Tomcat 5.5.0 through\n5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete\nwork-directory files via directory traversal sequences in a WAR\nfilename, as demonstrated by the ...war filename (CVE-2009-2902).\n\nApache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might\nallow remote attackers to discover the server's hostname or IP address\nby sending a request for a resource that requires (1) BASIC or (2)\nDIGEST authentication, and then reading the realm field in the\nWWW-Authenticate header in the reply (CVE-2010-1157).\n\nApache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0\nbeta does not properly handle an invalid Transfer-Encoding header,\nwhich allows remote attackers to cause a denial of service\n(application outage) or obtain sensitive information via a crafted\nheader that interferes with recycling of a buffer. (CVE-2010-2227)\n\nPackages for 2009.0 are provided as of the Extended Maintenance\nProgram. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149&products_id=4\n90\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(22, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-common-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-jasper-eclipse\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-jasper-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-jsp-2.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-jsp-2.0-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-server-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-servlet-2.4-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-servlet-2.4-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/09/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tomcat5-5.5.27-0.3.0.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tomcat5-admin-webapps-5.5.27-0.3.0.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tomcat5-common-lib-5.5.27-0.3.0.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tomcat5-jasper-5.5.27-0.3.0.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tomcat5-jasper-eclipse-5.5.27-0.3.0.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tomcat5-jasper-javadoc-5.5.27-0.3.0.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tomcat5-jsp-2.0-api-5.5.27-0.3.0.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.27-0.3.0.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tomcat5-server-lib-5.5.27-0.3.0.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tomcat5-servlet-2.4-api-5.5.27-0.3.0.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.27-0.3.0.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tomcat5-webapps-5.5.27-0.3.0.3mdv2009.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.1\", reference:\"tomcat5-5.5.27-0.3.0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"tomcat5-admin-webapps-5.5.27-0.3.0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"tomcat5-common-lib-5.5.27-0.3.0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"tomcat5-jasper-5.5.27-0.3.0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"tomcat5-jasper-eclipse-5.5.27-0.3.0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"tomcat5-jasper-javadoc-5.5.27-0.3.0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"tomcat5-jsp-2.0-api-5.5.27-0.3.0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.27-0.3.0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"tomcat5-server-lib-5.5.27-0.3.0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"tomcat5-servlet-2.4-api-5.5.27-0.3.0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.27-0.3.0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"tomcat5-webapps-5.5.27-0.3.0.2mdv2009.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.0\", reference:\"tomcat5-5.5.27-0.5.0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tomcat5-admin-webapps-5.5.27-0.5.0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tomcat5-common-lib-5.5.27-0.5.0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tomcat5-jasper-5.5.27-0.5.0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tomcat5-jasper-eclipse-5.5.27-0.5.0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tomcat5-jasper-javadoc-5.5.27-0.5.0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tomcat5-jsp-2.0-api-5.5.27-0.5.0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.27-0.5.0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tomcat5-server-lib-5.5.27-0.5.0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tomcat5-servlet-2.4-api-5.5.27-0.5.0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.27-0.5.0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tomcat5-webapps-5.5.27-0.5.0.1mdv2010.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-5.5.28-0.5.0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-admin-webapps-5.5.28-0.5.0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-common-lib-5.5.28-0.5.0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-jasper-5.5.28-0.5.0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-jasper-eclipse-5.5.28-0.5.0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-jasper-javadoc-5.5.28-0.5.0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-jsp-2.0-api-5.5.28-0.5.0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.28-0.5.0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-server-lib-5.5.28-0.5.0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-servlet-2.4-api-5.5.28-0.5.0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.28-0.5.0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-webapps-5.5.28-0.5.0.1mdv2010.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-01-11T14:22:31", "description": "According to its self-reported version number, the Apache Tomcat instance listening on the remote host is prior to 7.0.2. It is, therefore, affected by a denial of service vulnerability which could also lead to information disclosure. A remote attacker could trigger flaws in the handling of the Transfer-Encoding header to cause a denial of service or potentially leak information.\n\\Note that Nessus Network Monitor has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2011-02-14T00:00:00", "type": "nessus", "title": "Apache Tomcat 7.0.x < 7.0.2 Denial of Service and Information Disclosure", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2227"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*"], "id": "5791.PASL", "href": "https://www.tenable.com/plugins/nnm/5791", "sourceData": "Binary data 5791.pasl", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-01-11T15:25:13", "description": "Replaces tomcat6-6.0.26-13.fc14\n\n - Resolves rhbz#640686 - Upgrade of tomcat6 wipes out directories\n\n - WARNING - Back up all files that need to be preserved before package update or uninstall - WARNING\n\nCVE-2010-2227 applied\n\nSeveral Bug fixes :\n\n - tomcat user shell\n\n - Multiple instances of tomcat not working (not sure this is the right fix).\n\n - init script LSB compliance\n\n - Update commons libs - no longer commons-xxx-tomcat5\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2010-11-15T00:00:00", "type": "nessus", "title": "Fedora 14 : tomcat6-6.0.26-14.fc14 (2010-16528)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2227"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:tomcat6", "cpe:/o:fedoraproject:fedora:14"], "id": "FEDORA_2010-16528.NASL", "href": "https://www.tenable.com/plugins/nessus/50593", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-16528.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50593);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-2227\");\n script_bugtraq_id(41544);\n script_xref(name:\"FEDORA\", value:\"2010-16528\");\n\n script_name(english:\"Fedora 14 : tomcat6-6.0.26-14.fc14 (2010-16528)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Replaces tomcat6-6.0.26-13.fc14\n\n - Resolves rhbz#640686 - Upgrade of tomcat6 wipes out\n directories\n\n - WARNING - Back up all files that need to be preserved\n before package update or uninstall - WARNING\n\nCVE-2010-2227 applied\n\nSeveral Bug fixes :\n\n - tomcat user shell\n\n - Multiple instances of tomcat not working (not sure\n this is the right fix).\n\n - init script LSB compliance\n\n - Update commons libs - no longer commons-xxx-tomcat5\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=612799\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-November/050840.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?68aa68de\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat6 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"tomcat6-6.0.26-14.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-01-11T14:44:38", "description": "According to its self-reported version number, the Apache Tomcat instance listening on the remote host is prior to 7.0.2. It is, therefore, affected by a denial of service vulnerability which could also lead to information disclosure. A remote attacker could trigger flaws in the handling of the Transfer-Encoding header to cause a denial of service or potentially leak information.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-01-11T00:00:00", "type": "nessus", "title": "Apache Tomcat < 7.0.2 Denial of Service and Information Disclosure", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2227"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_7_0_2.NASL", "href": "https://www.tenable.com/plugins/nessus/121115", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121115);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2010-2227\");\n\n script_name(english:\"Apache Tomcat < 7.0.2 Denial of Service and Information Disclosure\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apache Tomcat server is affected by denial of\nservice and information disclosure vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the Apache Tomcat\ninstance listening on the remote host is prior to 7.0.2. It is,\ntherefore, affected by a denial of service vulnerability which\ncould also lead to information disclosure. A remote attacker\ncould trigger flaws in the handling of the Transfer-Encoding\nheader to cause a denial of service or potentially leak\ninformation.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Tomcat version 7.0.2 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2010-2227\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/07/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n\n exit(0);\n}\n\ninclude(\"tomcat_version.inc\");\n\ntomcat_check_version(fixed:\"7.0.2\", min:\"7.0.0\", severity:SECURITY_WARNING, granularity_regex:\"^7(\\.0)?$\");\n\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-01-11T15:24:42", "description": "- Includes security fix for CVE-2010-2227.\n\n - commons-dbcp-tomcat5, commons-collections-tomcat5, and commons-pool-tomcat5 have been dropped in favor of jakarta-commons-collections, jakarta-commons-pool, and jakarta-commons-dbcp\n\n - Directory permissions fixed\n\n - tomcat user shell fixed\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2010-11-02T00:00:00", "type": "nessus", "title": "Fedora 13 : tomcat6-6.0.26-11.fc13 (2010-16270)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2227"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:tomcat6", "cpe:/o:fedoraproject:fedora:13"], "id": "FEDORA_2010-16270.NASL", "href": "https://www.tenable.com/plugins/nessus/50439", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-16270.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50439);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-2227\");\n script_xref(name:\"FEDORA\", value:\"2010-16270\");\n\n script_name(english:\"Fedora 13 : tomcat6-6.0.26-11.fc13 (2010-16270)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Includes security fix for CVE-2010-2227.\n\n - commons-dbcp-tomcat5, commons-collections-tomcat5, and\n commons-pool-tomcat5 have been dropped in favor of\n jakarta-commons-collections, jakarta-commons-pool, and\n jakarta-commons-dbcp\n\n - Directory permissions fixed\n\n - tomcat user shell fixed\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=612799\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-November/050214.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d5d7d2d2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat6 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:13\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^13([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 13.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC13\", reference:\"tomcat6-6.0.26-11.fc13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-01-11T14:22:27", "description": "Versions of Tomcat 7.0.x earlier than 7.0.2 are potentially affected by a denial of service vulnerability because several flaws in the handling of the 'Transfer-Encoding header could prevent the recycling of a buffer.", "cvss3": {}, "published": "2011-02-14T00:00:00", "type": "nessus", "title": "Apache Tomcat 7.0.x < 7.0.2 Denial of Service Vulnerability", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2227"], "modified": "2011-02-14T00:00:00", "cpe": [], "id": "800611.PRM", "href": "https://www.tenable.com/plugins/lce/800611", "sourceData": "Binary data 800611.prm", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-01-11T15:19:23", "description": "It was discovered that Tomcat incorrectly handled invalid Transfer-Encoding headers. A remote attacker could send specially crafted requests containing invalid headers to the server and cause a denial of service, or possibly obtain sensitive information from other requests.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2010-08-26T00:00:00", "type": "nessus", "title": "Ubuntu 9.04 / 9.10 / 10.04 LTS : tomcat6 vulnerability (USN-976-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2227"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libservlet2.5-java", "p-cpe:/a:canonical:ubuntu_linux:libservlet2.5-java-doc", "p-cpe:/a:canonical:ubuntu_linux:libtomcat6-java", "p-cpe:/a:canonical:ubuntu_linux:tomcat6", "p-cpe:/a:canonical:ubuntu_linux:tomcat6-admin", "p-cpe:/a:canonical:ubuntu_linux:tomcat6-common", "p-cpe:/a:canonical:ubuntu_linux:tomcat6-docs", "p-cpe:/a:canonical:ubuntu_linux:tomcat6-examples", "p-cpe:/a:canonical:ubuntu_linux:tomcat6-user", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:9.04", "cpe:/o:canonical:ubuntu_linux:9.10"], "id": "UBUNTU_USN-976-1.NASL", "href": "https://www.tenable.com/plugins/nessus/48757", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-976-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(48757);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2019/09/19 12:54:26\");\n\n script_cve_id(\"CVE-2010-2227\");\n script_bugtraq_id(41544);\n script_xref(name:\"USN\", value:\"976-1\");\n\n script_name(english:\"Ubuntu 9.04 / 9.10 / 10.04 LTS : tomcat6 vulnerability (USN-976-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that Tomcat incorrectly handled invalid\nTransfer-Encoding headers. A remote attacker could send specially\ncrafted requests containing invalid headers to the server and cause a\ndenial of service, or possibly obtain sensitive information from other\nrequests.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/976-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libservlet2.5-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libservlet2.5-java-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libtomcat6-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:tomcat6-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:tomcat6-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:tomcat6-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:tomcat6-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:tomcat6-user\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/07/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(9\\.04|9\\.10|10\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 9.04 / 9.10 / 10.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libservlet2.5-java\", pkgver:\"6.0.18-0ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libservlet2.5-java-doc\", pkgver:\"6.0.18-0ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libtomcat6-java\", pkgver:\"6.0.18-0ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"tomcat6\", pkgver:\"6.0.18-0ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"tomcat6-admin\", pkgver:\"6.0.18-0ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"tomcat6-common\", pkgver:\"6.0.18-0ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"tomcat6-docs\", pkgver:\"6.0.18-0ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"tomcat6-examples\", pkgver:\"6.0.18-0ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"tomcat6-user\", pkgver:\"6.0.18-0ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libservlet2.5-java\", pkgver:\"6.0.20-2ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libservlet2.5-java-doc\", pkgver:\"6.0.20-2ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libtomcat6-java\", pkgver:\"6.0.20-2ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"tomcat6\", pkgver:\"6.0.20-2ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"tomcat6-admin\", pkgver:\"6.0.20-2ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"tomcat6-common\", pkgver:\"6.0.20-2ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"tomcat6-docs\", pkgver:\"6.0.20-2ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"tomcat6-examples\", pkgver:\"6.0.20-2ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"tomcat6-user\", pkgver:\"6.0.20-2ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libservlet2.5-java\", pkgver:\"6.0.24-2ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libservlet2.5-java-doc\", pkgver:\"6.0.24-2ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libtomcat6-java\", pkgver:\"6.0.24-2ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"tomcat6\", pkgver:\"6.0.24-2ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"tomcat6-admin\", pkgver:\"6.0.24-2ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"tomcat6-common\", pkgver:\"6.0.24-2ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"tomcat6-docs\", pkgver:\"6.0.24-2ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"tomcat6-examples\", pkgver:\"6.0.24-2ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"tomcat6-user\", pkgver:\"6.0.24-2ubuntu1.3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libservlet2.5-java / libservlet2.5-java-doc / libtomcat6-java / etc\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-01-11T15:25:00", "description": "- Includes security fix for CVE-2010-2227.\n\n - Package updated to new upstream version tomcat-6.0.26\n\n - commons-dbcp-tomcat5, commons-collections-tomcat5, and commons-pool-tomcat5 have been dropped in favor of commons-collections, commons-pool, and commons-dbcp\n\n - Directory permissions fixed\n\n - tomcat user shell fixed\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2010-11-02T00:00:00", "type": "nessus", "title": "Fedora 12 : tomcat6-6.0.26-3.fc12 (2010-16248)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2227"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:tomcat6", "cpe:/o:fedoraproject:fedora:12"], "id": "FEDORA_2010-16248.NASL", "href": "https://www.tenable.com/plugins/nessus/50438", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-16248.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50438);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-2227\");\n script_xref(name:\"FEDORA\", value:\"2010-16248\");\n\n script_name(english:\"Fedora 12 : tomcat6-6.0.26-3.fc12 (2010-16248)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Includes security fix for CVE-2010-2227.\n\n - Package updated to new upstream version tomcat-6.0.26\n\n - commons-dbcp-tomcat5, commons-collections-tomcat5, and\n commons-pool-tomcat5 have been dropped in favor of\n commons-collections, commons-pool, and commons-dbcp\n\n - Directory permissions fixed\n\n - tomcat user shell fixed\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=612799\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-November/050207.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2a9d6f8e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat6 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"tomcat6-6.0.26-3.fc12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-01-11T14:24:20", "description": "According to its self-reported version number, the instance of Apache Tomcat 7.x listening on the remote host is prior to 7.0.4. It is, therefore, affected by a security bypass vulnerability due to an error in the access restriction on a 'ServletContext' attribute which holds the location of the work directory in Tomcat's SecurityManager. A malicious web application can modify the location of the working directory which then allows improper read and write access to arbitrary files and directories in the context of Tomcat.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2011-02-11T00:00:00", "type": "nessus", "title": "Apache Tomcat 7.x < 7.0.4 SecurityManager Local Security Bypass", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 1.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 1.2, "vectorString": "AV:L/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3718"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_7_0_4.NASL", "href": "https://www.tenable.com/plugins/nessus/51958", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(51958);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2010-3718\");\n script_bugtraq_id(46177);\n script_xref(name:\"SECUNIA\", value:\"43198\");\n\n script_name(english:\"Apache Tomcat 7.x < 7.0.4 SecurityManager Local Security Bypass\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by a security bypass vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the instance of Apache\nTomcat 7.x listening on the remote host is prior to 7.0.4. It is,\ntherefore, affected by a security bypass vulnerability due to an error\nin the access restriction on a 'ServletContext' attribute which holds\nthe location of the work directory in Tomcat's SecurityManager. A\nmalicious web application can modify the location of the working\ndirectory which then allows improper read and write access to\narbitrary files and directories in the context of Tomcat.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n # http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.4_(released_21_Oct_2010)\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8da12114\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/fulldisclosure/2011/Feb/74\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Tomcat version 7.0.4 or later. Alternatively,\nundeploy untrusted third-party web applications.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2010-3718\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/09/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/02/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n\n exit(0);\n}\n\ninclude(\"tomcat_version.inc\");\n\ntomcat_check_version(fixed:\"7.0.4\", min:\"7.0.0\", severity:SECURITY_WARNING, granularity_regex:\"^7(\\.0)?$\");\n\n", "cvss": {"score": 1.2, "vector": "AV:L/AC:H/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-01-11T14:22:30", "description": "According to its self-reported version number, the instance of Apache Tomcat 7.x listening on the remote host is prior to 7.0.4. It is, therefore, affected by a security bypass vulnerability due to an error in the access restriction on a 'ServletContext' attribute which holds the location of the work directory in Tomcat's SecurityManager. A malicious web application can modify the location of the working directory which then allows improper read and write access to arbitrary files and directories in the context of Tomcat.\n\nNote that Nessus Network Monitor has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2011-02-13T00:00:00", "type": "nessus", "title": "Apache Tomcat 7.0.x < 7.0.4 SecurityManager Local Security Bypass", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 1.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 1.2, "vectorString": "AV:L/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3718"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*"], "id": "5792.PASL", "href": "https://www.tenable.com/plugins/nnm/5792", "sourceData": "Binary data 5792.pasl", "cvss": {"score": 1.2, "vector": "AV:L/AC:H/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-01-11T14:22:27", "description": "Versions of Tomcat 7.0.x earlier than 7.0.4 are potentially affected by a security bypass vulnerability. When running under a SecurityManager, it is possible to grant a web application read/write permissions to any area on the file system.", "cvss3": {}, "published": "2011-02-13T00:00:00", "type": "nessus", "title": "Apache Tomcat 7.0.x < 7.0.4 File Permission Bypass Vulnerability", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 1.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 1.2, "vectorString": "AV:L/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3718"], "modified": "2011-02-13T00:00:00", "cpe": [], "id": "800608.PRM", "href": "https://www.tenable.com/plugins/lce/800608", "sourceData": "Binary data 800608.prm", "cvss": {"score": 1.2, "vector": "AV:L/AC:H/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-01-11T15:08:02", "description": "The Apache software foundation reports :\n\nThe 'WWW-Authenticate' header for BASIC and DIGEST authentication includes a realm name. If a <realm-name> element is specified for the application in web.xml it will be used. However, a <realm-name> is not specified then Tomcat will generate one.\n\nIn some circumstances this can expose the local hostname or IP address of the machine running Tomcat.", "cvss3": {}, "published": "2010-04-26T00:00:00", "type": "nessus", "title": "FreeBSD : tomcat -- information disclosure vulnerability (3383e706-4fc3-11df-83fb-0015587e2cc1)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1157"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:tomcat", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_3383E7064FC311DF83FB0015587E2CC1.NASL", "href": "https://www.tenable.com/plugins/nessus/45613", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(45613);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2010-1157\");\n\n script_name(english:\"FreeBSD : tomcat -- information disclosure vulnerability (3383e706-4fc3-11df-83fb-0015587e2cc1)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Apache software foundation reports :\n\nThe 'WWW-Authenticate' header for BASIC and DIGEST authentication\nincludes a realm name. If a <realm-name> element is specified for the\napplication in web.xml it will be used. However, a <realm-name> is not\nspecified then Tomcat will generate one.\n\nIn some circumstances this can expose the local hostname or IP address\nof the machine running Tomcat.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=146022\"\n );\n # http://seclists.org/bugtraq/2010/Apr/200\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://seclists.org/bugtraq/2010/Apr/200\"\n );\n # https://vuxml.freebsd.org/freebsd/3383e706-4fc3-11df-83fb-0015587e2cc1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a444f43\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/04/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/04/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"tomcat>5.5.0<5.5.30\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"tomcat>6.0.0<6.0.27\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:pkg_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T14:24:34", "description": "Multiple vulnerabilities has been found and corrected in tomcat5 :\n\nWhen running under a SecurityManager, access to the file system is limited but web applications are granted read/write permissions to the work directory. This directory is used for a variety of temporary files such as the intermediate files generated when compiling JSPs to Servlets. The location of the work directory is specified by a ServletContect attribute that is meant to be read-only to web applications. However, due to a coding error, the read-only setting was not applied. Therefore, a malicious web application may modify the attribute before Tomcat applies the file permissions. This can be used to grant read/write permissions to any area on the file system which a malicious web application may then take advantage of. This vulnerability is only applicable when hosting web applications from untrusted sources such as shared hosting environments (CVE-2010-3718).\n\nThe HTML Manager interface displayed web application provided data, such as display names, without filtering. A malicious web application could trigger script execution by an administrative user when viewing the manager pages (CVE-2011-0013).\n\nPackages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149 products_id=490\n\nThe updated packages have been patched to correct these issues.", "cvss3": {}, "published": "2011-02-20T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : tomcat5 (MDVSA-2011:030)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3718", "CVE-2011-0013"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:tomcat5", "p-cpe:/a:mandriva:linux:tomcat5-admin-webapps", "p-cpe:/a:mandriva:linux:tomcat5-common-lib", "p-cpe:/a:mandriva:linux:tomcat5-jasper", "p-cpe:/a:mandriva:linux:tomcat5-jasper-eclipse", "p-cpe:/a:mandriva:linux:tomcat5-jasper-javadoc", "p-cpe:/a:mandriva:linux:tomcat5-jsp-2.0-api", "p-cpe:/a:mandriva:linux:tomcat5-jsp-2.0-api-javadoc", "p-cpe:/a:mandriva:linux:tomcat5-server-lib", "p-cpe:/a:mandriva:linux:tomcat5-servlet-2.4-api", "p-cpe:/a:mandriva:linux:tomcat5-servlet-2.4-api-javadoc", "p-cpe:/a:mandriva:linux:tomcat5-webapps", "cpe:/o:mandriva:linux:2009.0", "cpe:/o:mandriva:linux:2010.0", "cpe:/o:mandriva:linux:2010.1"], "id": "MANDRIVA_MDVSA-2011-030.NASL", "href": "https://www.tenable.com/plugins/nessus/52035", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2011:030. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(52035);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2010-3718\", \"CVE-2011-0013\");\n script_bugtraq_id(46174, 46177);\n script_xref(name:\"MDVSA\", value:\"2011:030\");\n\n script_name(english:\"Mandriva Linux Security Advisory : tomcat5 (MDVSA-2011:030)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been found and corrected in tomcat5 :\n\nWhen running under a SecurityManager, access to the file system is\nlimited but web applications are granted read/write permissions to the\nwork directory. This directory is used for a variety of temporary\nfiles such as the intermediate files generated when compiling JSPs to\nServlets. The location of the work directory is specified by a\nServletContect attribute that is meant to be read-only to web\napplications. However, due to a coding error, the read-only setting\nwas not applied. Therefore, a malicious web application may modify the\nattribute before Tomcat applies the file permissions. This can be used\nto grant read/write permissions to any area on the file system which a\nmalicious web application may then take advantage of. This\nvulnerability is only applicable when hosting web applications from\nuntrusted sources such as shared hosting environments (CVE-2010-3718).\n\nThe HTML Manager interface displayed web application provided data,\nsuch as display names, without filtering. A malicious web application\ncould trigger script execution by an administrative user when viewing\nthe manager pages (CVE-2011-0013).\n\nPackages for 2009.0 are provided as of the Extended Maintenance\nProgram. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149 products_id=490\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-common-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-jasper-eclipse\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-jasper-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-jsp-2.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-jsp-2.0-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-server-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-servlet-2.4-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-servlet-2.4-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/02/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tomcat5-5.5.27-0.3.0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tomcat5-admin-webapps-5.5.27-0.3.0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tomcat5-common-lib-5.5.27-0.3.0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tomcat5-jasper-5.5.27-0.3.0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tomcat5-jasper-eclipse-5.5.27-0.3.0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tomcat5-jasper-javadoc-5.5.27-0.3.0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tomcat5-jsp-2.0-api-5.5.27-0.3.0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.27-0.3.0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tomcat5-server-lib-5.5.27-0.3.0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tomcat5-servlet-2.4-api-5.5.27-0.3.0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.27-0.3.0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tomcat5-webapps-5.5.27-0.3.0.4mdv2009.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.0\", reference:\"tomcat5-5.5.27-0.5.0.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tomcat5-admin-webapps-5.5.27-0.5.0.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tomcat5-common-lib-5.5.27-0.5.0.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tomcat5-jasper-5.5.27-0.5.0.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tomcat5-jasper-eclipse-5.5.27-0.5.0.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tomcat5-jasper-javadoc-5.5.27-0.5.0.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tomcat5-jsp-2.0-api-5.5.27-0.5.0.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.27-0.5.0.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tomcat5-server-lib-5.5.27-0.5.0.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tomcat5-servlet-2.4-api-5.5.27-0.5.0.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.27-0.5.0.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tomcat5-webapps-5.5.27-0.5.0.2mdv2010.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-5.5.28-0.5.0.2mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-admin-webapps-5.5.28-0.5.0.2mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-common-lib-5.5.28-0.5.0.2mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-jasper-5.5.28-0.5.0.2mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-jasper-eclipse-5.5.28-0.5.0.2mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-jasper-javadoc-5.5.28-0.5.0.2mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-jsp-2.0-api-5.5.28-0.5.0.2mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.28-0.5.0.2mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-server-lib-5.5.28-0.5.0.2mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-servlet-2.4-api-5.5.28-0.5.0.2mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.28-0.5.0.2mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-webapps-5.5.28-0.5.0.2mdv2010.2\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-01-11T14:27:04", "description": "Various vulnerabilities have been discovered in the Tomcat Servlet and JSP engine, resulting in denial of service, cross-site scripting, information disclosure and WAR file traversal. Further details on the individual security issues can be found on the Apache Tomcat 5 vulnerabilities page.", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "baseScore": 4.2, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.4}, "published": "2011-03-30T00:00:00", "type": "nessus", "title": "Debian DSA-2207-1 : tomcat5.5 - several vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5515", "CVE-2009-0033", "CVE-2009-0580", "CVE-2009-0781", "CVE-2009-0783", "CVE-2009-2693", "CVE-2009-2902", "CVE-2010-1157", "CVE-2010-2227"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:tomcat5.5", "cpe:/o:debian:debian_linux:5.0"], "id": "DEBIAN_DSA-2207.NASL", "href": "https://www.tenable.com/plugins/nessus/53212", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2207. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53212);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2008-5515\", \"CVE-2009-0033\", \"CVE-2009-0580\", \"CVE-2009-0781\", \"CVE-2009-0783\", \"CVE-2009-2693\", \"CVE-2009-2902\", \"CVE-2010-1157\", \"CVE-2010-2227\");\n script_bugtraq_id(35193, 35196, 35263, 35416, 37944, 37945, 39635, 41544);\n script_xref(name:\"DSA\", value:\"2207\");\n\n script_name(english:\"Debian DSA-2207-1 : tomcat5.5 - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Various vulnerabilities have been discovered in the Tomcat Servlet and\nJSP engine, resulting in denial of service, cross-site scripting,\ninformation disclosure and WAR file traversal. Further details on the\nindividual security issues can be found on the Apache Tomcat 5\nvulnerabilities page.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://tomcat.apache.org/security-5.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2011/dsa-2207\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the tomcat5.5 packages.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 5.5.26-5lenny2.\n\nThe stable distribution (squeeze) no longer contains tomcat5.5.\ntomcat6 is already fixed.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(20, 22, 79, 200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat5.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/03/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/03/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/03/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"tomcat5.5\", reference:\"5.5.26-5lenny2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-01-11T14:26:53", "description": "This tomcat6 update fixes :\n\n - CVE-2010-3718: CVSS v2 Base Score: 4.0 (AV:N/AC:H/Au:N/C:P/I:P/A:N): Design Error (CWE-DesignError)\n\n - CVE-2011-0013: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N): XSS (CWE-79)", "cvss3": {}, "published": "2011-03-03T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : Tomcat (ZYPP Patch Number 7337)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3718", "CVE-2011-0013", "CVE-2011-0534"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_TOMCAT5-7337.NASL", "href": "https://www.tenable.com/plugins/nessus/52525", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(52525);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2010-3718\", \"CVE-2011-0013\", \"CVE-2011-0534\");\n\n script_name(english:\"SuSE 10 Security Update : Tomcat (ZYPP Patch Number 7337)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This tomcat6 update fixes :\n\n - CVE-2010-3718: CVSS v2 Base Score: 4.0\n (AV:N/AC:H/Au:N/C:P/I:P/A:N): Design Error\n (CWE-DesignError)\n\n - CVE-2011-0013: CVSS v2 Base Score: 4.3\n (AV:N/AC:M/Au:N/C:N/I:P/A:N): XSS (CWE-79)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3718.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0013.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0534.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7337.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/02/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/03/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"tomcat5-5.5.27-0.12.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"tomcat5-admin-webapps-5.5.27-0.12.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"tomcat5-webapps-5.5.27-0.12.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:26:54", "description": "- Apache Tomcat Local bypass of security manger file permissions. (CVE-2010-3718)\n\n - Apache Tomcat Manager XSS vulnerability. (CVE-2011-0013)", "cvss3": {}, "published": "2011-03-18T00:00:00", "type": "nessus", "title": "SuSE9 Security Update : Tomcat (YOU Patch Number 12687)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3718", "CVE-2011-0013", "CVE-2011-0534"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE9_12687.NASL", "href": "https://www.tenable.com/plugins/nessus/52711", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(52711);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-3718\", \"CVE-2011-0013\", \"CVE-2011-0534\");\n\n script_name(english:\"SuSE9 Security Update : Tomcat (YOU Patch Number 12687)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Apache Tomcat Local bypass of security manger file\n permissions. (CVE-2010-3718)\n\n - Apache Tomcat Manager XSS vulnerability. (CVE-2011-0013)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3718.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0013.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2011-0534/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12687.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/03/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/03/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"apache-jakarta-tomcat-connectors-5.0.19-29.29\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"apache2-jakarta-tomcat-connectors-5.0.19-29.29\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"jakarta-tomcat-5.0.19-29.29\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"jakarta-tomcat-doc-5.0.19-29.29\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"jakarta-tomcat-examples-5.0.19-29.29\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:31:12", "description": "This tomcat6 update fixes :\n\n - CVE-2010-3718: CVSS v2 Base Score: 4.0 (AV:N/AC:H/Au:N/C:P/I:P/A:N): Design Error (CWE-DesignError)\n\n - CVE-2011-0013: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N): XSS (CWE-79)\n\n - CVE-2011-0534: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P): Resource Management Errors (CWE-399)", "cvss3": {}, "published": "2011-05-05T00:00:00", "type": "nessus", "title": "openSUSE Security Update : tomcat6 (openSUSE-SU-2011:0146-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3718", "CVE-2011-0013", "CVE-2011-0534"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:tomcat6", "p-cpe:/a:novell:opensuse:tomcat6-admin-webapps", "p-cpe:/a:novell:opensuse:tomcat6-docs-webapp", "p-cpe:/a:novell:opensuse:tomcat6-javadoc", "p-cpe:/a:novell:opensuse:tomcat6-jsp-2_1-api", "p-cpe:/a:novell:opensuse:tomcat6-lib", "p-cpe:/a:novell:opensuse:tomcat6-servlet-2_5-api", "p-cpe:/a:novell:opensuse:tomcat6-webapps", "cpe:/o:novell:opensuse:11.2"], "id": "SUSE_11_2_TOMCAT6-110211.NASL", "href": "https://www.tenable.com/plugins/nessus/53807", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update tomcat6-3945.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53807);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-3718\", \"CVE-2011-0013\", \"CVE-2011-0534\");\n\n script_name(english:\"openSUSE Security Update : tomcat6 (openSUSE-SU-2011:0146-1)\");\n script_summary(english:\"Check for the tomcat6-3945 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This tomcat6 update fixes :\n\n - CVE-2010-3718: CVSS v2 Base Score: 4.0\n (AV:N/AC:H/Au:N/C:P/I:P/A:N): Design Error\n (CWE-DesignError)\n\n - CVE-2011-0013: CVSS v2 Base Score: 4.3\n (AV:N/AC:M/Au:N/C:N/I:P/A:N): XSS (CWE-79)\n\n - CVE-2011-0534: CVSS v2 Base Score: 5.0\n (AV:N/AC:L/Au:N/C:N/I:N/A:P): Resource Management Errors\n (CWE-399)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=669897\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=669929\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=669930\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-03/msg00000.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat6 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-jsp-2_1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-servlet-2_5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"tomcat6-6.0.20-24.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"tomcat6-admin-webapps-6.0.20-24.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"tomcat6-docs-webapp-6.0.20-24.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"tomcat6-javadoc-6.0.20-24.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"tomcat6-jsp-2_1-api-6.0.20-24.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"tomcat6-lib-6.0.20-24.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"tomcat6-servlet-2_5-api-6.0.20-24.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"tomcat6-webapps-6.0.20-24.33.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:24:36", "description": "Several vulnerabilities were discovered in the Tomcat Servlet and JSP engine :\n\n - CVE-2010-3718 It was discovered that the SecurityManager insufficiently restricted the working directory.\n\n - CVE-2011-0013 It was discovered that the HTML manager interface is affected by cross-site scripting.\n\n - CVE-2011-0534 It was discovered that NIO connector performs insufficient validation of the HTTP headers, which could lead to denial of service.\n\nThe oldstable distribution (lenny) is not affected by these issues.", "cvss3": {}, "published": "2011-02-14T00:00:00", "type": "nessus", "title": "Debian DSA-2160-1 : tomcat6 - several vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3718", "CVE-2011-0013", "CVE-2011-0534"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:tomcat6", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DSA-2160.NASL", "href": "https://www.tenable.com/plugins/nessus/51959", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2160. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(51959);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2010-3718\", \"CVE-2011-0013\", \"CVE-2011-0534\");\n script_bugtraq_id(46164, 46174, 46177);\n script_xref(name:\"DSA\", value:\"2160\");\n\n script_name(english:\"Debian DSA-2160-1 : tomcat6 - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were discovered in the Tomcat Servlet and JSP\nengine :\n\n - CVE-2010-3718\n It was discovered that the SecurityManager\n insufficiently restricted the working directory.\n\n - CVE-2011-0013\n It was discovered that the HTML manager interface is\n affected by cross-site scripting.\n\n - CVE-2011-0534\n It was discovered that NIO connector performs\n insufficient validation of the HTTP headers, which could\n lead to denial of service.\n\nThe oldstable distribution (lenny) is not affected by these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=612257\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-3718\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0013\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0534\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/tomcat6\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2011/dsa-2160\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the tomcat6 packages.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 6.0.28-9+squeeze1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/02/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"libservlet2.5-java\", reference:\"6.0.28-9+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libservlet2.5-java-doc\", reference:\"6.0.28-9+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libtomcat6-java\", reference:\"6.0.28-9+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"tomcat6\", reference:\"6.0.28-9+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"tomcat6-admin\", reference:\"6.0.28-9+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"tomcat6-common\", reference:\"6.0.28-9+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"tomcat6-docs\", reference:\"6.0.28-9+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"tomcat6-examples\", reference:\"6.0.28-9+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"tomcat6-user\", reference:\"6.0.28-9+squeeze1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:30:27", "description": "Updated tomcat6 packages that fix three security issues and several bugs are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nIt was found that web applications could modify the location of the Tomcat host's work directory. As web applications deployed on Tomcat have read and write access to this directory, a malicious web application could use this flaw to trick Tomcat into giving it read and write access to an arbitrary directory on the file system.\n(CVE-2010-3718)\n\nA cross-site scripting (XSS) flaw was found in the Manager application, used for managing web applications on Tomcat. If a remote attacker could trick a user who is logged into the Manager application into visiting a specially crafted URL, the attacker could perform Manager application tasks with the privileges of the logged in user.\n(CVE-2010-4172)\n\nA second cross-site scripting (XSS) flaw was found in the Manager application. A malicious web application could use this flaw to conduct an XSS attack, leading to arbitrary web script execution with the privileges of victims who are logged into and viewing Manager application web pages. (CVE-2011-0013)\n\nThis update also fixes the following bugs :\n\n* A bug in the 'tomcat6' init script prevented additional Tomcat instances from starting. As well, running 'service tomcat6 start' caused configuration options applied from '/etc/sysconfig/tomcat6' to be overwritten with those from '/etc/tomcat6/tomcat6.conf'. With this update, multiple instances of Tomcat run as expected. (BZ#636997)\n\n* The '/usr/share/java/' directory was missing a symbolic link to the '/usr/share/tomcat6/bin/tomcat-juli.jar' library. Because this library was mandatory for certain operations (such as running the Jasper JSP precompiler), the 'build-jar-repository' command was unable to compose a valid classpath. With this update, the missing symbolic link has been added. (BZ#661244)\n\n* Previously, the 'tomcat6' init script failed to start Tomcat with a 'This account is currently not available.' message when Tomcat was configured to run under a user that did not have a valid shell configured as a login shell. This update modifies the init script to work correctly regardless of the daemon user's login shell.\nAdditionally, these new tomcat6 packages now set '/sbin/nologin' as the login shell for the 'tomcat' user upon installation, as recommended by deployment best practices. (BZ#678671)\n\n* Some standard Tomcat directories were missing write permissions for the 'tomcat' group, which could cause certain applications to fail with errors such as 'No output folder'. This update adds write permissions for the 'tomcat' group to the affected directories.\n(BZ#643809)\n\n* The '/usr/sbin/tomcat6' wrapper script used a hard-coded path to the 'catalina.out' file, which may have caused problems (such as for logging init script output) if Tomcat was being run with a user other than 'tomcat' and with CATALINA_BASE set to a directory other than the default. (BZ#695284, BZ#697504)\n\n* Stopping Tomcat could have resulted in traceback errors being logged to 'catalina.out' when certain web applications were deployed.\n(BZ#698624)\n\nUsers of Tomcat should upgrade to these updated packages, which contain backported patches to correct these issues. Tomcat must be restarted for this update to take effect.", "cvss3": {}, "published": "2011-05-20T00:00:00", "type": "nessus", "title": "RHEL 6 : tomcat6 (RHSA-2011:0791)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3718", "CVE-2010-4172", "CVE-2011-0013"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:tomcat6", "p-cpe:/a:redhat:enterprise_linux:tomcat6-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat6-docs-webapp", "p-cpe:/a:redhat:enterprise_linux:tomcat6-el-2.1-api", "p-cpe:/a:redhat:enterprise_linux:tomcat6-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat6-jsp-2.1-api", "p-cpe:/a:redhat:enterprise_linux:tomcat6-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat6-servlet-2.5-api", "p-cpe:/a:redhat:enterprise_linux:tomcat6-webapps", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2011-0791.NASL", "href": "https://www.tenable.com/plugins/nessus/54601", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:0791. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(54601);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-3718\", \"CVE-2010-4172\", \"CVE-2011-0013\");\n script_bugtraq_id(45015, 46174, 46177);\n script_xref(name:\"RHSA\", value:\"2011:0791\");\n\n script_name(english:\"RHEL 6 : tomcat6 (RHSA-2011:0791)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated tomcat6 packages that fix three security issues and several\nbugs are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nIt was found that web applications could modify the location of the\nTomcat host's work directory. As web applications deployed on Tomcat\nhave read and write access to this directory, a malicious web\napplication could use this flaw to trick Tomcat into giving it read\nand write access to an arbitrary directory on the file system.\n(CVE-2010-3718)\n\nA cross-site scripting (XSS) flaw was found in the Manager\napplication, used for managing web applications on Tomcat. If a remote\nattacker could trick a user who is logged into the Manager application\ninto visiting a specially crafted URL, the attacker could perform\nManager application tasks with the privileges of the logged in user.\n(CVE-2010-4172)\n\nA second cross-site scripting (XSS) flaw was found in the Manager\napplication. A malicious web application could use this flaw to\nconduct an XSS attack, leading to arbitrary web script execution with\nthe privileges of victims who are logged into and viewing Manager\napplication web pages. (CVE-2011-0013)\n\nThis update also fixes the following bugs :\n\n* A bug in the 'tomcat6' init script prevented additional Tomcat\ninstances from starting. As well, running 'service tomcat6 start'\ncaused configuration options applied from '/etc/sysconfig/tomcat6' to\nbe overwritten with those from '/etc/tomcat6/tomcat6.conf'. With this\nupdate, multiple instances of Tomcat run as expected. (BZ#636997)\n\n* The '/usr/share/java/' directory was missing a symbolic link to the\n'/usr/share/tomcat6/bin/tomcat-juli.jar' library. Because this library\nwas mandatory for certain operations (such as running the Jasper JSP\nprecompiler), the 'build-jar-repository' command was unable to compose\na valid classpath. With this update, the missing symbolic link has\nbeen added. (BZ#661244)\n\n* Previously, the 'tomcat6' init script failed to start Tomcat with a\n'This account is currently not available.' message when Tomcat was\nconfigured to run under a user that did not have a valid shell\nconfigured as a login shell. This update modifies the init script to\nwork correctly regardless of the daemon user's login shell.\nAdditionally, these new tomcat6 packages now set '/sbin/nologin' as\nthe login shell for the 'tomcat' user upon installation, as\nrecommended by deployment best practices. (BZ#678671)\n\n* Some standard Tomcat directories were missing write permissions for\nthe 'tomcat' group, which could cause certain applications to fail\nwith errors such as 'No output folder'. This update adds write\npermissions for the 'tomcat' group to the affected directories.\n(BZ#643809)\n\n* The '/usr/sbin/tomcat6' wrapper script used a hard-coded path to the\n'catalina.out' file, which may have caused problems (such as for\nlogging init script output) if Tomcat was being run with a user other\nthan 'tomcat' and with CATALINA_BASE set to a directory other than the\ndefault. (BZ#695284, BZ#697504)\n\n* Stopping Tomcat could have resulted in traceback errors being logged\nto 'catalina.out' when certain web applications were deployed.\n(BZ#698624)\n\nUsers of Tomcat should upgrade to these updated packages, which\ncontain backported patches to correct these issues. Tomcat must be\nrestarted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3718\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4172\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0013\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://tomcat.apache.org/security-6.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:0791\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/11/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:0791\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-6.0.24-33.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-admin-webapps-6.0.24-33.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-docs-webapp-6.0.24-33.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-el-2.1-api-6.0.24-33.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-javadoc-6.0.24-33.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-jsp-2.1-api-6.0.24-33.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-lib-6.0.24-33.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-servlet-2.5-api-6.0.24-33.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-webapps-6.0.24-33.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n }\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-01-11T14:27:39", "description": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nIt was found that web applications could modify the location of the Tomcat host's work directory. As web applications deployed on Tomcat have read and write access to this directory, a malicious web application could use this flaw to trick Tomcat into giving it read and write access to an arbitrary directory on the file system.\n(CVE-2010-3718)\n\nA cross-site scripting (XSS) flaw was found in the Manager application, used for managing web applications on Tomcat. If a remote attacker could trick a user who is logged into the Manager application into visiting a specially crafted URL, the attacker could perform Manager application tasks with the privileges of the logged in user.\n(CVE-2010-4172)\n\nA second cross-site scripting (XSS) flaw was found in the Manager application. A malicious web application could use this flaw to conduct an XSS attack, leading to arbitrary web script execution with the privileges of victims who are logged into and viewing Manager application web pages. (CVE-2011-0013)\n\nThis update also fixes the following bugs :\n\n - A bug in the 'tomcat6' init script prevented additional Tomcat instances from starting. As well, running 'service tomcat6 start' caused configuration options applied from '/etc/sysconfig/tomcat6' to be overwritten with those from '/etc/tomcat6/tomcat6.conf'. With this update, multiple instances of Tomcat run as expected.\n (BZ#636997)\n\n - The '/usr/share/java/' directory was missing a symbolic link to the '/usr/share/tomcat6/bin/tomcat-juli.jar' library. Because this library was mandatory for certain operations (such as running the Jasper JSP precompiler), the 'build-jar-repository' command was unable to compose a valid classpath. With this update, the missing symbolic link has been added. (BZ#661244)\n\n - Previously, the 'tomcat6' init script failed to start Tomcat with a 'This account is currently not available.' message when Tomcat was configured to run under a user that did not have a valid shell configured as a login shell. This update modifies the init script to work correctly regardless of the daemon user's login shell.\n Additionally, these new tomcat6 packages now set '/sbin/nologin' as the login shell for the 'tomcat' user upon installation, as recommended by deployment best practices. (BZ#678671)\n\n - Some standard Tomcat directories were missing write permissions for the 'tomcat' group, which could cause certain applications to fail with errors such as 'No output folder'. This update adds write permissions for the 'tomcat' group to the affected directories.\n (BZ#643809)\n\n - The '/usr/sbin/tomcat6' wrapper script used a hard-coded path to the 'catalina.out' file, which may have caused problems (such as for logging init script output) if Tomcat was being run with a user other than 'tomcat' and with CATALINA_BASE set to a directory other than the default. (BZ#695284, BZ#697504)\n\n - Stopping Tomcat could have resulted in traceback errors being logged to 'catalina.out' when certain web applications were deployed. (BZ#698624)\n\nUsers of Tomcat should upgrade to these updated packages, which contain backported patches to correct these issues. Tomcat must be restarted for this update to take effect.", "cvss3": {}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : tomcat6 on SL6.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3718", "CVE-2010-4172", "CVE-2011-0013"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20110519_TOMCAT6_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61051", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61051);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-3718\", \"CVE-2010-4172\", \"CVE-2011-0013\");\n\n script_name(english:\"Scientific Linux Security Update : tomcat6 on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Apache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nIt was found that web applications could modify the location of the\nTomcat host's work directory. As web applications deployed on Tomcat\nhave read and write access to this directory, a malicious web\napplication could use this flaw to trick Tomcat into giving it read\nand write access to an arbitrary directory on the file system.\n(CVE-2010-3718)\n\nA cross-site scripting (XSS) flaw was found in the Manager\napplication, used for managing web applications on Tomcat. If a remote\nattacker could trick a user who is logged into the Manager application\ninto visiting a specially crafted URL, the attacker could perform\nManager application tasks with the privileges of the logged in user.\n(CVE-2010-4172)\n\nA second cross-site scripting (XSS) flaw was found in the Manager\napplication. A malicious web application could use this flaw to\nconduct an XSS attack, leading to arbitrary web script execution with\nthe privileges of victims who are logged into and viewing Manager\napplication web pages. (CVE-2011-0013)\n\nThis update also fixes the following bugs :\n\n - A bug in the 'tomcat6' init script prevented additional\n Tomcat instances from starting. As well, running\n 'service tomcat6 start' caused configuration options\n applied from '/etc/sysconfig/tomcat6' to be overwritten\n with those from '/etc/tomcat6/tomcat6.conf'. With this\n update, multiple instances of Tomcat run as expected.\n (BZ#636997)\n\n - The '/usr/share/java/' directory was missing a symbolic\n link to the '/usr/share/tomcat6/bin/tomcat-juli.jar'\n library. Because this library was mandatory for certain\n operations (such as running the Jasper JSP precompiler),\n the 'build-jar-repository' command was unable to compose\n a valid classpath. With this update, the missing\n symbolic link has been added. (BZ#661244)\n\n - Previously, the 'tomcat6' init script failed to start\n Tomcat with a 'This account is currently not available.'\n message when Tomcat was configured to run under a user\n that did not have a valid shell configured as a login\n shell. This update modifies the init script to work\n correctly regardless of the daemon user's login shell.\n Additionally, these new tomcat6 packages now set\n '/sbin/nologin' as the login shell for the 'tomcat' user\n upon installation, as recommended by deployment best\n practices. (BZ#678671)\n\n - Some standard Tomcat directories were missing write\n permissions for the 'tomcat' group, which could cause\n certain applications to fail with errors such as 'No\n output folder'. This update adds write permissions for\n the 'tomcat' group to the affected directories.\n (BZ#643809)\n\n - The '/usr/sbin/tomcat6' wrapper script used a hard-coded\n path to the 'catalina.out' file, which may have caused\n problems (such as for logging init script output) if\n Tomcat was being run with a user other than 'tomcat' and\n with CATALINA_BASE set to a directory other than the\n default. (BZ#695284, BZ#697504)\n\n - Stopping Tomcat could have resulted in traceback errors\n being logged to 'catalina.out' when certain web\n applications were deployed. (BZ#698624)\n\nUsers of Tomcat should upgrade to these updated packages, which\ncontain backported patches to correct these issues. Tomcat must be\nrestarted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=636997\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=643809\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=661244\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=678671\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=695284\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=697504\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=698624\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1106&L=scientific-linux-errata&T=0&P=2006\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a5e979a2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/11/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-6.0.24-33.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-admin-webapps-6.0.24-33.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-docs-webapp-6.0.24-33.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-el-2.1-api-6.0.24-33.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-javadoc-6.0.24-33.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-jsp-2.1-api-6.0.24-33.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-lib-6.0.24-33.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-servlet-2.5-api-6.0.24-33.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-webapps-6.0.24-33.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-01-11T14:22:28", "description": "Versions of Tomcat 6.x earlier than 6.0.30 are potentially affected by multiple vulnerabilities : \n\n - When running under a SecurityManager it is possible for a web application to gain read/write permissions to any area on the file system. (CVE-2010-3718)\n\n - It is possible to conduct cross-site scripting attacks via the 'sort' and 'orderBy' parameers of the Manager application. (CVE-2010-4172)\n\n - The HTML Manager interface displays web application provided data, such as display names, without filtering. (CVE-2011-0013)", "cvss3": {}, "published": "2011-02-11T00:00:00", "type": "nessus", "title": "Apache Tomcat 6.0.x < 6.0.30 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3718", "CVE-2010-4172", "CVE-2011-0013"], "modified": "2011-02-11T00:00:00", "cpe": [], "id": "800609.PRM", "href": "https://www.tenable.com/plugins/lce/800609", "sourceData": "Binary data 800609.prm", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-01-11T14:25:46", "description": "It was discovered that the Tomcat SecurityManager did not properly restrict the working directory. An attacker could use this flaw to read or write files outside of the intended working directory.\n(CVE-2010-3718)\n\nIt was discovered that Tomcat did not properly escape certain parameters in the Manager application which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain.\n(CVE-2011-0013)\n\nIt was discovered that Tomcat incorrectly enforced the maxHttpHeaderSize limit in certain configurations. A remote attacker could use this flaw to cause Tomcat to consume all available memory, resulting in a denial of service. (CVE-2011-0534).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2011-03-30T00:00:00", "type": "nessus", "title": "Ubuntu 9.10 / 10.04 LTS / 10.10 : tomcat6 vulnerabilities (USN-1097-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3718", "CVE-2011-0013", "CVE-2011-0534"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libservlet2.5-java", "p-cpe:/a:canonical:ubuntu_linux:libservlet2.5-java-doc", "p-cpe:/a:canonical:ubuntu_linux:libtomcat6-java", "p-cpe:/a:canonical:ubuntu_linux:tomcat6", "p-cpe:/a:canonical:ubuntu_linux:tomcat6-admin", "p-cpe:/a:canonical:ubuntu_linux:tomcat6-common", "p-cpe:/a:canonical:ubuntu_linux:tomcat6-docs", "p-cpe:/a:canonical:ubuntu_linux:tomcat6-examples", "p-cpe:/a:canonical:ubuntu_linux:tomcat6-user", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:10.10", "cpe:/o:canonical:ubuntu_linux:9.10"], "id": "UBUNTU_USN-1097-1.NASL", "href": "https://www.tenable.com/plugins/nessus/53221", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1097-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(53221);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/09/19 12:54:26\");\n\n script_cve_id(\"CVE-2010-3718\", \"CVE-2011-0013\", \"CVE-2011-0534\");\n script_bugtraq_id(46164, 46174, 46177);\n script_xref(name:\"USN\", value:\"1097-1\");\n\n script_name(english:\"Ubuntu 9.10 / 10.04 LTS / 10.10 : tomcat6 vulnerabilities (USN-1097-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the Tomcat SecurityManager did not properly\nrestrict the working directory. An attacker could use this flaw to\nread or write files outside of the intended working directory.\n(CVE-2010-3718)\n\nIt was discovered that Tomcat did not properly escape certain\nparameters in the Manager application which could result in browsers\nbecoming vulnerable to cross-site scripting attacks when processing\nthe output. With cross-site scripting vulnerabilities, if a user were\ntricked into viewing server output during a crafted server request, a\nremote attacker could exploit this to modify the contents, or steal\nconfidential data (such as passwords), within the same domain.\n(CVE-2011-0013)\n\nIt was discovered that Tomcat incorrectly enforced the\nmaxHttpHeaderSize limit in certain configurations. A remote attacker\ncould use this flaw to cause Tomcat to consume all available memory,\nresulting in a denial of service. (CVE-2011-0534).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1097-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libservlet2.5-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libservlet2.5-java-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libtomcat6-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:tomcat6-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:tomcat6-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:tomcat6-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:tomcat6-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:tomcat6-user\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/02/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/03/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(9\\.10|10\\.04|10\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 9.10 / 10.04 / 10.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libservlet2.5-java\", pkgver:\"6.0.20-2ubuntu2.4\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libservlet2.5-java-doc\", pkgver:\"6.0.20-2ubuntu2.4\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libtomcat6-java\", pkgver:\"6.0.20-2ubuntu2.4\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"tomcat6\", pkgver:\"6.0.20-2ubuntu2.4\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"tomcat6-admin\", pkgver:\"6.0.20-2ubuntu2.4\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"tomcat6-common\", pkgver:\"6.0.20-2ubuntu2.4\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"tomcat6-docs\", pkgver:\"6.0.20-2ubuntu2.4\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"tomcat6-examples\", pkgver:\"6.0.20-2ubuntu2.4\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"tomcat6-user\", pkgver:\"6.0.20-2ubuntu2.4\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libservlet2.5-java\", pkgver:\"6.0.24-2ubuntu1.7\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libservlet2.5-java-doc\", pkgver:\"6.0.24-2ubuntu1.7\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libtomcat6-java\", pkgver:\"6.0.24-2ubuntu1.7\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"tomcat6\", pkgver:\"6.0.24-2ubuntu1.7\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"tomcat6-admin\", pkgver:\"6.0.24-2ubuntu1.7\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"tomcat6-common\", pkgver:\"6.0.24-2ubuntu1.7\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"tomcat6-docs\", pkgver:\"6.0.24-2ubuntu1.7\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"tomcat6-examples\", pkgver:\"6.0.24-2ubuntu1.7\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"tomcat6-user\", pkgver:\"6.0.24-2ubuntu1.7\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libservlet2.5-java\", pkgver:\"6.0.28-2ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libservlet2.5-java-doc\", pkgver:\"6.0.28-2ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libtomcat6-java\", pkgver:\"6.0.28-2ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"tomcat6\", pkgver:\"6.0.28-2ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"tomcat6-admin\", pkgver:\"6.0.28-2ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"tomcat6-common\", pkgver:\"6.0.28-2ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"tomcat6-docs\", pkgver:\"6.0.28-2ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"tomcat6-examples\", pkgver:\"6.0.28-2ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"tomcat6-user\", pkgver:\"6.0.28-2ubuntu1.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libservlet2.5-java / libservlet2.5-java-doc / libtomcat6-java / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-18T14:32:11", "description": "This tomcat6 update fixes :\n\n - CVE-2010-3718: CVSS v2 Base Score: 4.0 (AV:N/AC:H/Au:N/C:P/I:P/A:N): Design Error (CWE-DesignError)\n\n - CVE-2011-0013: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N): XSS (CWE-79)\n\n - CVE-2011-0534: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P): Resource Management Errors (CWE-399)", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : tomcat6 (openSUSE-SU-2011:0146-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3718", "CVE-2011-0013", "CVE-2011-0534"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:tomcat6", "p-cpe:/a:novell:opensuse:tomcat6-admin-webapps", "p-cpe:/a:novell:opensuse:tomcat6-docs-webapp", "p-cpe:/a:novell:opensuse:tomcat6-el-1_0-api", "p-cpe:/a:novell:opensuse:tomcat6-javadoc", "p-cpe:/a:novell:opensuse:tomcat6-jsp-2_1-api", "p-cpe:/a:novell:opensuse:tomcat6-lib", "p-cpe:/a:novell:opensuse:tomcat6-servlet-2_5-api", "p-cpe:/a:novell:opensuse:tomcat6-webapps", "cpe:/o:novell:opensuse:11.3"], "id": "SUSE_11_3_TOMCAT6-110211.NASL", "href": "https://www.tenable.com/plugins/nessus/75761", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update tomcat6-3945.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75761);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-3718\", \"CVE-2011-0013\", \"CVE-2011-0534\");\n\n script_name(english:\"openSUSE Security Update : tomcat6 (openSUSE-SU-2011:0146-1)\");\n script_summary(english:\"Check for the tomcat6-3945 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This tomcat6 update fixes :\n\n - CVE-2010-3718: CVSS v2 Base Score: 4.0\n (AV:N/AC:H/Au:N/C:P/I:P/A:N): Design Error\n (CWE-DesignError)\n\n - CVE-2011-0013: CVSS v2 Base Score: 4.3\n (AV:N/AC:M/Au:N/C:N/I:P/A:N): XSS (CWE-79)\n\n - CVE-2011-0534: CVSS v2 Base Score: 5.0\n (AV:N/AC:L/Au:N/C:N/I:N/A:P): Resource Management Errors\n (CWE-399)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=669897\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=669929\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=669930\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-03/msg00000.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat6 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-el-1_0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-jsp-2_1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-servlet-2_5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"tomcat6-6.0.24-5.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"tomcat6-admin-webapps-6.0.24-5.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"tomcat6-docs-webapp-6.0.24-5.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"tomcat6-el-1_0-api-6.0.24-5.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"tomcat6-javadoc-6.0.24-5.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"tomcat6-jsp-2_1-api-6.0.24-5.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"tomcat6-lib-6.0.24-5.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"tomcat6-servlet-2_5-api-6.0.24-5.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"tomcat6-webapps-6.0.24-5.10.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T15:20:35", "description": "Multiple vulnerabilities has been found and corrected in tomcat5 :\n\nApache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (') characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE:\nthis issue exists because of an incomplete fix for CVE-2007-3385 (CVE-2007-5333).\n\nApache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request (CVE-2008-5515).\n\nApache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header (CVE-2009-0033).\n\nApache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter (CVE-2009-0580).\n\nApache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application (CVE-2009-0783).\n\nDirectory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry (CVE-2009-2693).\n\nThe autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests (CVE-2009-2901).\n\nDirectory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename (CVE-2009-2902).\n\nApache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply (CVE-2010-1157).\n\nApache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with recycling of a buffer. (CVE-2010-2227)\n\nPackages for 2008.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149&products_id=4 90\n\nThe updated packages have been patched to correct these issues.", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "baseScore": 4.2, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.4}, "published": "2010-09-13T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : tomcat5 (MDVSA-2010:176)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-3385", "CVE-2007-5333", "CVE-2008-5515", "CVE-2009-0033", "CVE-2009-0580", "CVE-2009-0783", "CVE-2009-2693", "CVE-2009-2901", "CVE-2009-2902", "CVE-2010-1157", "CVE-2010-2227"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:tomcat5", "p-cpe:/a:mandriva:linux:tomcat5-admin-webapps", "p-cpe:/a:mandriva:linux:tomcat5-common-lib", "p-cpe:/a:mandriva:linux:tomcat5-jasper", "p-cpe:/a:mandriva:linux:tomcat5-jasper-javadoc", "p-cpe:/a:mandriva:linux:tomcat5-jsp-2.0-api", "p-cpe:/a:mandriva:linux:tomcat5-jsp-2.0-api-javadoc", "p-cpe:/a:mandriva:linux:tomcat5-server-lib", "p-cpe:/a:mandriva:linux:tomcat5-servlet-2.4-api", "p-cpe:/a:mandriva:linux:tomcat5-servlet-2.4-api-javadoc", "p-cpe:/a:mandriva:linux:tomcat5-webapps", "cpe:/o:mandriva:linux:2008.0"], "id": "MANDRIVA_MDVSA-2010-176.NASL", "href": "https://www.tenable.com/plugins/nessus/49206", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2010:176. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(49206);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-5333\", \"CVE-2008-5515\", \"CVE-2009-0033\", \"CVE-2009-0580\", \"CVE-2009-0783\", \"CVE-2009-2693\", \"CVE-2009-2901\", \"CVE-2009-2902\", \"CVE-2010-1157\", \"CVE-2010-2227\");\n script_bugtraq_id(27706, 35193, 35196, 35263, 35416, 37942, 37944, 37945, 39635, 41544);\n script_xref(name:\"MDVSA\", value:\"2010:176\");\n\n script_name(english:\"Mandriva Linux Security Advisory : tomcat5 (MDVSA-2010:176)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been found and corrected in tomcat5 :\n\nApache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0\nthrough 4.1.36 does not properly handle (1) double quote (')\ncharacters or (2) %5C (encoded backslash) sequences in a cookie value,\nwhich might cause sensitive information such as session IDs to be\nleaked to remote attackers and enable session hijacking attacks. NOTE:\nthis issue exists because of an incomplete fix for CVE-2007-3385\n(CVE-2007-5333).\n\nApache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0\nthrough 6.0.18, and possibly earlier versions normalizes the target\npathname before filtering the query string when using the\nRequestDispatcher method, which allows remote attackers to bypass\nintended access restrictions and conduct directory traversal attacks\nvia .. (dot dot) sequences and the WEB-INF directory in a Request\n(CVE-2008-5515).\n\nApache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0\nthrough 6.0.18, when the Java AJP connector and mod_jk load balancing\nare used, allows remote attackers to cause a denial of service\n(application outage) via a crafted request with invalid headers,\nrelated to temporary blocking of connectors that have encountered\nerrors, as demonstrated by an error involving a malformed HTTP Host\nheader (CVE-2009-0033).\n\nApache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0\nthrough 6.0.18, when FORM authentication is used, allows remote\nattackers to enumerate valid usernames via requests to\n/j_security_check with malformed URL encoding of passwords, related to\nimproper error checking in the (1) MemoryRealm, (2) DataSourceRealm,\nand (3) JDBCRealm authentication realms, as demonstrated by a %\n(percent) value for the j_password parameter (CVE-2009-0580).\n\nApache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0\nthrough 6.0.18 permits web applications to replace an XML parser used\nfor other web applications, which allows local users to read or modify\nthe (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web\napplications via a crafted application that is loaded earlier than the\ntarget application (CVE-2009-0783).\n\nDirectory traversal vulnerability in Apache Tomcat 5.5.0 through\n5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or\noverwrite arbitrary files via a .. (dot dot) in an entry in a WAR\nfile, as demonstrated by a ../../bin/catalina.bat entry\n(CVE-2009-2693).\n\nThe autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and\n6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase\nfiles that remain from a failed undeploy, which might allow remote\nattackers to bypass intended authentication requirements via HTTP\nrequests (CVE-2009-2901).\n\nDirectory traversal vulnerability in Apache Tomcat 5.5.0 through\n5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete\nwork-directory files via directory traversal sequences in a WAR\nfilename, as demonstrated by the ...war filename (CVE-2009-2902).\n\nApache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might\nallow remote attackers to discover the server's hostname or IP address\nby sending a request for a resource that requires (1) BASIC or (2)\nDIGEST authentication, and then reading the realm field in the\nWWW-Authenticate header in the reply (CVE-2010-1157).\n\nApache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0\nbeta does not properly handle an invalid Transfer-Encoding header,\nwhich allows remote attackers to cause a denial of service\n(application outage) or obtain sensitive information via a crafted\nheader that interferes with recycling of a buffer. (CVE-2010-2227)\n\nPackages for 2008.0 are provided as of the Extended Maintenance\nProgram. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149&products_id=4\n90\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(20, 22, 200, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-common-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-jasper-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-jsp-2.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-jsp-2.0-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-server-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-servlet-2.4-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-servlet-2.4-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/09/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tomcat5-5.5.23-9.2.10.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tomcat5-admin-webapps-5.5.23-9.2.10.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tomcat5-common-lib-5.5.23-9.2.10.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tomcat5-jasper-5.5.23-9.2.10.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tomcat5-jasper-javadoc-5.5.23-9.2.10.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tomcat5-jsp-2.0-api-5.5.23-9.2.10.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-9.2.10.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tomcat5-server-lib-5.5.23-9.2.10.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tomcat5-servlet-2.4-api-5.5.23-9.2.10.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-9.2.10.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tomcat5-webapps-5.5.23-9.2.10.3mdv2008.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-01-11T14:25:42", "description": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nIt was found that web applications could modify the location of the Tomcat host's work directory. As web applications deployed on Tomcat have read and write access to this directory, a malicious web application could use this flaw to trick Tomcat into giving it read and write access to an arbitrary directory on the file system.\n(CVE-2010-3718)\n\nA cross-site scripting (XSS) flaw was found in the Manager application, used for managing web applications on Apache Tomcat. A malicious web application could use this flaw to conduct an XSS attack, leading to arbitrary web script execution with the privileges of victims who are logged into and viewing Manager application web pages. (CVE-2011-0013)\n\nMultiple flaws were found in the way Tomcat handled HTTP DIGEST authentication. These flaws weakened the Tomcat HTTP DIGEST authentication implementation, subjecting it to some of the weaknesses of HTTP BASIC authentication, for example, allowing remote attackers to perform session replay attacks. (CVE-2011-1184)\n\nA flaw was found in the Tomcat MemoryUserDatabase. If a runtime exception occurred when creating a new user with a JMX client, that user's password was logged to Tomcat log files. Note: By default, only administrators have access to such log files. (CVE-2011-2204)\n\nUsers of Tomcat should upgrade to these updated packages, which contain backported patches to correct these issues. Tomcat must be restarted for this update to take effect.", "cvss3": {}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : tomcat5 on SL5.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3718", "CVE-2011-0013", "CVE-2011-1184", "CVE-2011-2204"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20111220_TOMCAT5_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61211", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61211);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-3718\", \"CVE-2011-0013\", \"CVE-2011-1184\", \"CVE-2011-2204\");\n\n script_name(english:\"Scientific Linux Security Update : tomcat5 on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Apache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nIt was found that web applications could modify the location of the\nTomcat host's work directory. As web applications deployed on Tomcat\nhave read and write access to this directory, a malicious web\napplication could use this flaw to trick Tomcat into giving it read\nand write access to an arbitrary directory on the file system.\n(CVE-2010-3718)\n\nA cross-site scripting (XSS) flaw was found in the Manager\napplication, used for managing web applications on Apache Tomcat. A\nmalicious web application could use this flaw to conduct an XSS\nattack, leading to arbitrary web script execution with the privileges\nof victims who are logged into and viewing Manager application web\npages. (CVE-2011-0013)\n\nMultiple flaws were found in the way Tomcat handled HTTP DIGEST\nauthentication. These flaws weakened the Tomcat HTTP DIGEST\nauthentication implementation, subjecting it to some of the weaknesses\nof HTTP BASIC authentication, for example, allowing remote attackers\nto perform session replay attacks. (CVE-2011-1184)\n\nA flaw was found in the Tomcat MemoryUserDatabase. If a runtime\nexception occurred when creating a new user with a JMX client, that\nuser's password was logged to Tomcat log files. Note: By default, only\nadministrators have access to such log files. (CVE-2011-2204)\n\nUsers of Tomcat should upgrade to these updated packages, which\ncontain backported patches to correct these issues. Tomcat must be\nrestarted for this update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1112&L=scientific-linux-errata&T=0&P=3772\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?da560124\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-5.5.23-0jpp.22.el5_7\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.22.el5_7\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-common-lib-5.5.23-0jpp.22.el5_7\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-debuginfo-5.5.23-0jpp.22.el5_7\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-jasper-5.5.23-0jpp.22.el5_7\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.22.el5_7\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.22.el5_7\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.22.el5_7\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-server-lib-5.5.23-0jpp.22.el5_7\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.22.el5_7\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.22.el5_7\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-webapps-5.5.23-0jpp.22.el5_7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T14:22:36", "description": "According to its self-reported version number, the instance of Apache Tomcat 6.0.x listening on the remote host is prior to 6.0.30. It is, therefore, affected by multiple vulnerabilities:\n\n - An error in the access restriction on a 'ServletContext' attribute that holds the location of the work directory in Tomcat's SecurityManager. A malicious web application can modify the location of the working directory which then allows improper read and write access to arbitrary files and directories in the context of Tomcat. (CVE-2010-3718)\n\n - An input validation error exists in the Manager application in that it fails to filter the 'sort' and 'orderBy' input parameters. (CVE-2010-4172)\n\n - The default configuration does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie. (CVE-2010-4312)\n\n - An input validation error exists in the HTML manager application in that it fails to filter various input data before returning it to the browser. (CVE-2011-0013)\n\nNote that Nessus Network Monitor has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2011-02-11T00:00:00", "type": "nessus", "title": "Apache Tomcat 6.0.x < 6.0.30 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3718", "CVE-2010-4172", "CVE-2010-4312", "CVE-2011-0013"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*"], "id": "5789.PASL", "href": "https://www.tenable.com/plugins/nnm/5789", "sourceData": "Binary data 5789.pasl", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-01-11T14:24:01", "description": "According to its self-reported version number, the instance of Apache Tomcat 6.0.x listening on the remote host is prior to 6.0.30. It is, therefore, affected by multiple vulnerabilities :\n\n - An error in the access restriction on a 'ServletContext' attribute that holds the location of the work directory in Tomcat's SecurityManager. A malicious web application can modify the location of the working directory which then allows improper read and write access to arbitrary files and directories in the context of Tomcat.\n (CVE-2010-3718)\n\n - An input validation error exists in the Manager application in that it fails to filter the 'sort' and 'orderBy' input parameters. (CVE-2010-4172)\n\n - The default configuration does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie. (CVE-2010-4312)\n\n - An input validation error exists in the HTML manager application in that it fails to filter various input data before returning it to the browser. (CVE-2011-0013)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2011-02-14T00:00:00", "type": "nessus", "title": "Apache Tomcat 6.0.x < 6.0.30 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3718", "CVE-2010-4172", "CVE-2010-4312", "CVE-2011-0013"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_6_0_30.NASL", "href": "https://www.tenable.com/plugins/nessus/51975", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(51975);\n script_version(\"1.29\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2010-3718\",\n \"CVE-2010-4172\",\n \"CVE-2010-4312\",\n \"CVE-2011-0013\"\n );\n script_bugtraq_id(45015, 46174, 46177);\n script_xref(name:\"SECUNIA\", value:\"42337\");\n script_xref(name:\"SECUNIA\", value:\"43194\");\n\n script_name(english:\"Apache Tomcat 6.0.x < 6.0.30 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the instance of Apache\nTomcat 6.0.x listening on the remote host is prior to 6.0.30. It is,\ntherefore, affected by multiple vulnerabilities :\n\n - An error in the access restriction on a 'ServletContext'\n attribute that holds the location of the work directory\n in Tomcat's SecurityManager. A malicious web application\n can modify the location of the working directory which\n then allows improper read and write access to arbitrary\n files and directories in the context of Tomcat.\n (CVE-2010-3718)\n\n - An input validation error exists in the Manager\n application in that it fails to filter the 'sort' and\n 'orderBy' input parameters. (CVE-2010-4172)\n\n - The default configuration does not include the HTTPOnly\n flag in a Set-Cookie header, which makes it easier for\n remote attackers to hijack a session via script access\n to a cookie. (CVE-2010-4312)\n\n - An input validation error exists in the HTML manager\n application in that it fails to filter various input\n data before returning it to the browser. (CVE-2011-0013)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.30\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/fulldisclosure/2010/Nov/283\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update Apache Tomcat to version 6.0.30 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2010-4312\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/11/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/01/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/02/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n\n exit(0);\n}\n\ninclude(\"tomcat_version.inc\");\n\ntomcat_check_version(fixed:\"6.0.30\", min:\"6.0.0\", severity:SECURITY_WARNING, xss:TRUE, granularity_regex:\"^6(\\.0)?$\");\n\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-01-11T14:27:17", "description": "A flaw was found in the way Tomcat handled the Transfer-Encoding header in HTTP requests. A specially crafted HTTP request could prevent Tomcat from sending replies, or cause Tomcat to return truncated replies, or replies containing data related to the requests of other users, for all subsequent HTTP requests. (CVE-2010-2227)\n\nThe Tomcat security update RHSA-2009:1164 did not, unlike the erratum text stated, provide a fix for CVE-2009-0781, a cross-site scripting (XSS) flaw in the examples calendar application. With some web browsers, remote attackers could use this flaw to inject arbitrary web script or HTML via the 'time' parameter. (CVE-2009-2696)\n\nTwo directory traversal flaws were found in the Tomcat deployment process. A specially crafted WAR file could, when deployed, cause a file to be created outside of the web root into any directory writable by the Tomcat user, or could lead to the deletion of files in the Tomcat host's work directory. (CVE-2009-2693, CVE-2009-2902)\n\nTomcat must be restarted for this update to take effect.", "cvss3": {}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : tomcat5 on SL5.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-0781", "CVE-2009-2693", "CVE-2009-2696", "CVE-2009-2902", "CVE-2010-2227"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20100802_TOMCAT5_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60828", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60828);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0781\", \"CVE-2009-2693\", \"CVE-2009-2696\", \"CVE-2009-2902\", \"CVE-2010-2227\");\n\n script_name(english:\"Scientific Linux Security Update : tomcat5 on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in the way Tomcat handled the Transfer-Encoding\nheader in HTTP requests. A specially crafted HTTP request could\nprevent Tomcat from sending replies, or cause Tomcat to return\ntruncated replies, or replies containing data related to the requests\nof other users, for all subsequent HTTP requests. (CVE-2010-2227)\n\nThe Tomcat security update RHSA-2009:1164 did not, unlike the erratum\ntext stated, provide a fix for CVE-2009-0781, a cross-site scripting\n(XSS) flaw in the examples calendar application. With some web\nbrowsers, remote attackers could use this flaw to inject arbitrary web\nscript or HTML via the 'time' parameter. (CVE-2009-2696)\n\nTwo directory traversal flaws were found in the Tomcat deployment\nprocess. A specially crafted WAR file could, when deployed, cause a\nfile to be created outside of the web root into any directory writable\nby the Tomcat user, or could lead to the deletion of files in the\nTomcat host's work directory. (CVE-2009-2693, CVE-2009-2902)\n\nTomcat must be restarted for this update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1008&L=scientific-linux-errata&T=0&P=412\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?76cc914b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_cwe_id(22, 79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-common-lib-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-jasper-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-server-lib-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-webapps-5.5.23-0jpp.9.el5_5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-01-11T14:56:43", "description": "From Red Hat Security Advisory 2010:0580 :\n\nUpdated tomcat5 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nA flaw was found in the way Tomcat handled the Transfer-Encoding header in HTTP requests. A specially crafted HTTP request could prevent Tomcat from sending replies, or cause Tomcat to return truncated replies, or replies containing data related to the requests of other users, for all subsequent HTTP requests. (CVE-2010-2227)\n\nThe Tomcat security update RHSA-2009:1164 did not, unlike the erratum text stated, provide a fix for CVE-2009-0781, a cross-site scripting (XSS) flaw in the examples calendar application. With some web browsers, remote attackers could use this flaw to inject arbitrary web script or HTML via the 'time' parameter. (CVE-2009-2696)\n\nTwo directory traversal flaws were found in the Tomcat deployment process. A specially crafted WAR file could, when deployed, cause a file to be created outside of the web root into any directory writable by the Tomcat user, or could lead to the deletion of files in the Tomcat host's work directory. (CVE-2009-2693, CVE-2009-2902)\n\nUsers of Tomcat should upgrade to these updated packages, which contain backported patches to resolve these issues. Tomcat must be restarted for this update to take effect.", "cvss3": {}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 5 : tomcat5 (ELSA-2010-0580)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-0781", "CVE-2009-2693", "CVE-2009-2696", "CVE-2009-2902", "CVE-2010-2227"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:tomcat5", "p-cpe:/a:oracle:linux:tomcat5-admin-webapps", "p-cpe:/a:oracle:linux:tomcat5-common-lib", "p-cpe:/a:oracle:linux:tomcat5-jasper", "p-cpe:/a:oracle:linux:tomcat5-jasper-javadoc", "p-cpe:/a:oracle:linux:tomcat5-jsp-2.0-api", "p-cpe:/a:oracle:linux:tomcat5-jsp-2.0-api-javadoc", "p-cpe:/a:oracle:linux:tomcat5-server-lib", "p-cpe:/a:oracle:linux:tomcat5-servlet-2.4-api", "p-cpe:/a:oracle:linux:tomcat5-servlet-2.4-api-javadoc", "p-cpe:/a:oracle:linux:tomcat5-webapps", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2010-0580.NASL", "href": "https://www.tenable.com/plugins/nessus/68076", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2010:0580 and \n# Oracle Linux Security Advisory ELSA-2010-0580 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68076);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0781\", \"CVE-2009-2693\", \"CVE-2009-2696\", \"CVE-2009-2902\", \"CVE-2010-2227\");\n script_xref(name:\"RHSA\", value:\"2010:0580\");\n\n script_name(english:\"Oracle Linux 5 : tomcat5 (ELSA-2010-0580)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2010:0580 :\n\nUpdated tomcat5 packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nA flaw was found in the way Tomcat handled the Transfer-Encoding\nheader in HTTP requests. A specially crafted HTTP request could\nprevent Tomcat from sending replies, or cause Tomcat to return\ntruncated replies, or replies containing data related to the requests\nof other users, for all subsequent HTTP requests. (CVE-2010-2227)\n\nThe Tomcat security update RHSA-2009:1164 did not, unlike the erratum\ntext stated, provide a fix for CVE-2009-0781, a cross-site scripting\n(XSS) flaw in the examples calendar application. With some web\nbrowsers, remote attackers could use this flaw to inject arbitrary web\nscript or HTML via the 'time' parameter. (CVE-2009-2696)\n\nTwo directory traversal flaws were found in the Tomcat deployment\nprocess. A specially crafted WAR file could, when deployed, cause a\nfile to be created outside of the web root into any directory writable\nby the Tomcat user, or could lead to the deletion of files in the\nTomcat host's work directory. (CVE-2009-2693, CVE-2009-2902)\n\nUsers of Tomcat should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. Tomcat must be\nrestarted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2010-August/001575.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat5 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(22, 79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-common-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-jasper-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-jsp-2.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-jsp-2.0-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-server-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-servlet-2.4-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-servlet-2.4-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/03/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-common-lib-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-jasper-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-server-lib-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-webapps-5.5.23-0jpp.9.el5_5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat5 / tomcat5-admin-webapps / tomcat5-common-lib / etc\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-01-11T15:20:03", "description": "Updated tomcat5 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nA flaw was found in the way Tomcat handled the Transfer-Encoding header in HTTP requests. A specially crafted HTTP request could prevent Tomcat from sending replies, or cause Tomcat to return truncated replies, or replies containing data related to the requests of other users, for all subsequent HTTP requests. (CVE-2010-2227)\n\nThe Tomcat security update RHSA-2009:1164 did not, unlike the erratum text stated, provide a fix for CVE-2009-0781, a cross-site scripting (XSS) flaw in the examples calendar application. With some web browsers, remote attackers could use this flaw to inject arbitrary web script or HTML via the 'time' parameter. (CVE-2009-2696)\n\nTwo directory traversal flaws were found in the Tomcat deployment process. A specially crafted WAR file could, when deployed, cause a file to be created outside of the web root into any directory writable by the Tomcat user, or could lead to the deletion of files in the Tomcat host's work directory. (CVE-2009-2693, CVE-2009-2902)\n\nUsers of Tomcat should upgrade to these updated packages, which contain backported patches to resolve these issues. Tomcat must be restarted for this update to take effect.", "cvss3": {}, "published": "2010-08-03T00:00:00", "type": "nessus", "title": "RHEL 5 : tomcat5 (RHSA-2010:0580)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-0781", "CVE-2009-2693", "CVE-2009-2696", "CVE-2009-2902", "CVE-2010-2227"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:tomcat5", "p-cpe:/a:redhat:enterprise_linux:tomcat5-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat5-common-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat5-jasper", "p-cpe:/a:redhat:enterprise_linux:tomcat5-jasper-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat5-jsp-2.0-api", "p-cpe:/a:redhat:enterprise_linux:tomcat5-jsp-2.0-api-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat5-server-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat5-servlet-2.4-api", "p-cpe:/a:redhat:enterprise_linux:tomcat5-servlet-2.4-api-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat5-webapps", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2010-0580.NASL", "href": "https://www.tenable.com/plugins/nessus/48231", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0580. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48231);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0781\", \"CVE-2009-2693\", \"CVE-2009-2696\", \"CVE-2009-2902\", \"CVE-2010-2227\");\n script_xref(name:\"RHSA\", value:\"2010:0580\");\n\n script_name(english:\"RHEL 5 : tomcat5 (RHSA-2010:0580)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated tomcat5 packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nA flaw was found in the way Tomcat handled the Transfer-Encoding\nheader in HTTP requests. A specially crafted HTTP request could\nprevent Tomcat from sending replies, or cause Tomcat to return\ntruncated replies, or replies containing data related to the requests\nof other users, for all subsequent HTTP requests. (CVE-2010-2227)\n\nThe Tomcat security update RHSA-2009:1164 did not, unlike the erratum\ntext stated, provide a fix for CVE-2009-0781, a cross-site scripting\n(XSS) flaw in the examples calendar application. With some web\nbrowsers, remote attackers could use this flaw to inject arbitrary web\nscript or HTML via the 'time' parameter. (CVE-2009-2696)\n\nTwo directory traversal flaws were found in the Tomcat deployment\nprocess. A specially crafted WAR file could, when deployed, cause a\nfile to be created outside of the web root into any directory writable\nby the Tomcat user, or could lead to the deletion of files in the\nTomcat host's work directory. (CVE-2009-2693, CVE-2009-2902)\n\nUsers of Tomcat should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. Tomcat must be\nrestarted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2693\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2696\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2902\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2227\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://tomcat.apache.org/security-5.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0580\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(22, 79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-common-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-jasper-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-jsp-2.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-jsp-2.0-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-server-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-servlet-2.4-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-servlet-2.4-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/03/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0580\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-common-lib-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-common-lib-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-common-lib-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-jasper-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-jasper-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-jasper-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-server-lib-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-server-lib-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-server-lib-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-webapps-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-webapps-5.5.23-0jpp.9.el5_5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-webapps-5.5.23-0jpp.9.el5_5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat5 / tomcat5-admin-webapps / tomcat5-common-lib / etc\");\n }\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-01-11T15:20:06", "description": "Updated tomcat5 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nA flaw was found in the way Tomcat handled the Transfer-Encoding header in HTTP requests. A specially crafted HTTP request could prevent Tomcat from sending replies, or cause Tomcat to return truncated replies, or replies containing data related to the requests of other users, for all subsequent HTTP requests. (CVE-2010-2227)\n\nThe Tomcat security update RHSA-2009:1164 did not, unlike the erratum text stated, provide a fix for CVE-2009-0781, a cross-site scripting (XSS) flaw in the examples calendar application. With some web browsers, remote attackers could use this flaw to inject arbitrary web script or HTML via the 'time' parameter. (CVE-2009-2696)\n\nTwo directory traversal flaws were found in the Tomcat deployment process. A specially crafted WAR file could, when deployed, cause a file to be created outside of the web root into any directory writable by the Tomcat user, or could lead to the deletion of files in the Tomcat host's work directory. (CVE-2009-2693, CVE-2009-2902)\n\nUsers of Tomcat should upgrade to these updated packages, which contain backported patches to resolve these issues. Tomcat must be restarted for this update to take effect.", "cvss3": {}, "published": "2010-08-03T00:00:00", "type": "nessus", "title": "CentOS 5 : tomcat5 (CESA-2010:0580)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-0781", "CVE-2009-2693", "CVE-2009-2696", "CVE-2009-2902", "CVE-2010-2227"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:tomcat5", "p-cpe:/a:centos:centos:tomcat5-admin-webapps", "p-cpe:/a:centos:centos:tomcat5-common-lib", "p-cpe:/a:centos:centos:tomcat5-jasper", "p-cpe:/a:centos:centos:tomcat5-jasper-javadoc", "p-cpe:/a:centos:centos:tomcat5-jsp-2.0-api", "p-cpe:/a:centos:centos:tomcat5-jsp-2.0-api-javadoc", "p-cpe:/a:centos:centos:tomcat5-server-lib", "p-cpe:/a:centos:centos:tomcat5-servlet-2.4-api", "p-cpe:/a:centos:centos:tomcat5-servlet-2.4-api-javadoc", "p-cpe:/a:centos:centos:tomcat5-webapps", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2010-0580.NASL", "href": "https://www.tenable.com/plugins/nessus/48218", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0580 and \n# CentOS Errata and Security Advisory 2010:0580 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48218);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-0781\", \"CVE-2009-2693\", \"CVE-2009-2696\", \"CVE-2009-2902\", \"CVE-2010-2227\");\n script_xref(name:\"RHSA\", value:\"2010:0580\");\n\n script_name(english:\"CentOS 5 : tomcat5 (CESA-2010:0580)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated tomcat5 packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nA flaw was found in the way Tomcat handled the Transfer-Encoding\nheader in HTTP requests. A specially crafted HTTP request could\nprevent Tomcat from sending replies, or cause Tomcat to return\ntruncated replies, or replies containing data related to the requests\nof other users, for all subsequent HTTP requests. (CVE-2010-2227)\n\nThe Tomcat security update RHSA-2009:1164 did not, unlike the erratum\ntext stated, provide a fix for CVE-2009-0781, a cross-site scripting\n(XSS) flaw in the examples calendar application. With some web\nbrowsers, remote attackers could use this flaw to inject arbitrary web\nscript or HTML via the 'time' parameter. (CVE-2009-2696)\n\nTwo directory traversal flaws were found in the Tomcat deployment\nprocess. A specially crafted WAR file could, when deployed, cause a\nfile to be created outside of the web root into any directory writable\nby the Tomcat user, or could lead to the deletion of files in the\nTomcat host's work directory. (CVE-2009-2693, CVE-2009-2902)\n\nUsers of Tomcat should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. Tomcat must be\nrestarted for this update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-August/016858.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?765d4416\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-August/016859.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c24545c0\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat5 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(22, 79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-common-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-jasper-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-jsp-2.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-jsp-2.0-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-server-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-servlet-2.4-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-servlet-2.4-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/03/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-common-lib-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-jasper-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-server-lib-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.9.el5_5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-webapps-5.5.23-0jpp.9.el5_5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat5 / tomcat5-admin-webapps / tomcat5-common-lib / etc\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-01-11T14:37:07", "description": "Fixes for: CVE-2011-3190 - authentication bypass and information disclosure CVE-2011-2526 - send file validation CVE-2011-2204 - password disclosure vulnerability JAVA_HOME setting in tomcat6.conf\n\nCVE-2011-0534, CVE-2011-0013, CVE-2010-3718\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2011-10-21T00:00:00", "type": "nessus", "title": "Fedora 14 : tomcat6-6.0.26-27.fc14 (2011-13457)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3718", "CVE-2011-0013", "CVE-2011-0534", "CVE-2011-2204", "CVE-2011-2526", "CVE-2011-3190"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:tomcat6", "cpe:/o:fedoraproject:fedora:14"], "id": "FEDORA_2011-13457.NASL", "href": "https://www.tenable.com/plugins/nessus/56573", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-13457.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56573);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-3718\", \"CVE-2011-0013\", \"CVE-2011-0534\", \"CVE-2011-2204\", \"CVE-2011-2526\", \"CVE-2011-3190\");\n script_bugtraq_id(46164, 46174, 46177, 48456, 48667, 49353);\n script_xref(name:\"FEDORA\", value:\"2011-13457\");\n\n script_name(english:\"Fedora 14 : tomcat6-6.0.26-27.fc14 (2011-13457)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fixes for: CVE-2011-3190 - authentication bypass and information\ndisclosure CVE-2011-2526 - send file validation CVE-2011-2204 -\npassword disclosure vulnerability JAVA_HOME setting in tomcat6.conf\n\nCVE-2011-0534, CVE-2011-0013, CVE-2010-3718\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=640134\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=675794\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=701037\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=717016\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=721087\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=738502\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/068453.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bea915d7\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat6 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"tomcat6-6.0.26-27.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:38:49", "description": "Updated tomcat5 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nIt was found that web applications could modify the location of the Tomcat host's work directory. As web applications deployed on Tomcat have read and write access to this directory, a malicious web application could use this flaw to trick Tomcat into giving it read and write access to an arbitrary directory on the file system.\n(CVE-2010-3718)\n\nA cross-site scripting (XSS) flaw was found in the Manager application, used for managing web applications on Apache Tomcat. A malicious web application could use this flaw to conduct an XSS attack, leading to arbitrary web script execution with the privileges of victims who are logged into and viewing Manager application web pages. (CVE-2011-0013)\n\nMultiple flaws were found in the way Tomcat handled HTTP DIGEST authentication. These flaws weakened the Tomcat HTTP DIGEST authentication implementation, subjecting it to some of the weaknesses of HTTP BASIC authentication, for example, allowing remote attackers to perform session replay attacks. (CVE-2011-1184)\n\nA flaw was found in the Tomcat MemoryUserDatabase. If a runtime exception occurred when creating a new user with a JMX client, that user's password was logged to Tomcat log files. Note: By default, only administrators have access to such log files. (CVE-2011-2204)\n\nUsers of Tomcat should upgrade to these updated packages, which contain backported patches to correct these issues. Tomcat must be restarted for this update to take effect.", "cvss3": {}, "published": "2011-12-21T00:00:00", "type": "nessus", "title": "RHEL 5 : tomcat5 (RHSA-2011:1845)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3718", "CVE-2011-0013", "CVE-2011-1184", "CVE-2011-2204", "CVE-2011-5062", "CVE-2011-5063", "CVE-2011-5064"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:tomcat5", "p-cpe:/a:redhat:enterprise_linux:tomcat5-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat5-common-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat5-jasper", "p-cpe:/a:redhat:enterprise_linux:tomcat5-jasper-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat5-jsp-2.0-api", "p-cpe:/a:redhat:enterprise_linux:tomcat5-jsp-2.0-api-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat5-server-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat5-servlet-2.4-api", "p-cpe:/a:redhat:enterprise_linux:tomcat5-servlet-2.4-api-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat5-webapps", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2011-1845.NASL", "href": "https://www.tenable.com/plugins/nessus/57356", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1845. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57356);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-3718\", \"CVE-2011-0013\", \"CVE-2011-1184\", \"CVE-2011-2204\", \"CVE-2011-5062\", \"CVE-2011-5063\", \"CVE-2011-5064\");\n script_bugtraq_id(46174, 46177, 48456, 49762);\n script_xref(name:\"RHSA\", value:\"2011:1845\");\n\n script_name(english:\"RHEL 5 : tomcat5 (RHSA-2011:1845)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated tomcat5 packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nIt was found that web applications could modify the location of the\nTomcat host's work directory. As web applications deployed on Tomcat\nhave read and write access to this directory, a malicious web\napplication could use this flaw to trick Tomcat into giving it read\nand write access to an arbitrary directory on the file system.\n(CVE-2010-3718)\n\nA cross-site scripting (XSS) flaw was found in the Manager\napplication, used for managing web applications on Apache Tomcat. A\nmalicious web application could use this flaw to conduct an XSS\nattack, leading to arbitrary web script execution with the privileges\nof victims who are logged into and viewing Manager application web\npages. (CVE-2011-0013)\n\nMultiple flaws were found in the way Tomcat handled HTTP DIGEST\nauthentication. These flaws weakened the Tomcat HTTP DIGEST\nauthentication implementation, subjecting it to some of the weaknesses\nof HTTP BASIC authentication, for example, allowing remote attackers\nto perform session replay attacks. (CVE-2011-1184)\n\nA flaw was found in the Tomcat MemoryUserDatabase. If a runtime\nexception occurred when creating a new user with a JMX client, that\nuser's password was logged to Tomcat log files. Note: By default, only\nadministrators have access to such log files. (CVE-2011-2204)\n\nUsers of Tomcat should upgrade to these updated packages, which\ncontain backported patches to correct these issues. Tomcat must be\nrestarted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3718\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0013\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1184\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2204\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-5062\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-5063\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-5064\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://tomcat.apache.org/security-5.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:1845\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-common-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-jasper-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-jsp-2.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-jsp-2.0-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-server-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-servlet-2.4-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-servlet-2.4-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/02/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:1845\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-5.5.23-0jpp.22.el5_7\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-5.5.23-0jpp.22.el5_7\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-5.5.23-0jpp.22.el5_7\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.22.el5_7\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.22.el5_7\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.22.el5_7\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-common-lib-5.5.23-0jpp.22.el5_7\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-common-lib-5.5.23-0jpp.22.el5_7\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-common-lib-5.5.23-0jpp.22.el5_7\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-jasper-5.5.23-0jpp.22.el5_7\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-jasper-5.5.23-0jpp.22.el5_7\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-jasper-5.5.23-0jpp.22.el5_7\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.22.el5_7\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.22.el5_7\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.22.el5_7\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.22.el5_7\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.22.el5_7\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.22.el5_7\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.22.el5_7\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.22.el5_7\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.22.el5_7\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-server-lib-5.5.23-0jpp.22.el5_7\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-server-lib-5.5.23-0jpp.22.el5_7\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-server-lib-5.5.23-0jpp.22.el5_7\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.22.el5_7\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.22.el5_7\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.22.el5_7\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.22.el5_7\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.22.el5_7\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.22.el5_7\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-webapps-5.5.23-0jpp.22.el5_7\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-webapps-5.5.23-0jpp.22.el5_7\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-webapps-5.5.23-0jpp.22.el5_7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat5 / tomcat5-admin-webapps / tomcat5-common-lib / etc\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T14:39:37", "description": "Updated tomcat5 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nIt was found that web applications could modify the location of the Tomcat host's work directory. As web applications deployed on Tomcat have read and write access to this directory, a malicious web application could use this flaw to trick Tomcat into giving it read and write access to an arbitrary directory on the file system.\n(CVE-2010-3718)\n\nA cross-site scripting (XSS) flaw was found in the Manager application, used for managing web applications on Apache Tomcat. A malicious web application could use this flaw to conduct an XSS attack, leading to arbitrary web script execution with the privileges of victims who are logged into and viewing Manager application web pages. (CVE-2011-0013)\n\nMultiple flaws were found in the way Tomcat handled HTTP DIGEST authentication. These flaws weakened the Tomcat HTTP DIGEST authentication implementation, subjecting it to some of the weaknesses of HTTP BASIC authentication, for example, allowing remote attackers to perform session replay attacks. (CVE-2011-1184)\n\nA flaw was found in the Tomcat MemoryUserDatabase. If a runtime exception occurred when creating a new user with a JMX client, that user's password was logged to Tomcat log files. Note: By default, only administrators have access to such log files. (CVE-2011-2204)\n\nUsers of Tomcat should upgrade to these updated packages, which contain backported patches to correct these issues. Tomcat must be restarted for this update to take effect.", "cvss3": {}, "published": "2011-12-21T00:00:00", "type": "nessus", "title": "CentOS 5 : tomcat5 (CESA-2011:1845)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3718", "CVE-2011-0013", "CVE-2011-1184", "CVE-2011-2204", "CVE-2011-5062", "CVE-2011-5063", "CVE-2011-5064"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:tomcat5", "p-cpe:/a:centos:centos:tomcat5-admin-webapps", "p-cpe:/a:centos:centos:tomcat5-common-lib", "p-cpe:/a:centos:centos:tomcat5-jasper", "p-cpe:/a:centos:centos:tomcat5-jasper-javadoc", "p-cpe:/a:centos:centos:tomcat5-jsp-2.0-api", "p-cpe:/a:centos:centos:tomcat5-jsp-2.0-api-javadoc", "p-cpe:/a:centos:centos:tomcat5-server-lib", "p-cpe:/a:centos:centos:tomcat5-servlet-2.4-api", "p-cpe:/a:centos:centos:tomcat5-servlet-2.4-api-javadoc", "p-cpe:/a:centos:centos:tomcat5-webapps", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2011-1845.NASL", "href": "https://www.tenable.com/plugins/nessus/57354", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1845 and \n# CentOS Errata and Security Advisory 2011:1845 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57354);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2010-3718\", \"CVE-2011-0013\", \"CVE-2011-1184\", \"CVE-2011-2204\", \"CVE-2011-5062\", \"CVE-2011-5063\", \"CVE-2011-5064\");\n script_bugtraq_id(46174, 46177, 48456, 49762);\n script_xref(name:\"RHSA\", value:\"2011:1845\");\n\n script_name(english:\"CentOS 5 : tomcat5 (CESA-2011:1845)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated tomcat5 packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nIt was found that web applications could modify the location of the\nTomcat host's work directory. As web applications deployed on Tomcat\nhave read and write access to this directory, a malicious web\napplication could use this flaw to trick Tomcat into giving it read\nand write access to an arbitrary directory on the file system.\n(CVE-2010-3718)\n\nA cross-site scripting (XSS) flaw was found in the Manager\napplication, used for managing web applications on Apache Tomcat. A\nmalicious web application could use this flaw to conduct an XSS\nattack, leading to arbitrary web script execution with the privileges\nof victims who are logged into and viewing Manager application web\npages. (CVE-2011-0013)\n\nMultiple flaws were found in the way Tomcat handled HTTP DIGEST\nauthentication. These flaws weakened the Tomcat HTTP DIGEST\nauthentication implementation, subjecting it to some of the weaknesses\nof HTTP BASIC authentication, for example, allowing remote attackers\nto perform session replay attacks. (CVE-2011-1184)\n\nA flaw was found in the Tomcat MemoryUserDatabase. If a runtime\nexception occurred when creating a new user with a JMX client, that\nuser's password was logged to Tomcat log files. Note: By default, only\nadministrators have access to such log files. (CVE-2011-2204)\n\nUsers of Tomcat should upgrade to these updated packages, which\ncontain backported patches to correct these issues. Tomcat must be\nrestarted for this update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-December/018336.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b9373df8\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-December/018337.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d801a1f1\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat5 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-common-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-jasper-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-jsp-2.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-jsp-2.0-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-server-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-servlet-2.4-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-servlet-2.4-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/02/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-5.5.23-0jpp.22.el5_7\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.22.el5_7\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-common-lib-5.5.23-0jpp.22.el5_7\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-jasper-5.5.23-0jpp.22.el5_7\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.22.el5_7\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.22.el5_7\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.22.el5_7\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-server-lib-5.5.23-0jpp.22.el5_7\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.22.el5_7\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.22.el5_7\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-webapps-5.5.23-0jpp.22.el5_7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat5 / tomcat5-admin-webapps / tomcat5-common-lib / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:54:31", "description": "From Red Hat Security Advisory 2011:1845 :\n\nUpdated tomcat5 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nIt was found that web applications could modify the location of the Tomcat host's work directory. As web applications deployed on Tomcat have read and write access to this directory, a malicious web application could use this flaw to trick Tomcat into giving it read and write access to an arbitrary directory on the file system.\n(CVE-2010-3718)\n\nA cross-site scripting (XSS) flaw was found in the Manager application, used for managing web applications on Apache Tomcat. A malicious web application could use this flaw to conduct an XSS attack, leading to arbitrary web script execution with the privileges of victims who are logged into and viewing Manager application web pages. (CVE-2011-0013)\n\nMultiple flaws were found in the way Tomcat handled HTTP DIGEST authentication. These flaws weakened the Tomcat HTTP DIGEST authentication implementation, subjecting it to some of the weaknesses of HTTP BASIC authentication, for example, allowing remote attackers to perform session replay attacks. (CVE-2011-1184)\n\nA flaw was found in the Tomcat MemoryUserDatabase. If a runtime exception occurred when creating a new user with a JMX client, that user's password was logged to Tomcat log files. Note: By default, only administrators have access to such log files. (CVE-2011-2204)\n\nUsers of Tomcat should upgrade to these updated packages, which contain backported patches to correct these issues. Tomcat must be restarted for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 5 : tomcat5 (ELSA-2011-1845)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-3718", "CVE-2011-0013", "CVE-2011-1184", "CVE-2011-2204", "CVE-2011-5062", "CVE-2011-5063", "CVE-2011-5064"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:tomcat5", "p-cpe:/a:oracle:linux:tomcat5-admin-webapps", "p-cpe:/a:oracle:linux:tomcat5-common-lib", "p-cpe:/a:oracle:linux:tomcat5-jasper", "p-cpe:/a:oracle:linux:tomcat5-jasper-javadoc", "p-cpe:/a:oracle:linux:tomcat5-jsp-2.0-api", "p-cpe:/a:oracle:linux:tomcat5-jsp-2.0-api-javadoc", "p-cpe:/a:oracle:linux:tomcat5-server-lib", "p-cpe:/a:oracle:linux:tomcat5-servlet-2.4-api", "p-cpe:/a:oracle:linux:tomcat5-servlet-2.4-api-javadoc", "p-cpe:/a:oracle:linux:tomcat5-webapps", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2011-1845.NASL", "href": "https://www.tenable.com/plugins/nessus/68410", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:1845 and \n# Oracle Linux Security Advisory ELSA-2011-1845 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68410);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-3718\", \"CVE-2011-0013\", \"CVE-2011-1184\", \"CVE-2011-2204\", \"CVE-2011-5062\", \"CVE-2011-5063\", \"CVE-2011-5064\");\n script_bugtraq_id(46174, 46177, 48456, 49762);\n script_xref(name:\"RHSA\", value:\"2011:1845\");\n\n script_name(english:\"Oracle Linux 5 : tomcat5 (ELSA-2011-1845)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:1845 :\n\nUpdated tomcat5 packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nIt was found that web applications could modify the location of the\nTomcat host's work directory. As web applications deployed on Tomcat\nhave read and write access to this directory, a malicious web\napplication could use this flaw to trick Tomcat into giving it read\nand write access to an arbitrary directory on the file system.\n(CVE-2010-3718)\n\nA cross-site scripting (XSS) flaw was found in the Manager\napplication, used for managing web applications on Apache Tomcat. A\nmalicious web application could use this flaw to conduct an XSS\nattack, leading to arbitrary web script execution with the privileges\nof victims who are logged into and viewing Manager application web\npages. (CVE-2011-0013)\n\nMultiple flaws were found in the way Tomcat handled HTTP DIGEST\nauthentication. These flaws weakened the Tomcat HTTP DIGEST\nauthentication implementation, subjecting it to some of the weaknesses\nof HTTP BASIC authentication, for example, allowing remote attackers\nto perform session replay attacks. (CVE-2011-1184)\n\nA flaw was found in the Tomcat MemoryUserDatabase. If a runtime\nexception occurred when creating a new user with a JMX client, that\nuser's password was logged to Tomcat log files. Note: By default, only\nadministrators have access to such log files. (CVE-2011-2204)\n\nUsers of Tomcat should upgrade to these updated packages, which\ncontain backported patches to correct these issues. Tomcat must be\nrestarted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-December/002527.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat5 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-common-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-jasper-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-jsp-2.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-jsp-2.0-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-server-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-servlet-2.4-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-servlet-2.4-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/02/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-5.5.23-0jpp.22.el5_7\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.22.el5_7\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-common-lib-5.5.23-0jpp.22.el5_7\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-jasper-5.5.23-0jpp.22.el5_7\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.22.el5_7\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.22.el5_7\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.22.el5_7\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-server-lib-5.5.23-0jpp.22.el5_7\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.22.el5_7\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.22.el5_7\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-webapps-5.5.23-0jpp.22.el5_7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat5 / tomcat5-admin-webapps / tomcat5-common-lib / etc\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T14:24:47", "description": "The remote host is affected by the vulnerability described in GLSA-201206-24 (Apache Tomcat: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Apache Tomcat. Please review the CVE identifiers referenced below for details.\n Impact :\n\n The vulnerabilities allow an attacker to cause a Denial of Service, to hijack a session, to bypass authentication, to inject webscript, to enumerate valid usernames, to read, modify and overwrite arbitrary files, to bypass intended access restrictions, to delete work-directory files, to discover the server’s hostname or IP, to bypass read permissions for files or HTTP headers, to read or write files outside of the intended working directory, and to obtain sensitive information by reading a log file.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "baseScore": 4.2, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.4}, "published": "2012-06-25T00:00:00", "type": "nessus", "title": "GLSA-201206-24 : Apache Tomcat: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5515", "CVE-2009-0033", "CVE-2009-0580", "CVE-2009-0781", "CVE-2009-0783", "CVE-2009-2693", "CVE-2009-2901", "CVE-2009-2902", "CVE-2010-1157", "CVE-2010-2227", "CVE-2010-3718", "CVE-2010-4172", "CVE-2010-4312", "CVE-2011-0013", "CVE-2011-0534", "CVE-2011-1088", "CVE-2011-1183", "CVE-2011-1184", "CVE-2011-1419", "CVE-2011-1475", "CVE-2011-1582", "CVE-2011-2204", "CVE-2011-2481", "CVE-2011-2526", "CVE-2011-2729", "CVE-2011-3190", "CVE-2011-3375", "CVE-2011-4858", "CVE-2011-5062", "CVE-2011-5063", "CVE-2011-5064", "CVE-2012-0022"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:tomcat", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201206-24.NASL", "href": "https://www.tenable.com/plugins/nessus/59677", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201206-24.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59677);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-5515\", \"CVE-2009-0033\", \"CVE-2009-0580\", \"CVE-2009-0781\", \"CVE-2009-0783\", \"CVE-2009-2693\", \"CVE-2009-2901\", \"CVE-2009-2902\", \"CVE-2010-1157\", \"CVE-2010-2227\", \"CVE-2010-3718\", \"CVE-2010-4172\", \"CVE-2010-4312\", \"CVE-2011-0013\", \"CVE-2011-0534\", \"CVE-2011-1088\", \"CVE-2011-1183\", \"CVE-2011-1184\", \"CVE-2011-1419\", \"CVE-2011-1475\", \"CVE-2011-1582\", \"CVE-2011-2204\", \"CVE-2011-2481\", \"CVE-2011-2526\", \"CVE-2011-2729\", \"CVE-2011-3190\", \"CVE-2011-3375\", \"CVE-2011-4858\", \"CVE-2011-5062\", \"CVE-2011-5063\", \"CVE-2011-5064\", \"CVE-2012-0022\");\n script_bugtraq_id(35193, 35196, 35263, 35416, 37942, 37944, 37945, 39635, 41544, 45015, 46164, 46174, 46177, 46685, 47196, 47199, 47886, 48456, 48667, 49143, 49147, 49353, 49762, 51200, 51442, 51447);\n script_xref(name:\"GLSA\", value:\"201206-24\");\n\n script_name(english:\"GLSA-201206-24 : Apache Tomcat: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201206-24\n(Apache Tomcat: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Apache Tomcat. Please\n review the CVE identifiers referenced below for details.\n \nImpact :\n\n The vulnerabilities allow an attacker to cause a Denial of Service, to\n hijack a session, to bypass authentication, to inject webscript, to\n enumerate valid usernames, to read, modify and overwrite arbitrary files,\n to bypass intended access restrictions, to delete work-directory files,\n to discover the server’s hostname or IP, to bypass read permissions for\n files or HTTP headers, to read or write files outside of the intended\n working directory, and to obtain sensitive information by reading a log\n file.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201206-24\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Apache Tomcat 6.0.x users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/tomcat-6.0.35'\n All Apache Tomcat 7.0.x users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/tomcat-7.0.23'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(20, 22, 79, 200, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-servers/tomcat\", unaffected:make_list(\"rge 6.0.35\", \"ge 7.0.23\", \"rge 6.0.44\", \"rge 6.0.45\", \"rge 6.0.46\", \"rge 6.0.47\", \"rge 6.0.48\"), vulnerable:make_list(\"lt 7.0.23\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Apache Tomcat\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:37:08", "description": "The remote host is running a version of Mac OS X 10.6 that does not have Security Update 2011-006 applied. This update contains numerous security-related fixes for the following components :\n\n - Apache\n - Application Firewall\n - ATS\n - BIND\n - Certificate Trust Policy\n - CFNetwork\n - CoreFoundation\n - CoreMedia\n - File Systems\n - IOGraphics\n - iChat Server\n - Mailman\n - MediaKit\n - PHP\n - postfix\n - python\n - QuickTime\n - Tomcat\n - User Documentation\n - Web Server\n - X11", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2011-10-13T00:00:00", "type": "nessus", "title": "Mac OS X Multiple Vulnerabilities (Security Update 2011-006)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-4022", "CVE-2010-0097", "CVE-2010-1157", "CVE-2010-1634", "CVE-2010-2089", "CVE-2010-2227", "CVE-2010-3436", "CVE-2010-3613", "CVE-2010-3614", "CVE-2010-3718", "CVE-2010-4172", "CVE-2010-4645", "CVE-2011-0013", "CVE-2011-0185", "CVE-2011-0224", "CVE-2011-0229", "CVE-2011-0230", "CVE-2011-0231", "CVE-2011-0249", "CVE-2011-0250", "CVE-2011-0251", "CVE-2011-0252", "CVE-2011-0259", "CVE-2011-0411", "CVE-2011-0419", "CVE-2011-0420", "CVE-2011-0421", "CVE-2011-0534", "CVE-2011-0707", "CVE-2011-0708", "CVE-2011-1092", "CVE-2011-1153", "CVE-2011-1466", "CVE-2011-1467", "CVE-2011-1468", "CVE-2011-1469", "CVE-2011-1470", "CVE-2011-1471", "CVE-2011-1521", "CVE-2011-1755", "CVE-2011-1910", "CVE-2011-2464", "CVE-2011-2690", "CVE-2011-2691", "CVE-2011-2692", "CVE-2011-3192", "CVE-2011-3213", "CVE-2011-3214", "CVE-2011-3217", "CVE-2011-3218", "CVE-2011-3219", "CVE-2011-3220", "CVE-2011-3221", "CVE-2011-3222", "CVE-2011-3223", "CVE-2011-3224", "CVE-2011-3228"], "modified": "2018-07-14T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_SECUPD2011-006.NASL", "href": "https://www.tenable.com/plugins/nessus/56481", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\nif (!defined_func(\"bn_random\")) exit(0);\nif (NASL_LEVEL < 3000) exit(0); # Avoid problems with large number of xrefs.\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(56481);\n script_version(\"1.27\");\n script_cvs_date(\"Date: 2018/07/14 1:59:35\");\n\n script_cve_id(\n \"CVE-2009-4022\",\n \"CVE-2010-0097\",\n \"CVE-2010-1157\",\n \"CVE-2010-1634\",\n \"CVE-2010-2089\",\n \"CVE-2010-2227\",\n \"CVE-2010-3436\",\n \"CVE-2010-3613\",\n \"CVE-2010-3614\",\n \"CVE-2010-3718\",\n \"CVE-2010-4172\",\n \"CVE-2010-4645\",\n \"CVE-2011-0013\",\n \"CVE-2011-0185\",\n \"CVE-2011-0224\",\n \"CVE-2011-0229\",\n \"CVE-2011-0230\",\n \"CVE-2011-0231\",\n \"CVE-2011-0249\",\n \"CVE-2011-0250\",\n \"CVE-2011-0251\",\n \"CVE-2011-0252\",\n \"CVE-2011-0259\",\n \"CVE-2011-0411\",\n \"CVE-2011-0419\",\n \"CVE-2011-0420\",\n \"CVE-2011-0421\",\n \"CVE-2011-0534\",\n \"CVE-2011-0707\",\n \"CVE-2011-0708\",\n \"CVE-2011-1092\",\n \"CVE-2011-1153\",\n \"CVE-2011-1466\",\n \"CVE-2011-1467\",\n \"CVE-2011-1468\",\n \"CVE-2011-1469\",\n \"CVE-2011-1470\",\n \"CVE-2011-1471\",\n \"CVE-2011-1521\",\n \"CVE-2011-1755\",\n \"CVE-2011-1910\",\n \"CVE-2011-2464\",\n \"CVE-2011-2690\",\n \"CVE-2011-2691\",\n \"CVE-2011-2692\",\n \"CVE-2011-3192\",\n \"CVE-2011-3213\",\n \"CVE-2011-3214\",\n \"CVE-2011-3217\",\n \"CVE-2011-3218\",\n \"CVE-2011-3219\",\n \"CVE-2011-3220\",\n \"CVE-2011-3221\",\n \"CVE-2011-3222\",\n \"CVE-2011-3223\",\n \"CVE-2011-3224\",\n \"CVE-2011-3228\"\n );\n script_bugtraq_id(\n 37118,\n 37865,\n 39635,\n 40370,\n 40863,\n 41544,\n 44723,\n 45015,\n 45133,\n 45137,\n 45668,\n 46164,\n 46174,\n 46177,\n 46354,\n 46365,\n 46429,\n 46464,\n 46767,\n 46786,\n 46854,\n 46967,\n 46968,\n 46969,\n 46970,\n 46975,\n 46977,\n 48007,\n 48250,\n 48566,\n 48618,\n 48660,\n 49303,\n 50085,\n 50091,\n 50092,\n 50095,\n 50098,\n 50100,\n 50101,\n 50111,\n 50116,\n 50117,\n 50122,\n 50127,\n 50130,\n 50131,\n 50150 \n );\n\n script_name(english:\"Mac OS X Multiple Vulnerabilities (Security Update 2011-006)\");\n script_summary(english:\"Check for the presence of Security Update 2011-006\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote host is missing a Mac OS X update that fixes several\nsecurity issues.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is running a version of Mac OS X 10.6 that does not\nhave Security Update 2011-006 applied. This update contains numerous\nsecurity-related fixes for the following components :\n\n - Apache\n - Application Firewall\n - ATS\n - BIND\n - Certificate Trust Policy\n - CFNetwork\n - CoreFoundation\n - CoreMedia\n - File Systems\n - IOGraphics\n - iChat Server\n - Mailman\n - MediaKit\n - PHP\n - postfix\n - python\n - QuickTime\n - Tomcat\n - User Documentation\n - Web Server\n - X11\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-11-295/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-11-303/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-12-136/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/523931/30/0/threaded\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT5002\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.apple.com/archives/security-announce/2011/Oct/msg00003.html\");\n script_set_attribute(attribute:\"solution\", value:\"Install Security Update 2011-006 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/11/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"Host/MacOSX/packages/boms\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) exit(0, \"The host does not appear to be running Mac OS X.\");\n\n\nif (ereg(pattern:\"Mac OS X 10\\.6([^0-9]|$)\", string:os)) \n{\n packages = get_kb_item_or_exit(\"Host/MacOSX/packages/boms\", exit_code:1);\n\n if (egrep(pattern:\"^com\\.apple\\.pkg\\.update\\.security\\.(2011\\.00[6-9]|201[2-9]\\.[0-9]+)(\\.snowleopard[0-9.]*)?\\.bom\", string:packages)) \n exit(0, \"The host has Security Update 2011-006 or later installed and therefore is not affected.\");\n else \n security_hole(0);\n}\nelse exit(0, \"The host is running \"+os+\" and therefore is not affected.\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T16:35:27", "description": "The remote VMware ESX / ESXi host is missing a security-related patch.\nIt is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party components and libraries :\n\n - Apache Tomcat \n - Apache Tomcat Manager\n - cURL \n - Java Runtime Environment (JRE)\n - Kernel \n - Microsoft SQL Express\n - OpenSSL\n - pam_krb5", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-03-04T00:00:00", "type": "nessus", "title": "VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0003) (remote check)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-0085", "CVE-2008-0086", "CVE-2008-0106", "CVE-2008-0107", "CVE-2008-3825", "CVE-2008-5416", "CVE-2009-1384", "CVE-2009-2693", "CVE-2009-2901", "CVE-2009-2902", "CVE-2009-3548", "CVE-2009-3555", "CVE-2009-4308", "CVE-2010-0003", "CVE-2010-0007", "CVE-2010-0008", "CVE-2010-0082", "CVE-2010-0084", "CVE-2010-0085", "CVE-2010-0087", "CVE-2010-0088", "CVE-2010-0089", "CVE-2010-0090", "CVE-2010-0091", "CVE-2010-0092", "CVE-2010-0093", "CVE-2010-0094", "CVE-2010-0095", "CVE-2010-0291", "CVE-2010-0307", "CVE-2010-0410", "CVE-2010-0415", "CVE-2010-0433", "CVE-2010-0437", "CVE-2010-0622", "CVE-2010-0730", "CVE-2010-0734", "CVE-2010-0740", "CVE-2010-0837", "CVE-2010-0838", "CVE-2010-0839", "CVE-2010-0840", "CVE-2010-0841", "CVE-2010-0842", "CVE-2010-0843", "CVE-2010-0844", "CVE-2010-0845", "CVE-2010-0846", "CVE-2010-0847", "CVE-2010-0848", "CVE-2010-0849", "CVE-2010-0850", "CVE-2010-0886", "CVE-2010-1084", "CVE-2010-1085", "CVE-2010-1086", "CVE-2010-1087", "CVE-2010-1088", "CVE-2010-1157", "CVE-2010-1173", "CVE-2010-1187", "CVE-2010-1321", "CVE-2010-1436", "CVE-2010-1437", "CVE-2010-1641", "CVE-2010-2066", "CVE-2010-2070", "CVE-2010-2226", "CVE-2010-2227", "CVE-2010-2240", "CVE-2010-2248", "CVE-2010-2521", "CVE-2010-2524", "CVE-2010-2928", "CVE-2010-2939", "CVE-2010-3081", "CVE-2010-3541", "CVE-2010-3548", "CVE-2010-3549", "CVE-2010-3550", "CVE-2010-3551", "CVE-2010-3553", "CVE-2010-3554", "CVE-2010-3556", "CVE-2010-3557", "CVE-2010-3559", "CVE-2010-3561", "CVE-2010-3562", "CVE-2010-3565", "CVE-2010-3566", "CVE-2010-3567", "CVE-2010-3568", "CVE-2010-3569", "CVE-2010-3571", "CVE-2010-3572", "CVE-2010-3573", "CVE-2010-3574", "CVE-2010-3864"], "modified": "2022-05-25T00:00:00", "cpe": ["cpe:/o:vmware:esx", "cpe:/o:vmware:esxi"], "id": "VMWARE_VMSA-2011-0003_REMOTE.NASL", "href": "https://www.tenable.com/plugins/nessus/89674", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89674);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/25\");\n\n script_cve_id(\n \"CVE-2008-0085\",\n \"CVE-2008-0086\",\n \"CVE-2008-0106\",\n \"CVE-2008-0107\",\n \"CVE-2008-3825\",\n \"CVE-2008-5416\",\n \"CVE-2009-1384\",\n \"CVE-2009-2693\",\n \"CVE-2009-2901\",\n \"CVE-2009-2902\",\n \"CVE-2009-3548\",\n \"CVE-2009-3555\",\n \"CVE-2009-4308\",\n \"CVE-2010-0003\",\n \"CVE-2010-0007\",\n \"CVE-2010-0008\",\n \"CVE-2010-0082\",\n \"CVE-2010-0084\",\n \"CVE-2010-0085\",\n \"CVE-2010-0087\",\n \"CVE-2010-0088\",\n \"CVE-2010-0089\",\n \"CVE-2010-0090\",\n \"CVE-2010-0091\",\n \"CVE-2010-0092\",\n \"CVE-2010-0093\",\n \"CVE-2010-0094\",\n \"CVE-2010-0095\",\n \"CVE-2010-0291\",\n \"CVE-2010-0307\",\n \"CVE-2010-0410\",\n \"CVE-2010-0415\",\n \"CVE-2010-0433\",\n \"CVE-2010-0437\",\n \"CVE-2010-0622\",\n \"CVE-2010-0730\",\n \"CVE-2010-0734\",\n \"CVE-2010-0740\",\n \"CVE-2010-0837\",\n \"CVE-2010-0838\",\n \"CVE-2010-0839\",\n \"CVE-2010-0840\",\n \"CVE-2010-0841\",\n \"CVE-2010-0842\",\n \"CVE-2010-0843\",\n \"CVE-2010-0844\",\n \"CVE-2010-0845\",\n \"CVE-2010-0846\",\n \"CVE-2010-0847\",\n \"CVE-2010-0848\",\n \"CVE-2010-0849\",\n \"CVE-2010-0850\",\n \"CVE-2010-0886\",\n \"CVE-2010-1084\",\n \"CVE-2010-1085\",\n \"CVE-2010-1086\",\n \"CVE-2010-1087\",\n \"CVE-2010-1088\",\n \"CVE-2010-1157\",\n \"CVE-2010-1173\",\n \"CVE-2010-1187\",\n \"CVE-2010-1321\",\n \"CVE-2010-1436\",\n \"CVE-2010-1437\",\n \"CVE-2010-1641\",\n \"CVE-2010-2066\",\n \"CVE-2010-2070\",\n \"CVE-2010-2226\",\n \"CVE-2010-2227\",\n \"CVE-2010-2240\",\n \"CVE-2010-2248\",\n \"CVE-2010-2521\",\n \"CVE-2010-2524\",\n \"CVE-2010-2928\",\n \"CVE-2010-2939\",\n \"CVE-2010-3081\",\n \"CVE-2010-3541\",\n \"CVE-2010-3548\",\n \"CVE-2010-3549\",\n \"CVE-2010-3550\",\n \"CVE-2010-3551\",\n \"CVE-2010-3553\",\n \"CVE-2010-3554\",\n \"CVE-2010-3556\",\n \"CVE-2010-3557\",\n \"CVE-2010-3559\",\n \"CVE-2010-3561\",\n \"CVE-2010-3562\",\n \"CVE-2010-3565\",\n \"CVE-2010-3566\",\n \"CVE-2010-3567\",\n \"CVE-2010-3568\",\n \"CVE-2010-3569\",\n \"CVE-2010-3571\",\n \"CVE-2010-3572\",\n \"CVE-2010-3573\",\n \"CVE-2010-3574\",\n \"CVE-2010-3864\"\n );\n script_bugtraq_id(\n 30082,\n 30083,\n 30118,\n 30119,\n 31534,\n 32710,\n 35112,\n 36935,\n 36954,\n 37724,\n 37762,\n 37906,\n 37942,\n 37944,\n 37945,\n 38027,\n 38058,\n 38144,\n 38162,\n 38165,\n 38185,\n 38348,\n 38479,\n 38533,\n 38857,\n 38898,\n 39013,\n 39044,\n 39062,\n 39067,\n 39068,\n 39069,\n 39070,\n 39071,\n 39072,\n 39073,\n 39075,\n 39077,\n 39078,\n 39081,\n 39082,\n 39083,\n 39084,\n 39085,\n 39086,\n 39088,\n 39089,\n 39090,\n 39091,\n 39093,\n 39094,\n 39095,\n 39096,\n 39120,\n 39492,\n 39569,\n 39635,\n 39715,\n 39719,\n 39794,\n 39979,\n 40235,\n 40356,\n 40776,\n 40920,\n 41466,\n 41544,\n 41904,\n 42242,\n 42249,\n 42306,\n 43239,\n 43965,\n 43971,\n 43979,\n 43985,\n 43988,\n 43992,\n 43994,\n 44009,\n 44011,\n 44012,\n 44013,\n 44014,\n 44016,\n 44017,\n 44026,\n 44027,\n 44028,\n 44030,\n 44032,\n 44035,\n 44040,\n 44884\n );\n script_xref(name:\"VMSA\", value:\"2011-0003\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/15\");\n\n script_name(english:\"VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0003) (remote check)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote VMware ESX / ESXi host is missing a security-related patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote VMware ESX / ESXi host is missing a security-related patch.\nIt is, therefore, affected by multiple vulnerabilities, including\nremote code execution vulnerabilities, in several third-party\ncomponents and libraries :\n\n - Apache Tomcat \n - Apache Tomcat Manager\n - cURL \n - Java Runtime Environment (JRE)\n - Kernel \n - Microsoft SQL Express\n - OpenSSL\n - pam_krb5\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/security/advisories/VMSA-2011-0003\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.vmware.com/pipermail/security-announce/2011/000140.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the vendor advisory that\npertains to ESX version 4.0 / 4.1 or ESXi version 4.0 / 4.1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2010-3574\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2010-3081\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java Web Start Plugin Command Line Argument Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n script_cwe_id(20, 22, 119, 189, 200, 255, 264, 287, 310, 399);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/07/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"vmware_vsphere_detect.nbin\");\n script_require_keys(\"Host/VMware/version\", \"Host/VMware/release\");\n script_require_ports(\"Host/VMware/vsphere\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nver = get_kb_item_or_exit(\"Host/VMware/version\");\nrel = get_kb_item_or_exit(\"Host/VMware/release\");\nport = get_kb_item_or_exit(\"Host/VMware/vsphere\");\nesx = '';\n\nif (\"ESX\" >!< rel)\n audit(AUDIT_OS_NOT, \"VMware ESX/ESXi\");\n\nextract = eregmatch(pattern:\"^(ESXi?) (\\d\\.\\d).*$\", string:ver);\nif (isnull(extract))\n audit(AUDIT_UNKNOWN_APP_VER, \"VMware ESX/ESXi\");\nelse\n{\n esx = extract[1];\n ver = extract[2];\n}\n\n# fixed build numbers are the same for ESX and ESXi\nfixes = make_array(\n \"4.0\", \"360236\",\n \"4.1\", \"348481\"\n );\n\nfix = FALSE;\nfix = fixes[ver];\n\n# get the build before checking the fix for the most complete audit trail\nextract = eregmatch(pattern:'^VMware ESXi?.* build-([0-9]+)$', string:rel);\nif (isnull(extract))\n audit(AUDIT_UNKNOWN_BUILD, \"VMware \" + esx, ver);\n\nbuild = int(extract[1]);\n\n# if there is no fix in the array, fix is FALSE\nif (!fix)\n audit(AUDIT_INST_VER_NOT_VULN, \"VMware \" + esx, ver, build);\n\nif (build < fix)\n{\n\n report = '\\n Version : ' + esx + \" \" + ver +\n '\\n Installed build : ' + build +\n '\\n Fixed build : ' + fix +\n '\\n';\n security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);\n exit(0);\n}\nelse\n audit(AUDIT_INST_VER_NOT_VULN, \"VMware \" + esx, ver, build);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:22:59", "description": "a. vCenter Server and vCenter Update Manager update Microsoft SQL Server 2005 Express Edition to Service Pack 3\n\n Microsoft SQL Server 2005 Express Edition (SQL Express) distributed with vCenter Server 4.1 Update 1 and vCenter Update Manager 4.1 Update 1 is upgraded from SQL Express Service Pack 2 to SQL Express Service Pack 3, to address multiple security issues that exist in the earlier releases of Microsoft SQL Express.\n\n Customers using other database solutions need not update for these issues.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-5416, CVE-2008-0085, CVE-2008-0086, CVE-2008-0107 and CVE-2008-0106 to the issues addressed in MS SQL Express Service Pack 3.\n\nb. vCenter Apache Tomcat Management Application Credential Disclosure\n\n The Apache Tomcat Manager application configuration file contains logon credentials that can be read by unprivileged local users.\n\n The issue is resolved by removing the Manager application in vCenter 4.1 Update 1.\n\n If vCenter 4.1 is updated to vCenter 4.1 Update 1 the logon credentials are not present in the configuration file after the update.\n\n VMware would like to thank Claudio Criscione of Secure Networking for reporting this issue to us.\n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-2928 to this issue.\n\nc. vCenter Server and ESX, Oracle (Sun) JRE is updated to version 1.6.0_21\n\n Oracle (Sun) JRE update to version 1.6.0_21, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Oracle (Sun) JRE 1.6.0_19: CVE-2009-3555, CVE-2010-0082, CVE-2010-0084, CVE-2010-0085, CVE-2010-0087, CVE-2010-0088, CVE-2010-0089, CVE-2010-0090, CVE-2010-0091, CVE-2010-0092, CVE-2010-0093, CVE-2010-0094, CVE-2010-0095, CVE-2010-0837, CVE-2010-0838, CVE-2010-0839, CVE-2010-0840, CVE-2010-0841, CVE-2010-0842, CVE-2010-0843, CVE-2010-0844, CVE-2010-0845, CVE-2010-0846, CVE-2010-0847, CVE-2010-0848, CVE-2010-0849, CVE-2010-0850.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following name to the security issue fixed in Oracle (Sun) JRE 1.6.0_20: CVE-2010-0886.\n\nd. vCenter Update Manager Oracle (Sun) JRE is updated to version 1.5.0_26\n\n Oracle (Sun) JRE update to version 1.5.0_26, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Oracle (Sun) JRE 1.5.0_26: CVE-2010-3556, CVE-2010-3566, CVE-2010-3567, CVE-2010-3550, CVE-2010-3561, CVE-2010-3573, CVE-2010-3565,CVE-2010-3568, CVE-2010-3569, CVE-2009-3555, CVE-2010-1321, CVE-2010-3548, CVE-2010-3551, CVE-2010-3562, CVE-2010-3571, CVE-2010-3554, CVE-2010-3559, CVE-2010-3572, CVE-2010-3553, CVE-2010-3549, CVE-2010-3557, CVE-2010-3541, CVE-2010-3574.\n\ne. vCenter Server and ESX Apache Tomcat updated to version 6.0.28\n\n Apache Tomcat updated to version 6.0.28, which addresses multiple security issues that existed in earlier releases of Apache Tomcat\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.24: CVE-2009-2693, CVE-2009-2901, CVE-2009-2902,i and CVE-2009-3548.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.28: CVE-2010-2227, CVE-2010-1157.\n\nf. vCenter Server third-party component OpenSSL updated to version 0.9.8n\n\n The version of the OpenSSL library in vCenter Server is updated to 0.9.8n.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-0740 and CVE-2010-0433 to the issues addressed in this version of OpenSSL.\n\ng. ESX third-party component OpenSSL updated to version 0.9.8p\n\n The version of the ESX OpenSSL library is updated to 0.9.8p.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-3864 and CVE-2010-2939 to the issues addressed in this update.\n\nh. ESXi third-party component cURL updated\n\n The version of cURL library in ESXi is updated.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-0734 to the issues addressed in this update.\n\ni. ESX third-party component pam_krb5 updated\n\n The version of pam_krb5 library is updated.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-3825 and CVE-2009-1384 to the issues addressed in the update.\n\nj. ESX third-party update for Service Console kernel\n\n The Service Console kernel is updated to include kernel version 2.6.18-194.11.1.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-1084, CVE-2010-2066, CVE-2010-2070, CVE-2010-2226, CVE-2010-2248, CVE-2010-2521, CVE-2010-2524, CVE-2010-0008, CVE-2010-0415, CVE-2010-0437, CVE-2009-4308, CVE-2010-0003, CVE-2010-0007, CVE-2010-0307, CVE-2010-1086, CVE-2010-0410, CVE-2010-0730, CVE-2010-1085, CVE-2010-0291, CVE-2010-0622, CVE-2010-1087, CVE-2010-1173, CVE-2010-1437, CVE-2010-1088, CVE-2010-1187, CVE-2010-1436, CVE-2010-1641, and CVE-2010-3081 to the issues addressed in the update.\n\n Notes :\n - The update also addresses the 64-bit compatibility mode stack pointer underflow issue identified by CVE-2010-3081. This issue was patched in an ESX 4.1 patch prior to the release of ESX 4.1 Update 1 and in a previous ESX 4.0 patch release.\n - The update also addresses CVE-2010-2240 for ESX 4.0.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2011-02-14T00:00:00", "type": "nessus", "title": "VMSA-2011-0003 : Third-party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-0085", "CVE-2008-0086", "CVE-2008-0106", "CVE-2008-0107", "CVE-2008-3825", "CVE-2008-5416", "CVE-2009-1384", "CVE-2009-2693", "CVE-2009-2901", "CVE-2009-2902", "CVE-2009-3548", "CVE-2009-3555", "CVE-2009-4308", "CVE-2010-0003", "CVE-2010-0007", "CVE-2010-0008", "CVE-2010-0082", "CVE-2010-0084", "CVE-2010-0085", "CVE-2010-0087", "CVE-2010-0088", "CVE-2010-0089", "CVE-2010-0090", "CVE-2010-0091", "CVE-2010-0092", "CVE-2010-0093", "CVE-2010-0094", "CVE-2010-0095", "CVE-2010-0291", "CVE-2010-0307", "CVE-2010-0410", "CVE-2010-0415", "CVE-2010-0433", "CVE-2010-0437", "CVE-2010-0622", "CVE-2010-0730", "CVE-2010-0734", "CVE-2010-0740", "CVE-2010-0837", "CVE-2010-0838", "CVE-2010-0839", "CVE-2010-0840", "CVE-2010-0841", "CVE-2010-0842", "CVE-2010-0843", "CVE-2010-0844", "CVE-2010-0845", "CVE-2010-0846", "CVE-2010-0847", "CVE-2010-0848", "CVE-2010-0849", "CVE-2010-0850", "CVE-2010-0886", "CVE-2010-1084", "CVE-2010-1085", "CVE-2010-1086", "CVE-2010-1087", "CVE-2010-1088", "CVE-2010-1157", "CVE-2010-1173", "CVE-2010-1187", "CVE-2010-1321", "CVE-2010-1436", "CVE-2010-1437", "CVE-2010-1641", "CVE-2010-2066", "CVE-2010-2070", "CVE-2010-2226", "CVE-2010-2227", "CVE-2010-2240", "CVE-2010-2248", "CVE-2010-2521", "CVE-2010-2524", "CVE-2010-2928", "CVE-2010-2939", "CVE-2010-3081", "CVE-2010-3541", "CVE-2010-3548", "CVE-2010-3549", "CVE-2010-3550", "CVE-2010-3551", "CVE-2010-3553", "CVE-2010-3554", "CVE-2010-3556", "CVE-2010-3557", "CVE-2010-3559", "CVE-2010-3561", "CVE-2010-3562", "CVE-2010-3565", "CVE-2010-3566", "CVE-2010-3567", "CVE-2010-3568", "CVE-2010-3569", "CVE-2010-3571", "CVE-2010-3572", "CVE-2010-3573", "CVE-2010-3574", "CVE-2010-3864"], "modified": "2022-05-25T00:00:00", "cpe": ["cpe:/o:vmware:esx:4.0", "cpe:/o:vmware:esx:4.1", "cpe:/o:vmware:esxi:4.0", "cpe:/o:vmware:esxi:4.1"], "id": "VMWARE_VMSA-2011-0003.NASL", "href": "https://www.tenable.com/plugins/nessus/51971", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from VMware Security Advisory 2011-0003. \n# The text itself is copyright (C) VMware Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(51971);\n script_version(\"1.46\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/25\");\n\n script_cve_id(\n \"CVE-2008-0085\",\n \"CVE-2008-0086\",\n \"CVE-2008-0106\",\n \"CVE-2008-0107\",\n \"CVE-2008-3825\",\n \"CVE-2008-5416\",\n \"CVE-2009-1384\",\n \"CVE-2009-2693\",\n \"CVE-2009-2901\",\n \"CVE-2009-2902\",\n \"CVE-2009-3548\",\n \"CVE-2009-3555\",\n \"CVE-2009-4308\",\n \"CVE-2010-0003\",\n \"CVE-2010-0007\",\n \"CVE-2010-0008\",\n \"CVE-2010-0082\",\n \"CVE-2010-0084\",\n \"CVE-2010-0085\",\n \"CVE-2010-0087\",\n \"CVE-2010-0088\",\n \"CVE-2010-0089\",\n \"CVE-2010-0090\",\n \"CVE-2010-0091\",\n \"CVE-2010-0092\",\n \"CVE-2010-0093\",\n \"CVE-2010-0094\",\n \"CVE-2010-0095\",\n \"CVE-2010-0291\",\n \"CVE-2010-0307\",\n \"CVE-2010-0410\",\n \"CVE-2010-0415\",\n \"CVE-2010-0433\",\n \"CVE-2010-0437\",\n \"CVE-2010-0622\",\n \"CVE-2010-0730\",\n \"CVE-2010-0734\",\n \"CVE-2010-0740\",\n \"CVE-2010-0837\",\n \"CVE-2010-0838\",\n \"CVE-2010-0839\",\n \"CVE-2010-0840\",\n \"CVE-2010-0841\",\n \"CVE-2010-0842\",\n \"CVE-2010-0843\",\n \"CVE-2010-0844\",\n \"CVE-2010-0845\",\n \"CVE-2010-0846\",\n \"CVE-2010-0847\",\n \"CVE-2010-0848\",\n \"CVE-2010-0849\",\n \"CVE-2010-0850\",\n \"CVE-2010-0886\",\n \"CVE-2010-1084\",\n \"CVE-2010-1085\",\n \"CVE-2010-1086\",\n \"CVE-2010-1087\",\n \"CVE-2010-1088\",\n \"CVE-2010-1157\",\n \"CVE-2010-1173\",\n \"CVE-2010-1187\",\n \"CVE-2010-1321\",\n \"CVE-2010-1436\",\n \"CVE-2010-1437\",\n \"CVE-2010-1641\",\n \"CVE-2010-2066\",\n \"CVE-2010-2070\",\n \"CVE-2010-2226\",\n \"CVE-2010-2227\",\n \"CVE-2010-2240\",\n \"CVE-2010-2248\",\n \"CVE-2010-2521\",\n \"CVE-2010-2524\",\n \"CVE-2010-2928\",\n \"CVE-2010-2939\",\n \"CVE-2010-3081\",\n \"CVE-2010-3541\",\n \"CVE-2010-3548\",\n \"CVE-2010-3549\",\n \"CVE-2010-3550\",\n \"CVE-2010-3551\",\n \"CVE-2010-3553\",\n \"CVE-2010-3554\",\n \"CVE-2010-3556\",\n \"CVE-2010-3557\",\n \"CVE-2010-3559\",\n \"CVE-2010-3561\",\n \"CVE-2010-3562\",\n \"CVE-2010-3565\",\n \"CVE-2010-3566\",\n \"CVE-2010-3567\",\n \"CVE-2010-3568\",\n \"CVE-2010-3569\",\n \"CVE-2010-3571\",\n \"CVE-2010-3572\",\n \"CVE-2010-3573\",\n \"CVE-2010-3574\",\n \"CVE-2010-3864\"\n );\n script_bugtraq_id(\n 30082,\n 30083,\n 30118,\n 30119,\n 31534,\n 32710,\n 35112,\n 36935,\n 36954,\n 37724,\n 37762,\n 37906,\n 37942,\n 37944,\n 37945,\n 38027,\n 38058,\n 38144,\n 38162,\n 38165,\n 38185,\n 38348,\n 38479,\n 38533,\n 38857,\n 38898,\n 39013,\n 39044,\n 39062,\n 39067,\n 39068,\n 39069,\n 39070,\n 39071,\n 39072,\n 39073,\n 39075,\n 39077,\n 39078,\n 39081,\n 39082,\n 39083,\n 39084,\n 39085,\n 39086,\n 39088,\n 39089,\n 39090,\n 39091,\n 39093,\n 39094,\n 39095,\n 39096,\n 39120,\n 39492,\n 39569,\n 39635,\n 39715,\n 39719,\n 39794,\n 39979,\n 40235,\n 40356,\n 40776,\n 40920,\n 41466,\n 41544,\n 41904,\n 42242,\n 42249,\n 42306,\n 43239,\n 43965,\n 43971,\n 43979,\n 43985,\n 43988,\n 43992,\n 43994,\n 44009,\n 44011,\n 44012,\n 44013,\n 44014,\n 44016,\n 44017,\n 44026,\n 44027,\n 44028,\n 44030,\n 44032,\n 44035,\n 44040,\n 44884\n );\n script_xref(name:\"VMSA\", value:\"2011-0003\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/15\");\n\n script_name(english:\"VMSA-2011-0003 : Third-party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote VMware ESXi / ESX host is missing one or more\nsecurity-related patches.\");\n script_set_attribute(attribute:\"description\", value:\n\"a. vCenter Server and vCenter Update Manager update Microsoft\n SQL Server 2005 Express Edition to Service Pack 3\n\n Microsoft SQL Server 2005 Express Edition (SQL Express)\n distributed with vCenter Server 4.1 Update 1 and vCenter Update\n Manager 4.1 Update 1 is upgraded from SQL Express Service Pack 2\n to SQL Express Service Pack 3, to address multiple security\n issues that exist in the earlier releases of Microsoft SQL Express.\n\n Customers using other database solutions need not update for\n these issues.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2008-5416, CVE-2008-0085, CVE-2008-0086,\n CVE-2008-0107 and CVE-2008-0106 to the issues addressed in MS SQL\n Express Service Pack 3.\n\nb. vCenter Apache Tomcat Management Application Credential Disclosure\n\n The Apache Tomcat Manager application configuration file contains\n logon credentials that can be read by unprivileged local users.\n\n The issue is resolved by removing the Manager application in\n vCenter 4.1 Update 1.\n\n If vCenter 4.1 is updated to vCenter 4.1 Update 1 the logon\n credentials are not present in the configuration file after the\n update.\n\n VMware would like to thank Claudio Criscione of Secure Networking\n for reporting this issue to us.\n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2010-2928 to this issue.\n\nc. vCenter Server and ESX, Oracle (Sun) JRE is updated to version\n 1.6.0_21\n\n Oracle (Sun) JRE update to version 1.6.0_21, which addresses\n multiple security issues that existed in earlier releases of\n Oracle (Sun) JRE.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the following names to the security issues fixed in\n Oracle (Sun) JRE 1.6.0_19: CVE-2009-3555, CVE-2010-0082,\n CVE-2010-0084, CVE-2010-0085, CVE-2010-0087, CVE-2010-0088,\n CVE-2010-0089, CVE-2010-0090, CVE-2010-0091, CVE-2010-0092,\n CVE-2010-0093, CVE-2010-0094, CVE-2010-0095, CVE-2010-0837,\n CVE-2010-0838, CVE-2010-0839, CVE-2010-0840, CVE-2010-0841,\n CVE-2010-0842, CVE-2010-0843, CVE-2010-0844, CVE-2010-0845,\n CVE-2010-0846, CVE-2010-0847, CVE-2010-0848, CVE-2010-0849,\n CVE-2010-0850.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the following name to the security issue fixed in\n Oracle (Sun) JRE 1.6.0_20: CVE-2010-0886.\n\nd. vCenter Update Manager Oracle (Sun) JRE is updated to version\n 1.5.0_26\n\n Oracle (Sun) JRE update to version 1.5.0_26, which addresses\n multiple security issues that existed in earlier releases of\n Oracle (Sun) JRE.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the following names to the security issues fixed in\n Oracle (Sun) JRE 1.5.0_26: CVE-2010-3556, CVE-2010-3566,\n CVE-2010-3567, CVE-2010-3550, CVE-2010-3561, CVE-2010-3573,\n CVE-2010-3565,CVE-2010-3568, CVE-2010-3569, CVE-2009-3555,\n CVE-2010-1321, CVE-2010-3548, CVE-2010-3551, CVE-2010-3562,\n CVE-2010-3571, CVE-2010-3554, CVE-2010-3559, CVE-2010-3572,\n CVE-2010-3553, CVE-2010-3549, CVE-2010-3557, CVE-2010-3541,\n CVE-2010-3574.\n\ne. vCenter Server and ESX Apache Tomcat updated to version 6.0.28\n\n Apache Tomcat updated to version 6.0.28, which addresses multiple\n security issues that existed in earlier releases of Apache Tomcat\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the following names to the security issues fixed in\n Apache Tomcat 6.0.24: CVE-2009-2693, CVE-2009-2901, CVE-2009-2902,i\n and CVE-2009-3548.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the following names to the security issues fixed in\n Apache Tomcat 6.0.28: CVE-2010-2227, CVE-2010-1157.\n\nf. vCenter Server third-party component OpenSSL updated to version\n 0.9.8n\n\n The version of the OpenSSL library in vCenter Server is updated to\n 0.9.8n.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2010-0740 and CVE-2010-0433 to the\n issues addressed in this version of OpenSSL.\n\ng. ESX third-party component OpenSSL updated to version 0.9.8p\n\n The version of the ESX OpenSSL library is updated to 0.9.8p.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2010-3864 and CVE-2010-2939 to the\n issues addressed in this update.\n\nh. ESXi third-party component cURL updated\n\n The version of cURL library in ESXi is updated.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2010-0734 to the issues addressed in\n this update.\n\ni. ESX third-party component pam_krb5 updated\n\n The version of pam_krb5 library is updated.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2008-3825 and CVE-2009-1384 to the\n issues addressed in the update.\n\nj. ESX third-party update for Service Console kernel\n\n The Service Console kernel is updated to include kernel version\n 2.6.18-194.11.1.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2010-1084, CVE-2010-2066, CVE-2010-2070,\n CVE-2010-2226, CVE-2010-2248, CVE-2010-2521, CVE-2010-2524,\n CVE-2010-0008, CVE-2010-0415, CVE-2010-0437, CVE-2009-4308,\n CVE-2010-0003, CVE-2010-0007, CVE-2010-0307, CVE-2010-1086,\n CVE-2010-0410, CVE-2010-0730, CVE-2010-1085, CVE-2010-0291,\n CVE-2010-0622, CVE-2010-1087, CVE-2010-1173, CVE-2010-1437,\n CVE-2010-1088, CVE-2010-1187, CVE-2010-1436, CVE-2010-1641, and\n CVE-2010-3081 to the issues addressed in the update.\n\n Notes :\n - The update also addresses the 64-bit compatibility mode\n stack pointer underflow issue identified by CVE-2010-3081. This\n issue was patched in an ESX 4.1 patch prior to the release of\n ESX 4.1 Update 1 and in a previous ESX 4.0 patch release.\n - The update also addresses CVE-2010-2240 for ESX 4.0.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.vmware.com/pipermail/security-announce/2011/000140.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the missing patches.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java Web Start Plugin Command Line Argument Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n script_cwe_id(20, 22, 119, 189, 200, 255, 264, 287, 310, 399);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/07/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/02/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:4.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:4.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"VMware ESX Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/VMware/release\", \"Host/VMware/version\");\n script_require_ports(\"Host/VMware/esxupdate\", \"Host/VMware/esxcli_software_vibs\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"vmware_esx_packages.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/VMware/release\")) audit(AUDIT_OS_NOT, \"VMware ESX / ESXi\");\nif (\n !get_kb_item(\"Host/VMware/esxcli_software_vibs\") &&\n !get_kb_item(\"Host/VMware/esxupdate\")\n) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ninit_esx_check(date:\"2011-02-10\");\nflag = 0;\n\n\nif (\n esx_check(\n ver : \"ESX 4.0\",\n patch : \"ESX400-201103401-SG\",\n patch_updates : make_list(\"ESX400-201104401-SG\", \"ESX400-201110401-SG\", \"ESX400-201111201-SG\", \"ESX400-201203401-SG\", \"ESX400-201205401-SG\", \"ESX400-201206401-SG\", \"ESX400-201209401-SG\", \"ESX400-201302401-SG\", \"ESX400-201305401-SG\", \"ESX400-201310401-SG\", \"ESX400-201404401-SG\", \"ESX400-Update03\", \"ESX400-Update04\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 4.0\",\n patch : \"ESX400-201103403-SG\",\n patch_updates : make_list(\"ESX400-201111201-SG\", \"ESX400-201203401-SG\", \"ESX400-201205401-SG\", \"ESX400-201206401-SG\", \"ESX400-201209401-SG\", \"ESX400-201302401-SG\", \"ESX400-201305401-SG\", \"ESX400-201310401-SG\", \"ESX400-201404401-SG\", \"ESX400-Update03\", \"ESX400-Update04\")\n )\n) flag++;\n\nif (\n esx_check(\n ver : \"ESX 4.1\",\n patch : \"ESX410-201101201-SG\",\n patch_updates : make_list(\"ESX40-TO-ESX41UPDATE01\", \"ESX410-201104401-SG\", \"ESX410-201110201-SG\", \"ESX410-201201401-SG\", \"ESX410-201204401-SG\", \"ESX410-201205401-SG\", \"ESX410-201206401-SG\", \"ESX410-201208101-SG\", \"ESX410-201211401-SG\", \"ESX410-201301401-SG\", \"ESX410-201304401-SG\", \"ESX410-201307401-SG\", \"ESX410-201312401-SG\", \"ESX410-201404401-SG\", \"ESX410-Update01\", \"ESX410-Update02\", \"ESX410-Update03\")\n )\n) flag++;\n\nif (\n esx_check(\n ver : \"ESXi 4.0\",\n patch : \"ESXi400-201103401-SG\",\n patch_updates : make_list(\"ESXi400-201104401-SG\", \"ESXi400-201110401-SG\", \"ESXi400-201203401-SG\", \"ESXi400-201205401-SG\", \"ESXi400-201206401-SG\", \"ESXi400-201209401-SG\", \"ESXi400-201302401-SG\", \"ESXi400-201305401-SG\", \"ESXi400-201310401-SG\", \"ESXi400-201404401-SG\", \"ESXi400-Update03\", \"ESXi400-Update04\")\n )\n) flag++;\n\nif (\n esx_check(\n ver : \"ESXi 4.1\",\n patch : \"ESXi410-201101201-SG\",\n patch_updates : make_list(\"ESXi410-201104401-SG\", \"ESXi410-201110201-SG\", \"ESXi410-201201401-SG\", \"ESXi410-201204401-SG\", \"ESXi410-201205401-SG\", \"ESXi410-201206401-SG\", \"ESXi410-201208101-SG\", \"ESXi410-201211401-SG\", \"ESXi410-201301401-SG\", \"ESXi410-201304401-SG\", \"ESXi410-201307401-SG\", \"ESXi410-201312401-SG\", \"ESXi410-201404401-SG\", \"ESXi410-Update01\", \"ESXi410-Update02\", \"ESXi410-Update03\")\n )\n) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:esx_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:25:10", "description": "The version of HP Systems Insight Manager installed on the remote Windows host is affected by vulnerabilities in the following components :\n\n - TLS and SSL protocols\n - Apache Tomcat\n - Java\n - Flash Player\n - BlazeDS/GraniteDS\n - Adobe LiveCycle\n - Adobe Flex SDK\n - Systems Insight Manager", "cvss3": {}, "published": "2012-06-15T00:00:00", "type": "nessus", "title": "HP Systems Insight Manager < 7.0 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-3555", "CVE-2010-2227", "CVE-2010-4470", "CVE-2010-4476", "CVE-2011-0611", "CVE-2011-0786", "CVE-2011-0788", "CVE-2011-0802", "CVE-2011-0814", "CVE-2011-0815", "CVE-2011-0817", "CVE-2011-0862", "CVE-2011-0863", "CVE-2011-0864", "CVE-2011-0865", "CVE-2011-0866", "CVE-2011-0867", "CVE-2011-0868", "CVE-2011-0869", "CVE-2011-0871", "CVE-2011-0872", "CVE-2011-0873", "CVE-2011-2092", "CVE-2011-2093", "CVE-2011-2130", "CVE-2011-2134", "CVE-2011-2135", "CVE-2011-2136", "CVE-2011-2137", "CVE-2011-2138", "CVE-2011-2139", "CVE-2011-2140", "CVE-2011-2414", "CVE-2011-2415", "CVE-2011-2416", "CVE-2011-2417", "CVE-2011-2425", "CVE-2011-2426", "CVE-2011-2427", "CVE-2011-2428", "CVE-2011-2429", "CVE-2011-2430", "CVE-2011-2444", "CVE-2011-2445", "CVE-2011-2450", "CVE-2011-2451", "CVE-2011-2452", "CVE-2011-2453", "CVE-2011-2454", "CVE-2011-2455", "CVE-2011-2456", "CVE-2011-2457", "CVE-2011-2458", "CVE-2011-2459", "CVE-2011-2460", "CVE-2011-2461", "CVE-2011-3556", "CVE-2011-3557", "CVE-2011-3558", "CVE-2012-1995", "CVE-2012-1996", "CVE-2012-1997", "CVE-2012-1998", "CVE-2012-1999"], "modified": "2022-03-08T00:00:00", "cpe": ["cpe:/a:hp:systems_insight_manager"], "id": "HP_SYSTEMS_INSIGHT_MANAGER_700_MULTIPLE_VULNS.NASL", "href": "https://www.tenable.com/plugins/nessus/59684", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59684);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/08\");\n\n script_cve_id(\n \"CVE-2009-3555\",\n \"CVE-2010-2227\",\n \"CVE-2010-4470\",\n \"CVE-2010-4476\",\n \"CVE-2011-0611\",\n \"CVE-2011-0786\",\n \"CVE-2011-0788\",\n \"CVE-2011-0802\",\n \"CVE-2011-0814\",\n \"CVE-2011-0815\",\n \"CVE-2011-0817\",\n \"CVE-2011-0862\",\n \"CVE-2011-0863\",\n \"CVE-2011-0864\",\n \"CVE-2011-0865\",\n \"CVE-2011-0866\",\n \"CVE-2011-0867\",\n \"CVE-2011-0868\",\n \"CVE-2011-0869\",\n \"CVE-2011-0871\",\n \"CVE-2011-0872\",\n \"CVE-2011-0873\",\n \"CVE-2011-2092\",\n \"CVE-2011-2093\",\n \"CVE-2011-2130\",\n \"CVE-2011-2134\",\n \"CVE-2011-2135\",\n \"CVE-2011-2136\",\n \"CVE-2011-2137\",\n \"CVE-2011-2138\",\n \"CVE-2011-2139\",\n \"CVE-2011-2140\",\n \"CVE-2011-2414\",\n \"CVE-2011-2415\",\n \"CVE-2011-2416\",\n \"CVE-2011-2417\",\n \"CVE-2011-2425\",\n \"CVE-2011-2426\",\n \"CVE-2011-2427\",\n \"CVE-2011-2428\",\n \"CVE-2011-2429\",\n \"CVE-2011-2430\",\n \"CVE-2011-2444\",\n \"CVE-2011-2445\",\n \"CVE-2011-2450\",\n \"CVE-2011-2451\",\n \"CVE-2011-2452\",\n \"CVE-2011-2453\",\n \"CVE-2011-2454\",\n \"CVE-2011-2455\",\n \"CVE-2011-2456\",\n \"CVE-2011-2457\",\n \"CVE-2011-2458\",\n \"CVE-2011-2459\",\n \"CVE-2011-2460\",\n \"CVE-2011-2461\",\n \"CVE-2011-3556\",\n \"CVE-2011-3557\",\n \"CVE-2011-3558\",\n \"CVE-2012-1995\",\n \"CVE-2012-1996\",\n \"CVE-2012-1997\",\n \"CVE-2012-1998\",\n \"CVE-2012-1999\"\n );\n script_bugtraq_id(\n 36935,\n 41544,\n 42817,\n 46091,\n 46387,\n 47314,\n 48133,\n 48134,\n 48135,\n 48136,\n 48137,\n 48138,\n 48139,\n 48140,\n 48141,\n 48142,\n 48143,\n 48144,\n 48145,\n 48146,\n 48147,\n 48148,\n 48149,\n 48267,\n 48279,\n 49073,\n 49074,\n 49075,\n 49076,\n 49077,\n 49079,\n 49080,\n 49081,\n 49082,\n 49083,\n 49084,\n 49085,\n 49086,\n 49710,\n 49714,\n 49715,\n 49716,\n 49717,\n 49718,\n 50618,\n 50619,\n 50620,\n 50621,\n 50622,\n 50623,\n 50624,\n 50625,\n 50626,\n 50627,\n 50628,\n 50629,\n 50869,\n 53315\n );\n script_xref(name:\"HP\", value:\"HPSBMU02769\");\n script_xref(name:\"HP\", value:\"SSRT100846\");\n script_xref(name:\"HP\", value:\"SSRT100093\");\n script_xref(name:\"HP\", value:\"SSRT090028\");\n script_xref(name:\"HP\", value:\"SSRT100110\");\n script_xref(name:\"HP\", value:\"SSRT100373\");\n script_xref(name:\"HP\", value:\"SSRT100426\");\n script_xref(name:\"HP\", value:\"SSRT100514\");\n script_xref(name:\"HP\", value:\"SSRT100562\");\n script_xref(name:\"HP\", value:\"SSRT100639\");\n script_xref(name:\"HP\", value:\"SSRT100702\");\n script_xref(name:\"HP\", value:\"SSRT100819\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/03/24\");\n\n script_name(english:\"HP Systems Insight Manager < 7.0 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains software that is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of HP Systems Insight Manager installed on the remote\nWindows host is affected by vulnerabilities in the following\ncomponents :\n\n - TLS and SSL protocols\n - Apache Tomcat\n - Java\n - Flash Player\n - BlazeDS/GraniteDS\n - Adobe LiveCycle\n - Adobe Flex SDK\n - Systems Insight Manager\");\n # http://web.archive.org/web/20120701193341/http://h20000.www2.hp.com:80/bizsupport/TechSupport/Document.jsp?objectID=c03298151\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?72e42ec4\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to HP Systems Insight Manager 7.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2011-2460\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java RMI Server Insecure Default Configuration Java Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/11/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:hp:systems_insight_manager\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"hp_systems_insight_manager_installed.nasl\");\n script_require_keys(\"installed_sw/HP Systems Insight Manager\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"install_func.inc\");\ninclude(\"misc_func.inc\");\n\napp_name = \"HP Systems Insight Manager\";\nget_install_count(app_name:app_name, exit_if_zero:TRUE);\n\ninstall = get_single_install(app_name:app_name);\npath = install['path'];\nversion = install['version'];\n\nif (version =~ '^(([A-Z]\\\\.)?0[0-5]\\\\.|([A-C]\\\\.)?0[0-6]\\\\.[0-9\\\\.]+)')\n{\n set_kb_item(name:'www/0/XSS', value:TRUE);\n set_kb_item(name:'www/0/XSRF', value:TRUE);\n\n port = get_kb_item('SMB/transport');\n if (!port) port = 445;\n\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : C.07.00.00.00' +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, path);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "tomcat": [{"lastseen": "2021-12-30T15:23:05", "description": "**Low: SecurityManager file permission bypass** [CVE-2010-3718](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3718>)\n\nWhen running under a SecurityManager, access to the file system is limited but web applications are granted read/write permissions to the work directory. This directory is used for a variety of temporary files such as the intermediate files generated when compiling JSPs to Servlets. The location of the work directory is specified by a ServletContect attribute that is meant to be read-only to web applications. However, due to a coding error, the read-only setting was not applied. Therefore, a malicious web application may modify the attribute before Tomcat applies the file permissions. This can be used to grant read/write permissions to any area on the file system which a malicious web application may then take advantage of. This vulnerability is only applicable when hosting web applications from untrusted sources such as shared hosting environments.\n\nThis was fixed in [revision 1027610](<https://svn.apache.org/viewvc?view=rev&rev=1027610>).\n\nThis was discovered by the Tomcat security team on 12 Oct 2010 and made public on 5 Feb 2011.\n\nAffects: 5.5.0-5.5.29\n\n**Important: Remote Denial Of Service and Information Disclosure Vulnerability** [CVE-2010-2227](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2227>)\n\nSeveral flaws in the handling of the 'Transfer-Encoding' header were found that prevented the recycling of a buffer. A remote attacker could trigger this flaw which would cause subsequent requests to fail and/or information to leak between requests. This flaw is mitigated if Tomcat is behind a reverse proxy (such as Apache httpd 2.2) as the proxy should reject the invalid transfer encoding header.\n\nThis was fixed in [revision 959428](<https://svn.apache.org/viewvc?view=rev&rev=959428>).\n\nThis was first reported to the Tomcat security team on 14 Jun 2010 and made public on 9 Jul 2010.\n\nAffects: 5.5.0-5.5.29\n\n**Low: Information disclosure in authentication headers** [CVE-2010-1157](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1157>)\n\nThe `WWW-Authenticate` HTTP header for BASIC and DIGEST authentication includes a realm name. If a `<realm-name>` element is specified for the application in web.xml it will be used. However, a `<realm-name>` is not specified then Tomcat will generate realm name using the code snippet `request.getServerName() + \":\" + request.getServerPort()`. In some circumstances this can expose the local host name or IP address of the machine running Tomcat. \n\nThis was fixed in [revision 936541](<https://svn.apache.org/viewvc?view=rev&rev=936541>).\n\nThis was first reported to the Tomcat security team on 31 Dec 2009 and made public on 21 Apr 2010.\n\nAffects: 5.5.0-5.5.29", "cvss3": {}, "published": "2010-07-09T00:00:00", "type": "tomcat", "title": "Fixed in Apache Tomcat 5.5.30", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1157", "CVE-2010-2227", "CVE-2010-3718"], "modified": "2010-07-09T00:00:00", "id": "TOMCAT:4659DEAC38E318C13712A886F48A7052", "href": "https://tomcat.apache.org/security-5.html#Fixed_in_Apache_Tomcat_5.5.30", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-12-30T15:23:03", "description": "**Important: Remote Denial Of Service and Information Disclosure Vulnerability** [CVE-2010-2227](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2227>)\n\nSeveral flaws in the handling of the 'Transfer-Encoding' header were found that prevented the recycling of a buffer. A remote attacker could trigger this flaw which would cause subsequent requests to fail and/or information to leak between requests. This flaw is mitigated if Tomcat is behind a reverse proxy (such as Apache httpd 2.2) as the proxy should reject the invalid transfer encoding header.\n\nThis was fixed in [revision 958977](<https://svn.apache.org/viewvc?view=rev&rev=958977>).\n\nThis was first reported to the Tomcat security team on 14 Jun 2010 and made public on 9 Jul 2010.\n\nAffects: 6.0.0-6.0.27\n\n**Note:** _The issue below was fixed in Apache Tomcat 6.0.27 but the release vote for the 6.0.27 release candidate did not pass. Therefore, although users must download 6.0.28 to obtain a version that includes a fix for this issue, version 6.0.27 is not included in the list of affected versions._\n\n**Low: Information disclosure in authentication headers** [CVE-2010-1157](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1157>)\n\nThe `WWW-Authenticate` HTTP header for BASIC and DIGEST authentication includes a realm name. If a `<realm-name>` element is specified for the application in web.xml it will be used. However, a `<realm-name>` is not specified then Tomcat will generate realm name using the code snippet `request.getServerName() + \":\" + request.getServerPort()`. In some circumstances this can expose the local host name or IP address of the machine running Tomcat. \n\nThis was fixed in [revision 936540](<https://svn.apache.org/viewvc?view=rev&rev=936540>).\n\nThis was first reported to the Tomcat security team on 31 Dec 2009 and made public on 21 Apr 2010.\n\nAffects: 6.0.0-6.0.26", "cvss3": {}, "published": "2010-07-09T00:00:00", "type": "tomcat", "title": "Fixed in Apache Tomcat 6.0.28", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1157", "CVE-2010-2227"], "modified": "2010-07-09T00:00:00", "id": "TOMCAT:CD22C348F4620666ACC68ACA6AF1EB98", "href": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.28", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-12-30T15:23:03", "description": "_Note: The issue below was fixed in Apache Tomcat 7.0.1 but the release vote for the 7.0.1 release candidate did not pass. Therefore, although users must download 7.0.2 to obtain a version that includes a fix for this issue, version 7.0.2 is not included in the list of affected versions._\n\n**Important: Remote Denial Of Service and Information Disclosure Vulnerability** [CVE-2010-2227](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2227>)\n\nSeveral flaws in the handling of the 'Transfer-Encoding' header were found that prevented the recycling of a buffer. A remote attacker could trigger this flaw which would cause subsequent requests to fail and/or information to leak between requests. This flaw is mitigated if Tomcat is behind a reverse proxy (such as Apache httpd 2.2) as the proxy should reject the invalid transfer encoding header.\n\nThis was fixed in [revision 958911](<https://svn.apache.org/viewvc?view=rev&rev=958911>).\n\nThis was first reported to the Tomcat security team on 14 Jun 2010 and made public on 9 Jul 2010.\n\nAffects: 7.0.0", "cvss3": {}, "published": "2010-08-11T00:00:00", "type": "tomcat", "title": "Fixed in Apache Tomcat 7.0.2", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2227"], "modified": "2010-08-11T00:00:00", "id": "TOMCAT:1588F78F09C29F9BFC123F6CFF7D5AA9", "href": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.2", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-12-30T15:23:03", "description": "**Low: SecurityManager file permission bypass** [CVE-2010-3718](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3718>)\n\nWhen running under a SecurityManager, access to the file system is limited but web applications are granted read/write permissions to the work directory. This directory is used for a variety of temporary files such as the intermediate files generated when compiling JSPs to Servlets. The location of the work directory is specified by a ServletContect attribute that is meant to be read-only to web applications. However, due to a coding error, the read-only setting was not applied. Therefore, a malicious web application may modify the attribute before Tomcat applies the file permissions. This can be used to grant read/write permissions to any area on the file system which a malicious web application may then take advantage of. This vulnerability is only applicable when hosting web applications from untrusted sources such as shared hosting environments.\n\nThis was fixed in [revision 1022134](<https://svn.apache.org/viewvc?view=rev&rev=1022134>).\n\nThis was discovered by the Tomcat security team on 12 Oct 2010 and made public on 5 Feb 2011.\n\nAffects: 7.0.0-7.0.3", "cvss3": {}, "published": "2010-10-21T00:00:00", "type": "tomcat", "title": "Fixed in Apache Tomcat 7.0.4", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 1.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 1.2, "vectorString": "AV:L/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3718"], "modified": "2010-10-21T00:00:00", "id": "TOMCAT:3FAC6BB614BBE0076581BA0B6BB749B1", "href": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.4", "cvss": {"score": 1.2, "vector": "AV:L/AC:H/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-12-30T15:23:03", "description": "**Low: Cross-site scripting** [CVE-2011-0013](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0013>)\n\nThe HTML Manager interface displayed web application provided data, such as display names, without filtering. A malicious web application could trigger script execution by an administrative user when viewing the manager pages.\n\nThis was fixed in [revision 1057270](<https://svn.apache.org/viewvc?view=rev&rev=1057270>).\n\nThis was identified by the Tomcat security team on 12 Nov 2010 and made public on 5 Feb 2011.\n\nAffects: 6.0.0-6.0.29\n\n**Moderate: Cross-site scripting** [CVE-2010-4172](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4172>)\n\nThe Manager application used the user provided parameters sort and orderBy directly without filtering thereby permitting cross-site scripting.\n\nThis was fixed in [revision 1037779](<https://svn.apache.org/viewvc?view=rev&rev=1037779>).\n\nThis was first reported to the Tomcat security team on 15 Nov 2010 and made public on 22 Nov 2010.\n\nAffects: 6.0.12-6.0.29\n\n**Low: SecurityManager file permission bypass** [CVE-2010-3718](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3718>)\n\nWhen running under a SecurityManager, access to the file system is limited but web applications are granted read/write permissions to the work directory. This directory is used for a variety of temporary files such as the intermediate files generated when compiling JSPs to Servlets. The location of the work directory is specified by a ServletContect attribute that is meant to be read-only to web applications. However, due to a coding error, the read-only setting was not applied. Therefore, a malicious web application may modify the attribute before Tomcat applies the file permissions. This can be used to grant read/write permissions to any area on the file system which a malicious web application may then take advantage of. This vulnerability is only applicable when hosting web applications from untrusted sources such as shared hosting environments.\n\nThis was fixed in [revision 1022560](<https://svn.apache.org/viewvc?view=rev&rev=1022560>).\n\nThis was discovered by the Tomcat security team on 12 Oct 2010 and made public on 5 Feb 2011.\n\nAffects: 6.0.0-6.0.29", "cvss3": {}, "published": "2011-01-13T00:00:00", "type": "tomcat", "title": "Fixed in Apache Tomcat 6.0.30", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3718", "CVE-2010-4172", "CVE-2011-0013"], "modified": "2011-01-13T00:00:00", "id": "TOMCAT:821F7BD89AAB59FFA98BF04DB2CB99B2", "href": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.30", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "redhat": [{"lastseen": "2021-10-21T04:45:25", "description": "JBoss Web is the web container, based on Apache Tomcat, in JBoss Enterprise\nApplication Platform. It provides a single deployment platform for the\nJavaServer Pages (JSP) and Java Servlet technologies, Microsoft .NET, PHP,\nand CGI.\n\nA flaw was found in the way JBoss Web handled the Transfer-Encoding header\nin HTTP requests. A specially-crafted HTTP request could prevent JBoss Web\nfrom sending replies, or cause JBoss Web to return truncated replies, or\nreplies containing data related to the requests of other users, for all\nsubsequent HTTP requests. (CVE-2010-2227)\n\nA possible minor information leak was found in the way JBoss Web generated\nHTTP BASIC and DIGEST authentication requests. For configurations where a\nrealm name was not specified and JBoss Web was accessed via a proxy, the\ndefault generated realm contained the hostname and port used by the proxy\nto send requests to the JBoss Web server. (CVE-2010-1157)\n\nUsers of JBoss Web should upgrade to this updated package, which upgrades\nJBoss Web to version 2.0.0.CP14, and resolves these issues. The JBoss\nserver process must be restarted for this update to take effect.\n", "cvss3": {}, "published": "2010-08-02T00:00:00", "type": "redhat", "title": "(RHSA-2010:0584) Important: jbossweb security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1157", "CVE-2010-2227"], "modified": "2016-04-04T14:31:15", "id": "RHSA-2010:0584", "href": "https://access.redhat.com/errata/RHSA-2010:0584", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-10-21T04:46:11", "description": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nA flaw was found in the way Tomcat handled the Transfer-Encoding header in\nHTTP requests. A specially-crafted HTTP request could prevent Tomcat from\nsending replies, or cause Tomcat to return truncated replies, or replies\ncontaining data related to the requests of other users, for all subsequent\nHTTP requests. (CVE-2010-2227)\n\nUsers of Tomcat should upgrade to these updated packages, which contain a\nbackported patch to resolve this issue. Tomcat must be restarted for this\nupdate to take effect.\n", "cvss3": {}, "published": "2010-08-02T00:00:00", "type": "redhat", "title": "(RHSA-2010:0581) Important: tomcat5 and tomcat6 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2227"], "modified": "2016-04-04T14:31:38", "id": "RHSA-2010:0581", "href": "https://access.redhat.com/errata/RHSA-2010:0581", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-10-19T20:39:56", "description": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nA flaw was found in the way Tomcat handled the Transfer-Encoding header in\nHTTP requests. A specially-crafted HTTP request could prevent Tomcat from\nsending replies, or cause Tomcat to return truncated replies, or replies\ncontaining data related to the requests of other users, for all subsequent\nHTTP requests. (CVE-2010-2227)\n\nUsers of Tomcat should upgrade to these updated packages, which contain a\nbackported patch to resolve this issue. Tomcat must be restarted for this\nupdate to take effect.\n", "cvss3": {}, "published": "2010-08-02T00:00:00", "type": "redhat", "title": "(RHSA-2010:0583) Important: tomcat5 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2227"], "modified": "2019-03-22T19:44:23", "id": "RHSA-2010:0583", "href": "https://access.redhat.com/errata/RHSA-2010:0583", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-10-19T20:35:37", "description": "JBoss Enterprise Web Server is a fully-integrated and certified set of\ncomponents for hosting Java web applications.\n\nThis is the first release of JBoss Enterprise Web Server for Red Hat\nEnterprise Linux 6. For Red Hat Enterprise Linux 4 and 5, this release\nserves as a replacement for JBoss Enterprise Web Server 1.0.1, and includes\na number of bug fixes. Refer to the Release Notes, linked in the\nReferences, for more information.\n\nThis update corrects security flaws in the following components:\n\ntomcat6:\n\nA cross-site scripting (XSS) flaw was found in the Manager application,\nused for managing web applications on Apache Tomcat. If a remote attacker\ncould trick a user who is logged into the Manager application into visiting\na specially-crafted URL, the attacker could perform Manager application\ntasks with the privileges of the logged in user. (CVE-2010-4172)\n\ntomcat5 and tomcat6:\n\nIt was found that web applications could modify the location of the Apache\nTomcat host's work directory. As web applications deployed on Tomcat have\nread and write access to this directory, a malicious web application could\nuse this flaw to trick Tomcat into giving it read and write access to an\narbitrary directory on the file system. (CVE-2010-3718)\n\nA second cross-site scripting (XSS) flaw was found in the Manager\napplication. A malicious web application could use this flaw to conduct an\nXSS attack, leading to arbitrary web script execution with the privileges\nof victims who are logged into and viewing Manager application web pages.\n(CVE-2011-0013)\n\nA possible minor information leak was found in the way Apache Tomcat\ngenerated HTTP BASIC and DIGEST authentication requests. For configurations\nwhere a realm name was not specified and Tomcat was accessed via a proxy,\nthe default generated realm contained the hostname and port used by the\nproxy to send requests to the Tomcat server. (CVE-2010-1157)\n\nhttpd:\n\nA flaw was found in the way the mod_dav module of the Apache HTTP Server\nhandled certain requests. If a remote attacker were to send a carefully\ncrafted request to the server, it could cause the httpd child process to\ncrash. (CVE-2010-1452)\n\napr:\n\nIt was found that the apr_fnmatch() function used an unconstrained\nrecursion when processing patterns with the '*' wildcard. An attacker could\nuse this flaw to cause an application using this function, which also\naccepted untrusted input as a pattern for matching (such as an httpd server\nusing the mod_autoindex module), to exhaust all stack memory or use an\nexcessive amount of CPU time when performing matching. (CVE-2011-0419)\n\napr-util:\n\nIt was found that certain input could cause the apr-util library to\nallocate more memory than intended in the apr_brigade_split_line()\nfunction. An attacker able to provide input in small chunks to an\napplication using the apr-util library (such as httpd) could possibly use\nthis flaw to trigger high memory consumption. Note: This issue only\naffected the JBoss Enterprise Web Server packages on Red Hat Enterprise\nLinux 4. (CVE-2010-1623)\n\nAll users of JBoss Enterprise Web Server 1.0.1 are advised to upgrade to\nJBoss Enterprise Web Server 1.0.2, which corrects these issues. After\ninstalling this update, the relevant Apache Tomcat service (\"tomcat5\" or\n\"tomcat6\") and the Apache HTTP Server (\"httpd\") must be restarted for the\nupdate to take effect.\n", "cvss3": {}, "published": "2011-06-22T00:00:00", "type": "redhat", "title": "(RHSA-2011:0897) Moderate: JBoss Enterprise Web Server 1.0.2 update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1157", "CVE-2010-1452", "CVE-2010-1623", "CVE-2010-3718", "CVE-2010-4172", "CVE-2011-0013", "CVE-2011-0419", "CVE-2012-4557"], "modified": "2018-06-06T22:42:41", "id": "RHSA-2011:0897", "href": "https://access.redhat.com/errata/RHSA-2011:0897", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-19T20:39:32", "description": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nA flaw was found in the way Tomcat handled the Transfer-Encoding header in\nHTTP requests. A specially-crafted HTTP request could prevent Tomcat from\nsending replies, or cause Tomcat to return truncated replies, or replies\ncontaining data related to the requests of other users, for all subsequent\nHTTP requests. (CVE-2010-2227)\n\nTwo directory traversal flaws were found in the Tomcat deployment process.\nA specially-crafted WAR file could, when deployed, cause a file to be\ncreated outside of the web root into any directory writable by the Tomcat\nuser, or could lead to the deletion of files in the Tomcat host's work\ndirectory. (CVE-2009-2693, CVE-2009-2902)\n\nUsers of Tomcat should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. Tomcat must be restarted for\nthis update to take effect.\n", "cvss3": {}, "published": "2010-08-02T00:00:00", "type": "redhat", "title": "(RHSA-2010:0582) Important: tomcat5 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2693", "CVE-2009-2902", "CVE-2010-2227"], "modified": "2019-03-22T19:44:08", "id": "RHSA-2010:0582", "href": "https://access.redhat.com/errata/RHSA-2010:0582", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-10-19T18:40:10", "description": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nIt was found that web applications could modify the location of the Tomcat\nhost's work directory. As web applications deployed on Tomcat have read and\nwrite access to this directory, a malicious web application could use this\nflaw to trick Tomcat into giving it read and write access to an arbitrary\ndirectory on the file system. (CVE-2010-3718)\n\nA cross-site scripting (XSS) flaw was found in the Manager application,\nused for managing web applications on Tomcat. If a remote attacker could\ntrick a user who is logged into the Manager application into visiting a\nspecially-crafted URL, the attacker could perform Manager application tasks\nwith the privileges of the logged in user. (CVE-2010-4172)\n\nA second cross-site scripting (XSS) flaw was found in the Manager\napplication. A malicious web application could use this flaw to conduct an\nXSS attack, leading to arbitrary web script execution with the privileges\nof victims who are logged into and viewing Manager application web pages.\n(CVE-2011-0013)\n\nThis update also fixes the following bugs:\n\n* A bug in the \"tomcat6\" init script prevented additional Tomcat instances\nfrom starting. As well, running \"service tomcat6 start\" caused\nconfiguration options applied from \"/etc/sysconfig/tomcat6\" to be\noverwritten with those from \"/etc/tomcat6/tomcat6.conf\". With this update,\nmultiple instances of Tomcat run as expected. (BZ#636997)\n\n* The \"/usr/share/java/\" directory was missing a symbolic link to the\n\"/usr/share/tomcat6/bin/tomcat-juli.jar\" library. Because this library was\nmandatory for certain operations (such as running the Jasper JSP\nprecompiler), the \"build-jar-repository\" command was unable to compose a\nvalid classpath. With this update, the missing symbolic link has been\nadded. (BZ#661244)\n\n* Previously, the \"tomcat6\" init script failed to start Tomcat with a \"This\naccount is currently not available.\" message when Tomcat was configured to\nrun under a user that did not have a valid shell configured as a login\nshell. This update modifies the init script to work correctly regardless of\nthe daemon user's login shell. Additionally, these new tomcat6 packages now\nset \"/sbin/nologin\" as the login shell for the \"tomcat\" user upon\ninstallation, as recommended by deployment best practices. (BZ#678671)\n\n* Some standard Tomcat directories were missing write permissions for the\n\"tomcat\" group, which could cause certain applications to fail with errors\nsuch as \"No output folder\". This update adds write permissions for the\n\"tomcat\" group to the affected directories. (BZ#643809)\n\n* The \"/usr/sbin/tomcat6\" wrapper script used a hard-coded path to the\n\"catalina.out\" file, which may have caused problems (such as for logging\ninit script output) if Tomcat was being run with a user other than \"tomcat\"\nand with CATALINA_BASE set to a directory other than the default.\n(BZ#695284, BZ#697504)\n\n* Stopping Tomcat could have resulted in traceback errors being logged to\n\"catalina.out\" when certain web applications were deployed. (BZ#698624)\n\nUsers of Tomcat should upgrade to these updated packages, which contain\nbackported patches to correct these issues. Tomcat must be restarted for\nthis update to take effect.\n", "cvss3": {}, "published": "2011-05-19T00:00:00", "type": "redhat", "title": "(RHSA-2011:0791) Moderate: tomcat6 security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3718", "CVE-2010-4172", "CVE-2011-0013"], "modified": "2018-06-06T16:24:35", "id": "RHSA-2011:0791", "href": "https://access.redhat.com/errata/RHSA-2011:0791", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-10-21T04:42:09", "description": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nA flaw was found in the way Tomcat handled the Transfer-Encoding header in\nHTTP requests. A specially-crafted HTTP request could prevent Tomcat from\nsending replies, or cause Tomcat to return truncated replies, or replies\ncontaining data related to the requests of other users, for all subsequent\nHTTP requests. (CVE-2010-2227)\n\nThe Tomcat security update RHSA-2009:1164 did not, unlike the erratum text\nstated, provide a fix for CVE-2009-0781, a cross-site scripting (XSS) flaw\nin the examples calendar application. With some web browsers, remote\nattackers could use this flaw to inject arbitrary web script or HTML via\nthe \"time\" parameter. (CVE-2009-2696)\n\nTwo directory traversal flaws were found in the Tomcat deployment process.\nA specially-crafted WAR file could, when deployed, cause a file to be\ncreated outside of the web root into any directory writable by the Tomcat\nuser, or could lead to the deletion of files in the Tomcat host's work\ndirectory. (CVE-2009-2693, CVE-2009-2902)\n\nUsers of Tomcat should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. Tomcat must be restarted for\nthis update to take effect.\n", "cvss3": {}, "published": "2010-08-02T00:00:00", "type": "redhat", "title": "(RHSA-2010:0580) Important: tomcat5 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-0781", "CVE-2009-2693", "CVE-2009-2696", "CVE-2009-2902", "CVE-2010-2227"], "modified": "2017-09-08T07:58:31", "id": "RHSA-2010:0580", "href": "https://access.redhat.com/errata/RHSA-2010:0580", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-10-21T04:45:02", "description": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nIt was found that web applications could modify the location of the Tomcat\nhost's work directory. As web applications deployed on Tomcat have read and\nwrite access to this directory, a malicious web application could use this\nflaw to trick Tomcat into giving it read and write access to an arbitrary\ndirectory on the file system. (CVE-2010-3718)\n\nA cross-site scripting (XSS) flaw was found in the Manager application,\nused for managing web applications on Apache Tomcat. A malicious web\napplication could use this flaw to conduct an XSS attack, leading to\narbitrary web script execution with the privileges of victims who are\nlogged into and viewing Manager application web pages. (CVE-2011-0013)\n\nMultiple flaws were found in the way Tomcat handled HTTP DIGEST\nauthentication. These flaws weakened the Tomcat HTTP DIGEST authentication\nimplementation, subjecting it to some of the weaknesses of HTTP BASIC\nauthentication, for example, allowing remote attackers to perform session\nreplay attacks. (CVE-2011-1184)\n\nA flaw was found in the Tomcat MemoryUserDatabase. If a runtime exception\noccurred when creating a new user with a JMX client, that user's password\nwas logged to Tomcat log files. Note: By default, only administrators have\naccess to such log files. (CVE-2011-2204)\n\nUsers of Tomcat should upgrade to these updated packages, which contain\nbackported patches to correct these issues. Tomcat must be restarted for\nthis update to take effect.\n", "cvss3": {}, "published": "2011-12-20T00:00:00", "type": "redhat", "title": "(RHSA-2011:1845) Moderate: tomcat5 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3718", "CVE-2011-0013", "CVE-2011-1184", "CVE-2011-2204", "CVE-2011-5062", "CVE-2011-5063", "CVE-2011-5064"], "modified": "2017-09-08T07:49:30", "id": "RHSA-2011:1845", "href": "https://access.redhat.com/errata/RHSA-2011:1845", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "openvas": [{"lastseen": "2018-01-22T13:05:50", "description": "Check for the Version of tomcat5", "cvss3": {}, "published": "2010-09-14T00:00:00", "type": "openvas", "title": "Mandriva Update for tomcat5 MDVSA-2010:177 (tomcat5)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2693", "CVE-2010-1157", "CVE-2009-2901", "CVE-2010-2227", "CVE-2009-2902"], "modified": "2018-01-22T00:00:00", "id": "OPENVAS:1361412562310831151", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831151", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for tomcat5 MDVSA-2010:177 (tomcat5)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been found and corrected in tomcat5:\n\n Directory traversal vulnerability in Apache Tomcat 5.5.0 through\n 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or\n overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file,\n as demonstrated by a ../../bin/catalina.bat entry (CVE-2009-2693).\n \n The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and\n 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase\n files that remain from a failed undeploy, which might allow remote\n attackers to bypass intended authentication requirements via HTTP\n requests (CVE-2009-2901).\n \n Directory traversal vulnerability in Apache Tomcat 5.5.0 through\n 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete\n work-directory files via directory traversal sequences in a WAR\n filename, as demonstrated by the ...war filename (CVE-2009-2902).\n \n Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might\n allow remote attackers to discover the server's hostname or IP\n address by sending a request for a resource that requires (1) BASIC or\n (2) DIGEST authentication, and then reading the realm field in the\n WWW-Authenticate header in the reply (CVE-2010-1157).\n \n Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0\n beta does not properly handle an invalid Transfer-Encoding header,\n which allows remote attackers to cause a denial of service (application\n outage) or obtain sensitive information via a crafted header that\n interferes with recycling of a buffer. (CVE-2010-2227)\n \n Packages for 2009.0 are provided as of the Extended Maintenance\n Program. Please visit this link to learn more:\n http://store.mandriva.com/product_info.php?cPath=149&products_id=490\n \n The updated packages have been patched to correct these issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"tomcat5 on Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Linux 2009.1,\n Mandriva Linux 2009.1/X86_64,\n Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-09/msg00011.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831151\");\n script_version(\"$Revision: 8485 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-22 08:57:57 +0100 (Mon, 22 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-09-14 15:35:55 +0200 (Tue, 14 Sep 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_xref(name: \"MDVSA\", value: \"2010:177\");\n script_cve_id(\"CVE-2009-2693\", \"CVE-2009-2901\", \"CVE-2009-2902\", \"CVE-2010-1157\", \"CVE-2010-2227\");\n script_name(\"Mandriva Update for tomcat5 MDVSA-2010:177 (tomcat5)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tomcat5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-eclipse\", rpm:\"tomcat5-jasper-eclipse~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-eclipse\", rpm:\"tomcat5-jasper-eclipse~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-eclipse\", rpm:\"tomcat5-jasper-eclipse~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-eclipse\", rpm:\"tomcat5-jasper-eclipse~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:54:26", "description": "Check for the Version of tomcat5", "cvss3": {}, "published": "2010-09-14T00:00:00", "type": "openvas", "title": "Mandriva Update for tomcat5 MDVSA-2010:177 (tomcat5)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2693", "CVE-2010-1157", "CVE-2009-2901", "CVE-2010-2227", "CVE-2009-2902"], "modified": "2017-12-22T00:00:00", "id": "OPENVAS:831151", "href": "http://plugins.openvas.org/nasl.php?oid=831151", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for tomcat5 MDVSA-2010:177 (tomcat5)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been found and corrected in tomcat5:\n\n Directory traversal vulnerability in Apache Tomcat 5.5.0 through\n 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or\n overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file,\n as demonstrated by a ../../bin/catalina.bat entry (CVE-2009-2693).\n \n The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and\n 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase\n files that remain from a failed undeploy, which might allow remote\n attackers to bypass intended authentication requirements via HTTP\n requests (CVE-2009-2901).\n \n Directory traversal vulnerability in Apache Tomcat 5.5.0 through\n 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete\n work-directory files via directory traversal sequences in a WAR\n filename, as demonstrated by the ...war filename (CVE-2009-2902).\n \n Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might\n allow remote attackers to discover the server's hostname or IP\n address by sending a request for a resource that requires (1) BASIC or\n (2) DIGEST authentication, and then reading the realm field in the\n WWW-Authenticate header in the reply (CVE-2010-1157).\n \n Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0\n beta does not properly handle an invalid Transfer-Encoding header,\n which allows remote attackers to cause a denial of service (application\n outage) or obtain sensitive information via a crafted header that\n interferes with recycling of a buffer. (CVE-2010-2227)\n \n Packages for 2009.0 are provided as of the Extended Maintenance\n Program. Please visit this link to learn more:\n http://store.mandriva.com/product_info.php?cPath=149&products_id=490\n \n The updated packages have been patched to correct these issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"tomcat5 on Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Linux 2009.1,\n Mandriva Linux 2009.1/X86_64,\n Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-09/msg00011.php\");\n script_id(831151);\n script_version(\"$Revision: 8226 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-22 07:30:26 +0100 (Fri, 22 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-09-14 15:35:55 +0200 (Tue, 14 Sep 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_xref(name: \"MDVSA\", value: \"2010:177\");\n script_cve_id(\"CVE-2009-2693\", \"CVE-2009-2901\", \"CVE-2009-2902\", \"CVE-2010-1157\", \"CVE-2010-2227\");\n script_name(\"Mandriva Update for tomcat5 MDVSA-2010:177 (tomcat5)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tomcat5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-eclipse\", rpm:\"tomcat5-jasper-eclipse~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-eclipse\", rpm:\"tomcat5-jasper-eclipse~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-eclipse\", rpm:\"tomcat5-jasper-eclipse~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-eclipse\", rpm:\"tomcat5-jasper-eclipse~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-12-14T11:48:59", "description": "Check for the Version of tomcat6", "cvss3": {}, "published": "2010-11-16T00:00:00", "type": "openvas", "title": "Fedora Update for tomcat6 FEDORA-2010-16270", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2227"], "modified": "2017-12-13T00:00:00", "id": "OPENVAS:862502", "href": "http://plugins.openvas.org/nasl.php?oid=862502", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tomcat6 FEDORA-2010-16270\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Tomcat is the servlet container that is used in the official Reference\n Implementation for the Java Servlet and JavaServer Pages technologies.\n The Java Servlet and JavaServer Pages specifications are developed by\n Sun under the Java Community Process.\n\n Tomcat is developed in an open and participatory environment and\n released under the Apache Software License version 2.0. Tomcat is intended\n to be a collaboration of the best-of-breed developers from around the world.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"tomcat6 on Fedora 13\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050214.html\");\n script_id(862502);\n script_version(\"$Revision: 8092 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-13 07:31:16 +0100 (Wed, 13 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-16 14:49:48 +0100 (Tue, 16 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-16270\");\n script_cve_id(\"CVE-2010-2227\");\n script_name(\"Fedora Update for tomcat6 FEDORA-2010-16270\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tomcat6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.26~11.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:54:42", "description": "Check for the Version of tomcat6", "cvss3": {}, "published": "2010-12-02T00:00:00", "type": "openvas", "title": "Fedora Update for tomcat6 FEDORA-2010-16528", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2227"], "modified": "2017-12-25T00:00:00", "id": "OPENVAS:862627", "href": "http://plugins.openvas.org/nasl.php?oid=862627", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tomcat6 FEDORA-2010-16528\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Tomcat is the servlet container that is used in the official Reference\n Implementation for the Java Servlet and JavaServer Pages technologies.\n The Java Servlet and JavaServer Pages specifications are developed by\n Sun under the Java Community Process.\n\n Tomcat is developed in an open and participatory environment and\n released under the Apache Software License version 2.0. Tomcat is intended\n to be a collaboration of the best-of-breed developers from around the world.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"tomcat6 on Fedora 14\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050840.html\");\n script_id(862627);\n script_version(\"$Revision: 8243 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-25 07:30:04 +0100 (Mon, 25 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-02 08:39:14 +0100 (Thu, 02 Dec 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-16528\");\n script_cve_id(\"CVE-2010-2227\");\n script_name(\"Fedora Update for tomcat6 FEDORA-2010-16528\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tomcat6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.26~14.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-12-04T11:17:44", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-976-1", "cvss3": {}, "published": "2010-08-30T00:00:00", "type": "openvas", "title": "Ubuntu Update for tomcat6 vulnerability USN-976-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2227"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840485", "href": "http://plugins.openvas.org/nasl.php?oid=840485", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_976_1.nasl 7965 2017-12-01 07:38:25Z santu $\n#\n# Ubuntu Update for tomcat6 vulnerability USN-976-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that Tomcat incorrectly handled invalid Transfer-Encoding\n headers. A remote attacker could send specially crafted requests containing\n invalid headers to the server and cause a denial of service, or possibly\n obtain sensitive information from other requests.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-976-1\";\ntag_affected = \"tomcat6 vulnerability on Ubuntu 9.04 ,\n Ubuntu 9.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-976-1/\");\n script_id(840485);\n script_version(\"$Revision: 7965 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:38:25 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-30 16:59:25 +0200 (Mon, 30 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_xref(name: \"USN\", value: \"976-1\");\n script_cve_id(\"CVE-2010-2227\");\n script_name(\"Ubuntu Update for tomcat6 vulnerability USN-976-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libservlet2.5-java-doc\", ver:\"6.0.20-2ubuntu2.2\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libservlet2.5-java\", ver:\"6.0.20-2ubuntu2.2\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.20-2ubuntu2.2\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-admin\", ver:\"6.0.20-2ubuntu2.2\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-common\", ver:\"6.0.20-2ubuntu2.2\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-docs\", ver:\"6.0.20-2ubuntu2.2\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-examples\", ver:\"6.0.20-2ubuntu2.2\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-user\", ver:\"6.0.20-2ubuntu2.2\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6\", ver:\"6.0.20-2ubuntu2.2\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libservlet2.5-java-doc\", ver:\"6.0.24-2ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libservlet2.5-java\", ver:\"6.0.24-2ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.24-2ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-admin\", ver:\"6.0.24-2ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-common\", ver:\"6.0.24-2ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-docs\", ver:\"6.0.24-2ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-examples\", ver:\"6.0.24-2ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-user\", ver:\"6.0.24-2ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6\", ver:\"6.0.24-2ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU9.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libservlet2.5-java-doc\", ver:\"6.0.18-0ubuntu6.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libservlet2.5-java\", ver:\"6.0.18-0ubuntu6.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.18-0ubuntu6.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-admin\", ver:\"6.0.18-0ubuntu6.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-common\", ver:\"6.0.18-0ubuntu6.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-docs\", ver:\"6.0.18-0ubuntu6.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-examples\", ver:\"6.0.18-0ubuntu6.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-user\", ver:\"6.0.18-0ubuntu6.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6\", ver:\"6.0.18-0ubuntu6.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-22T13:05:39", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-976-1", "cvss3": {}, "published": "2010-08-30T00:00:00", "type": "openvas", "title": "Ubuntu Update for tomcat6 vulnerability USN-976-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2227"], "modified": "2018-01-22T00:00:00", "id": "OPENVAS:1361412562310840485", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840485", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_976_1.nasl 8485 2018-01-22 07:57:57Z teissa $\n#\n# Ubuntu Update for tomcat6 vulnerability USN-976-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that Tomcat incorrectly handled invalid Transfer-Encoding\n headers. A remote attacker could send specially crafted requests containing\n invalid headers to the server and cause a denial of service, or possibly\n obtain sensitive information from other requests.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-976-1\";\ntag_affected = \"tomcat6 vulnerability on Ubuntu 9.04 ,\n Ubuntu 9.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-976-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840485\");\n script_version(\"$Revision: 8485 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-22 08:57:57 +0100 (Mon, 22 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-30 16:59:25 +0200 (Mon, 30 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_xref(name: \"USN\", value: \"976-1\");\n script_cve_id(\"CVE-2010-2227\");\n script_name(\"Ubuntu Update for tomcat6 vulnerability USN-976-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libservlet2.5-java-doc\", ver:\"6.0.20-2ubuntu2.2\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libservlet2.5-java\", ver:\"6.0.20-2ubuntu2.2\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.20-2ubuntu2.2\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-admin\", ver:\"6.0.20-2ubuntu2.2\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-common\", ver:\"6.0.20-2ubuntu2.2\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-docs\", ver:\"6.0.20-2ubuntu2.2\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-examples\", ver:\"6.0.20-2ubuntu2.2\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-user\", ver:\"6.0.20-2ubuntu2.2\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6\", ver:\"6.0.20-2ubuntu2.2\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libservlet2.5-java-doc\", ver:\"6.0.24-2ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libservlet2.5-java\", ver:\"6.0.24-2ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.24-2ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-admin\", ver:\"6.0.24-2ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-common\", ver:\"6.0.24-2ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-docs\", ver:\"6.0.24-2ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-examples\", ver:\"6.0.24-2ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-user\", ver:\"6.0.24-2ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6\", ver:\"6.0.24-2ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU9.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libservlet2.5-java-doc\", ver:\"6.0.18-0ubuntu6.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libservlet2.5-java\", ver:\"6.0.18-0ubuntu6.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.18-0ubuntu6.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-admin\", ver:\"6.0.18-0ubuntu6.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-common\", ver:\"6.0.18-0ubuntu6.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-docs\", ver:\"6.0.18-0ubuntu6.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-examples\", ver:\"6.0.18-0ubuntu6.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-user\", ver:\"6.0.18-0ubuntu6.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6\", ver:\"6.0.18-0ubuntu6.3\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:40:06", "description": "Apache Tomcat is prone to multiple remote vulnerabilities including\n information-disclosure and denial-of-service issues.", "cvss3": {}, "published": "2010-07-13T00:00:00", "type": "openvas", "title": "Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2227"], "modified": "2019-05-10T00:00:00", "id": "OPENVAS:1361412562310100712", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310100712", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:tomcat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.100712\");\n script_version(\"2019-05-10T11:41:35+0000\");\n script_tag(name:\"last_modification\", value:\"2019-05-10 11:41:35 +0000 (Fri, 10 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2010-07-13 12:45:31 +0200 (Tue, 13 Jul 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_bugtraq_id(41544);\n script_cve_id(\"CVE-2010-2227\");\n script_name(\"Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web Servers\");\n script_copyright(\"This script is Copyright (C) 2010 Greenbone Networks GmbH\");\n script_dependencies(\"gb_apache_tomcat_consolidation.nasl\");\n script_mandatory_keys(\"apache/tomcat/detected\");\n\n script_xref(name:\"URL\", value:\"https://www.securityfocus.com/bid/41544\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-5.html\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-6.html\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-7.html\");\n\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/archive/1/512272\");\n\n script_tag(name:\"solution\", value:\"The vendor released updates. Please see the references for more\n information.\");\n\n script_tag(name:\"summary\", value:\"Apache Tomcat is prone to multiple remote vulnerabilities including\n information-disclosure and denial-of-service issues.\");\n\n script_tag(name:\"impact\", value:\"Remote attackers can exploit these issues to cause denial-of-service\n conditions or gain access to potentially sensitive information,\n information obtained may lead to further attacks.\");\n\n script_tag(name:\"affected\", value:\"Tomcat 5.5.0 to 5.5.29 Tomcat 6.0.0 to 6.0.27 Tomcat 7.0.0\n\n Tomcat 3.x, 4.x, and 5.0.x may also be affected.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( isnull( port = get_app_port( cpe:CPE ) ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_location( cpe:CPE, port:port, exit_no_version:TRUE ) )\n exit( 0 );\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif( version_in_range( version:vers, test_version:\"5.5.0\", test_version2:\"5.5.29\" ) ||\n version_in_range( version:vers, test_version:\"6.0.0\", test_version2:\"6.0.27\" ) ||\n version_is_equal( version:vers, test_version:\"7.0.0\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"5.5.30/6.0.28/7.0.1\", install_path:path );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2018-01-02T10:54:51", "description": "Check for the Version of tomcat6", "cvss3": {}, "published": "2010-11-16T00:00:00", "type": "openvas", "title": "Fedora Update for tomcat6 FEDORA-2010-16270", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2227"], "modified": "2017-12-22T00:00:00", "id": "OPENVAS:1361412562310862502", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862502", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tomcat6 FEDORA-2010-16270\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Tomcat is the servlet container that is used in the official Reference\n Implementation for the Java Servlet and JavaServer Pages technologies.\n The Java Servlet and JavaServer Pages specifications are developed by\n Sun under the Java Community Process.\n\n Tomcat is developed in an open and participatory environment and\n released under the Apache Software License version 2.0. Tomcat is intended\n to be a collaboration of the best-of-breed developers from around the world.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"tomcat6 on Fedora 13\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050214.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862502\");\n script_version(\"$Revision: 8228 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-22 08:29:52 +0100 (Fri, 22 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-16 14:49:48 +0100 (Tue, 16 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-16270\");\n script_cve_id(\"CVE-2010-2227\");\n script_name(\"Fedora Update for tomcat6 FEDORA-2010-16270\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tomcat6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.26~11.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-25T10:55:23", "description": "Check for the Version of tomcat6", "cvss3": {}, "published": "2010-12-02T00:00:00", "type": "openvas", "title": "Fedora Update for tomcat6 FEDORA-2010-16528", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2227"], "modified": "2018-01-24T00:00:00", "id": "OPENVAS:1361412562310862627", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862627", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tomcat6 FEDORA-2010-16528\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Tomcat is the servlet container that is used in the official Reference\n Implementation for the Java Servlet and JavaServer Pages technologies.\n The Java Servlet and JavaServer Pages specifications are developed by\n Sun under the Java Community Process.\n\n Tomcat is developed in an open and participatory environment and\n released under the Apache Software License version 2.0. Tomcat is intended\n to be a collaboration of the best-of-breed developers from around the world.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"tomcat6 on Fedora 14\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050840.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862627\");\n script_version(\"$Revision: 8510 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-24 08:57:42 +0100 (Wed, 24 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-02 08:39:14 +0100 (Thu, 02 Dec 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-16528\");\n script_cve_id(\"CVE-2010-2227\");\n script_name(\"Fedora Update for tomcat6 FEDORA-2010-16528\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tomcat6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.26~14.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:37:53", "description": "This host is running Apache Tomcat and is prone to security bypass\n vulnerability.", "cvss3": {}, "published": "2013-11-27T00:00:00", "type": "openvas", "title": "Apache Tomcat SecurityManager Security Bypass Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-3718"], "modified": "2019-05-10T00:00:00", "id": "OPENVAS:1361412562310803781", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803781", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apache Tomcat SecurityManager Security Bypass Vulnerability\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:tomcat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.803781\");\n script_version(\"2019-05-10T11:41:35+0000\");\n script_cve_id(\"CVE-2010-3718\");\n script_bugtraq_id(46177);\n script_tag(name:\"cvss_base\", value:\"1.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:H/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-05-10 11:41:35 +0000 (Fri, 10 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2013-11-27 15:51:40 +0530 (Wed, 27 Nov 2013)\");\n script_name(\"Apache Tomcat SecurityManager Security Bypass Vulnerability\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_apache_tomcat_consolidation.nasl\");\n script_mandatory_keys(\"apache/tomcat/detected\");\n\n script_xref(name:\"URL\", value:\"http://xforce.iss.net/xforce/xfdb/65159\");\n script_xref(name:\"URL\", value:\"http://www.securitytracker.com/id?1025025\");\n\n script_tag(name:\"summary\", value:\"This host is running Apache Tomcat and is prone to security bypass\n vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"solution\", value:\"Upgrade Apache Tomcat version to 5.5.30, 6.0.30, 7.0.4 or later.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to the ServletContect attribute being improperly restricted\n to read-only setting.\");\n\n script_tag(name:\"affected\", value:\"Apache Tomcat version 5.5.x before 5.5.30\n Apache Tomcat version 6.0.x before 6.0.30\n Apache Tomcat version 7.0.x before 7.0.4\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to bypass certain\n authentication and obtain sensitive information.\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( isnull( port = get_app_port( cpe:CPE ) ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_location( cpe:CPE, port:port, exit_no_version:TRUE ) )\n exit( 0 );\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif( version_in_range( version:vers, test_version:\"7.0.0\", test_version2:\"7.0.3\" ) ||\n version_in_range( version:vers, test_version:\"5.5.0\", test_version2:\"5.5.29\" ) ||\n version_in_range( version:vers, test_version:\"6.0.0\", test_version2:\"6.0.29\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"5.5.30/6.0.30/7.0.4\", install_path:path );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 1.2, "vector": "AV:L/AC:H/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2017-07-02T21:10:02", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2010-05-04T00:00:00", "type": "openvas", "title": "FreeBSD Ports: tomcat", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1157"], "modified": "2017-02-10T00:00:00", "id": "OPENVAS:67355", "href": "http://plugins.openvas.org/nasl.php?oid=67355", "sourceData": "#\n#VID 3383e706-4fc3-11df-83fb-0015587e2cc1\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 3383e706-4fc3-11df-83fb-0015587e2cc1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: tomcat\n\nCVE-2010-1157\nApache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might\nallow remote attackers to discover the server's hostname or IP address\nby sending a request for a resource that requires (1) BASIC or (2)\nDIGEST authentication, and then reading the realm field in the\nWWW-Authenticate header in the reply.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://seclists.org/bugtraq/2010/Apr/200\nhttp://www.vuxml.org/freebsd/3383e706-4fc3-11df-83fb-0015587e2cc1.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(67355);\n script_version(\"$Revision: 5263 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-10 14:45:51 +0100 (Fri, 10 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-04 05:52:15 +0200 (Tue, 04 May 2010)\");\n script_cve_id(\"CVE-2010-1157\");\n script_tag(name:\"cvss_base\", value:\"2.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:N/A:N\");\n script_name(\"FreeBSD Ports: tomcat\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"tomcat\");\nif(!isnull(bver) && revcomp(a:bver, b:\"5.5.0\")>0 && revcomp(a:bver, b:\"5.5.28\")<=0) {\n txt += 'Package tomcat version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"6.0.0\")>0 && revcomp(a:bver, b:\"6.0.24\")<=0) {\n txt += 'Package tomcat version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-05-29T18:40:12", "description": "This host is running Apache Tomcat server and is prone to security\n bypass vulnerability.", "cvss3": {}, "published": "2010-04-29T00:00:00", "type": "openvas", "title": "Apache Tomcat Security bypass vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1157"], "modified": "2019-05-10T00:00:00", "id": "OPENVAS:1361412562310901114", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310901114", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apache Tomcat Security bypass vulnerability\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2010 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:tomcat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.901114\");\n script_version(\"2019-05-10T11:41:35+0000\");\n script_tag(name:\"last_modification\", value:\"2019-05-10 11:41:35 +0000 (Fri, 10 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2010-04-29 10:04:32 +0200 (Thu, 29 Apr 2010)\");\n script_tag(name:\"cvss_base\", value:\"2.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:N/A:N\");\n script_cve_id(\"CVE-2010-1157\");\n script_bugtraq_id(39635);\n script_name(\"Apache Tomcat Security bypass vulnerability\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 SecPod\");\n script_family(\"Web Servers\");\n script_dependencies(\"gb_apache_tomcat_consolidation.nasl\");\n script_mandatory_keys(\"apache/tomcat/detected\");\n\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-5.html\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-6.html\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/archive/1/510879\");\n\n script_tag(name:\"impact\", value:\"Remote attackers can exploit this issue to obtain the host name or IP address\n of the Tomcat server. Information harvested may aid in further attacks.\");\n\n script_tag(name:\"affected\", value:\"Apache Tomcat version 5.5.0 to 5.5.29\n Apache Tomcat version 6.0.0 to 6.0.26.\");\n\n script_tag(name:\"insight\", value:\"The flaw is caused by 'realm name' in the 'WWW-Authenticate' HTTP header for\n 'BASIC' and 'DIGEST' authentication that might allow remote attackers to\n discover the server's hostname or IP address by sending a request for a resource.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the latest version of Apache Tomcat 5.5.30 or 6.0.27 or later.\");\n script_tag(name:\"summary\", value:\"This host is running Apache Tomcat server and is prone to security\n bypass vulnerability.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( isnull( port = get_app_port( cpe:CPE ) ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_location( cpe:CPE, port:port, exit_no_version:TRUE ) )\n exit( 0 );\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif( version_in_range( version:vers, test_version:\"5.5.0\", test_version2:\"5.5.29\" ) ||\n version_in_range( version:vers, test_version:\"6.0.0\", test_version2:\"6.0.26\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"5.5.30/6.0.27\", install_path:path );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2018-01-17T11:05:54", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2010-05-04T00:00:00", "type": "openvas", "title": "FreeBSD Ports: tomcat", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1157"], "modified": "2018-01-16T00:00:00", "id": "OPENVAS:136141256231067355", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231067355", "sourceData": "#\n#VID 3383e706-4fc3-11df-83fb-0015587e2cc1\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 3383e706-4fc3-11df-83fb-0015587e2cc1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: tomcat\n\nCVE-2010-1157\nApache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might\nallow remote attackers to discover the server's hostname or IP address\nby sending a request for a resource that requires (1) BASIC or (2)\nDIGEST authentication, and then reading the realm field in the\nWWW-Authenticate header in the reply.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://seclists.org/bugtraq/2010/Apr/200\nhttp://www.vuxml.org/freebsd/3383e706-4fc3-11df-83fb-0015587e2cc1.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.67355\");\n script_version(\"$Revision: 8438 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-16 18:38:23 +0100 (Tue, 16 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-04 05:52:15 +0200 (Tue, 04 May 2010)\");\n script_cve_id(\"CVE-2010-1157\");\n script_tag(name:\"cvss_base\", value:\"2.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:N/A:N\");\n script_name(\"FreeBSD Ports: tomcat\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"tomcat\");\nif(!isnull(bver) && revcomp(a:bver, b:\"5.5.0\")>0 && revcomp(a:bver, b:\"5.5.28\")<=0) {\n txt += 'Package tomcat version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"6.0.0\")>0 && revcomp(a:bver, b:\"6.0.24\")<=0) {\n txt += 'Package tomcat version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-05-29T18:40:10", "description": "Apache Tomcat is prone to a remote information-disclosure\n vulnerability.", "cvss3": {}, "published": "2010-04-23T00:00:00", "type": "openvas", "title": "Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1157"], "modified": "2019-05-10T00:00:00", "id": "OPENVAS:1361412562310100598", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310100598", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:tomcat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.100598\");\n script_version(\"2019-05-10T11:41:35+0000\");\n script_tag(name:\"last_modification\", value:\"2019-05-10 11:41:35 +0000 (Fri, 10 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2010-04-23 13:12:25 +0200 (Fri, 23 Apr 2010)\");\n script_tag(name:\"cvss_base\", value:\"2.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:N/A:N\");\n script_bugtraq_id(39635);\n script_cve_id(\"CVE-2010-1157\");\n script_name(\"Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web Servers\");\n script_copyright(\"This script is Copyright (C) 2010 Greenbone Networks GmbH\");\n script_dependencies(\"gb_apache_tomcat_consolidation.nasl\");\n script_mandatory_keys(\"apache/tomcat/detected\");\n\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/39635\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-5.html\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-6.html\");\n\n script_xref(name:\"URL\", value:\"http://svn.apache.org/viewvc?view=revision&revision=936540\");\n script_xref(name:\"URL\", value:\"http://svn.apache.org/viewvc?view=revision&revision=936541\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/archive/1/510879\");\n\n script_tag(name:\"solution\", value:\"Updates are available. Please see the references for more information.\");\n\n script_tag(name:\"summary\", value:\"Apache Tomcat is prone to a remote information-disclosure\n vulnerability.\");\n\n script_tag(name:\"impact\", value:\"Remote attackers can exploit this issue to obtain the host name or IP\n address of the Tomcat server. Information harvested may lead to further attacks.\");\n\n script_tag(name:\"affected\", value:\"Tomcat 5.5.0 through 5.5.29 Tomcat 6.0.0 through 6.0.26\n\n Tomcat 3.x, 4.0.x, and 5.0.x may also be affected.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( isnull( port = get_app_port( cpe:CPE ) ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_location( cpe:CPE, port:port, exit_no_version:TRUE ) )\n exit( 0 );\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif( version_in_range( version:vers, test_version:\"5.5.0\", test_version2:\"5.5.29\" ) ||\n version_in_range( version:vers, test_version:\"6.0.0\", test_version2:\"6.0.26\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"5.5.30/6.0.27\", install_path:path );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2017-07-24T12:55:35", "description": "Check for the Version of Apache Running Tomcat Servlet Engine", "cvss3": {}, "published": "2011-01-04T00:00:00", "type": "openvas", "title": "HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0033", "CVE-2009-0580", "CVE-2009-0781", "CVE-2008-5515", "CVE-2010-1157", "CVE-2010-2227", "CVE-2009-0783"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:835243", "href": "http://plugins.openvas.org/nasl.php?oid=835243", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Remote information disclosure\";\ntag_affected = \"Apache Running Tomcat Servlet Engine on\n HP-UX B.11.23, B.11.31 running HP-UX Apache Web Server Suite v3.12 or \n earlier\";\ntag_insight = \"Potential security vulnerabilities have been identified with HP-UX Apache \n Running Tomcat Servlet Engine. These vulnerabilities could be exploited \n remotely to disclose information, allows unauthorized modification, or \n create a Denial of Service (DoS). The Tomcat-based Servlet Engine is \n contained in the HP-UX Apache Web Server Suite.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02515878\");\n script_id(835243);\n script_version(\"$Revision: 6582 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 16:11:56 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-01-04 15:48:51 +0100 (Tue, 04 Jan 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_xref(name: \"HPSBUX\", value: \"02579\");\n script_cve_id(\"CVE-2010-2227\", \"CVE-2010-1157\", \"CVE-2009-0783\", \"CVE-2009-0781\", \"CVE-2009-0580\", \"CVE-2009-0033\", \"CVE-2008-5515\");\n script_name(\"HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579\");\n\n script_summary(\"Check for the Version of Apache Running Tomcat Servlet Engine\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.31\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxws22TOMCAT.TOMCAT\", revision:\"B.5.5.30.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxws22TOMCAT.TOMCAT\", revision:\"B.5.5.30.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:40", "description": "The remote host is missing an update for the Apache Running Tomcat Servlet Engine package(s) announced via the referenced advisory.", "cvss3": {}, "published": "2011-01-04T00:00:00", "type": "openvas", "title": "HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0033", "CVE-2009-0580", "CVE-2009-0781", "CVE-2008-5515", "CVE-2010-1157", "CVE-2010-2227", "CVE-2009-0783"], "modified": "2018-10-04T00:00:00", "id": "OPENVAS:1361412562310835243", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310835243", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_hp_ux_HPSBUX02579.nasl 11739 2018-10-04 07:49:31Z cfischer $\n#\n# HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02515878\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.835243\");\n script_version(\"$Revision: 11739 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-04 09:49:31 +0200 (Thu, 04 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-01-04 15:48:51 +0100 (Tue, 04 Jan 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_xref(name:\"HPSBUX\", value:\"02579\");\n script_cve_id(\"CVE-2010-2227\", \"CVE-2010-1157\", \"CVE-2009-0783\", \"CVE-2009-0781\", \"CVE-2009-0580\", \"CVE-2009-0033\", \"CVE-2008-5515\");\n script_name(\"HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Apache Running Tomcat Servlet Engine package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/hp_pkgrev\", re:\"ssh/login/release=HPUX(11\\.31|11\\.23)\");\n\n script_tag(name:\"impact\", value:\"Remote information disclosure\");\n\n script_tag(name:\"affected\", value:\"Apache Running Tomcat Servlet Engine on HP-UX B.11.23, B.11.31 running HP-UX Apache Web Server Suite v3.12 or\n earlier\");\n\n script_tag(name:\"insight\", value:\"Potential security vulnerabilities have been identified with HP-UX Apache\n Running Tomcat Servlet Engine. These vulnerabilities could be exploited\n remotely to disclose information, allows unauthorized modification, or\n create a Denial of Service (DoS). The Tomcat-based Servlet Engine is\n contained in the HP-UX Apache Web Server Suite.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = hpux_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"HPUX11.31\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxws22TOMCAT.TOMCAT\", revision:\"B.5.5.30.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxws22TOMCAT.TOMCAT\", revision:\"B.5.5.30.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2019-05-29T18:40:00", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-02-22T00:00:00", "type": "openvas", "title": "Mandriva Update for tomcat5 MDVSA-2011:030 (tomcat5)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0013", "CVE-2010-3718"], "modified": "2018-11-16T00:00:00", "id": "OPENVAS:1361412562310831333", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831333", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for tomcat5 MDVSA-2011:030 (tomcat5)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.mandriva.com/security-announce/2011-02/msg00012.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831333\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-02-22 06:09:45 +0100 (Tue, 22 Feb 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name:\"MDVSA\", value:\"2011:030\");\n script_cve_id(\"CVE-2010-3718\", \"CVE-2011-0013\");\n script_name(\"Mandriva Update for tomcat5 MDVSA-2011:030 (tomcat5)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat5'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_(mes5|2010\\.1|2010\\.0|2009\\.0)\");\n script_tag(name:\"affected\", value:\"tomcat5 on Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64,\n Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities has been found and corrected in tomcat5:\n\n When running under a SecurityManager, access to the file system is\n limited but web applications are granted read/write permissions to\n the work directory. This directory is used for a variety of temporary\n files such as the intermediate files generated when compiling JSPs\n to Servlets. The location of the work directory is specified by\n a ServletContect attribute that is meant to be read-only to web\n applications. However, due to a coding error, the read-only setting\n was not applied. Therefore, a malicious web application may modify\n the attribute before Tomcat applies the file permissions. This can be\n used to grant read/write permissions to any area on the file system\n which a malicious web application may then take advantage of. This\n vulnerability is only applicable when hosting web applications from\n untrusted sources such as shared hosting environments (CVE-2010-3718).\n\n The HTML Manager interface displayed web applciation provided data,\n such as display names, without filtering. A malicious web application\n could trigger script execution by an administartive user when viewing\n the manager pages (CVE-2011-0013).\n\n Packages for 2009.0 are provided as of the Extended Maintenance\n Program. The updated packages have been patched to correct these issues.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://store.mandriva.com/product_info.php?cPath=149&amp;products_id=490\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.27~0.3.0.4mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.27~0.3.0.4mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.27~0.3.0.4mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.27~0.3.0.4mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-eclipse\", rpm:\"tomcat5-jasper-eclipse~5.5.27~0.3.0.4mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.27~0.3.0.4mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.27~0.3.0.4mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.27~0.3.0.4mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.27~0.3.0.4mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.27~0.3.0.4mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.27~0.3.0.4mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.27~0.3.0.4mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.28~0.5.0.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.28~0.5.0.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.28~0.5.0.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.28~0.5.0.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-eclipse\", rpm:\"tomcat5-jasper-eclipse~5.5.28~0.5.0.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.28~0.5.0.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.28~0.5.0.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.28~0.5.0.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.28~0.5.0.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.28~0.5.0.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.28~0.5.0.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.28~0.5.0.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.27~0.5.0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.27~0.5.0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.27~0.5.0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.27~0.5.0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-eclipse\", rpm:\"tomcat5-jasper-eclipse~5.5.27~0.5.0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.27~0.5.0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.27~0.5.0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.27~0.5.0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.27~0.5.0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.27~0.5.0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.27~0.5.0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.27~0.5.0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.27~0.3.0.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.27~0.3.0.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.27~0.3.0.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.27~0.3.0.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-eclipse\", rpm:\"tomcat5-jasper-eclipse~5.5.27~0.3.0.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.27~0.3.0.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.27~0.3.0.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.27~0.3.0.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.27~0.3.0.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.27~0.3.0.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.27~0.3.0.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.27~0.3.0.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2017-07-24T12:55:33", "description": "Check for the Version of tomcat5", "cvss3": {}, "published": "2011-02-22T00:00:00", "type": "openvas", "title": "Mandriva Update for tomcat5 MDVSA-2011:030 (tomcat5)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0013", "CVE-2010-3718"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:831333", "href": "http://plugins.openvas.org/nasl.php?oid=831333", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for tomcat5 MDVSA-2011:030 (tomcat5)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been found and corrected in tomcat5:\n\n When running under a SecurityManager, access to the file system is\n limited but web applications are granted read/write permissions to\n the work directory. This directory is used for a variety of temporary\n files such as the intermediate files generated when compiling JSPs\n to Servlets. The location of the work directory is specified by\n a ServletContect attribute that is meant to be read-only to web\n applications. However, due to a coding error, the read-only setting\n was not applied. Therefore, a malicious web application may modify\n the attribute before Tomcat applies the file permissions. This can be\n used to grant read/write permissions to any area on the file system\n which a malicious web application may then take advantage of. This\n vulnerability is only applicable when hosting web applications from\n untrusted sources such as shared hosting environments (CVE-2010-3718).\n \n The HTML Manager interface displayed web applciation provided data,\n such as display names, without filtering. A malicious web application\n could trigger script execution by an administartive user when viewing\n the manager pages (CVE-2011-0013).\n \n Packages for 2009.0 are provided as of the Extended Maintenance\n Program. Please visit this link to learn more:\n http://store.mandriva.com/product_info.php?cPath=149&amp;products_id=490\n \n The updated packages have been patched to correct these issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"tomcat5 on Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64,\n Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2011-02/msg00012.php\");\n script_id(831333);\n script_version(\"$Revision: 6570 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:06:35 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-02-22 06:09:45 +0100 (Tue, 22 Feb 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"MDVSA\", value: \"2011:030\");\n script_cve_id(\"CVE-2010-3718\", \"CVE-2011-0013\");\n script_name(\"Mandriva Update for tomcat5 MDVSA-2011:030 (tomcat5)\");\n\n script_summary(\"Check for the Version of tomcat5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.27~0.3.0.4mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.27~0.3.0.4mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.27~0.3.0.4mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.27~0.3.0.4mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-eclipse\", rpm:\"tomcat5-jasper-eclipse~5.5.27~0.3.0.4mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.27~0.3.0.4mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.27~0.3.0.4mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.27~0.3.0.4mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.27~0.3.0.4mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.27~0.3.0.4mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.27~0.3.0.4mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.27~0.3.0.4mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.28~0.5.0.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.28~0.5.0.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.28~0.5.0.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.28~0.5.0.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-eclipse\", rpm:\"tomcat5-jasper-eclipse~5.5.28~0.5.0.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.28~0.5.0.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.28~0.5.0.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.28~0.5.0.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.28~0.5.0.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.28~0.5.0.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.28~0.5.0.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.28~0.5.0.2mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.27~0.5.0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.27~0.5.0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.27~0.5.0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.27~0.5.0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-eclipse\", rpm:\"tomcat5-jasper-eclipse~5.5.27~0.5.0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.27~0.5.0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.27~0.5.0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.27~0.5.0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.27~0.5.0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.27~0.5.0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.27~0.5.0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.27~0.5.0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.27~0.3.0.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.27~0.3.0.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.27~0.3.0.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.27~0.3.0.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-eclipse\", rpm:\"tomcat5-jasper-eclipse~5.5.27~0.3.0.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.27~0.3.0.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.27~0.3.0.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.27~0.3.0.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.27~0.3.0.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.27~0.3.0.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.27~0.3.0.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.27~0.3.0.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-24T12:55:37", "description": "The remote host is missing an update to tomcat5.5\nannounced via advisory DSA 2207-1.", "cvss3": {}, "published": "2011-05-12T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2207-1 (tomcat5.5)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0033", "CVE-2009-2693", "CVE-2009-0580", "CVE-2009-0781", "CVE-2008-5515", "CVE-2010-1157", "CVE-2010-2227", "CVE-2009-0783", "CVE-2009-2902"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:69417", "href": "http://plugins.openvas.org/nasl.php?oid=69417", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2207_1.nasl 6613 2017-07-07 12:08:40Z cfischer $\n# Description: Auto-generated from advisory DSA 2207-1 (tomcat5.5)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Various vulnerabilities have been discovered in the Tomcat Servlet and\nJSP engine, resulting in denial of service, cross-site scripting,\ninformation disclosure and WAR file traversal. Further details on the\nindividual security issues can be found at\nhttp://tomcat.apache.org/security-5.html.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 5.5.26-5lenny2.\n\nThe stable distribution (squeeze) no longer contains tomcat5.5. tomcat6\nis already fixed.\n\nThe unstable distribution (sid) no longer contains tomcat5.5. tomcat6\nis already fixed.\n\nWe recommend that you upgrade your tomcat5.5 packages.\";\ntag_summary = \"The remote host is missing an update to tomcat5.5\nannounced via advisory DSA 2207-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202207-1\";\n\n\nif(description)\n{\n script_id(69417);\n script_version(\"$Revision: 6613 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:40 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-12 19:21:50 +0200 (Thu, 12 May 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_cve_id(\"CVE-2008-5515\", \"CVE-2009-0033\", \"CVE-2009-0580\", \"CVE-2009-0781\", \"CVE-2009-0783\", \"CVE-2009-2693\", \"CVE-2009-2902\", \"CVE-2010-1157\", \"CVE-2010-2227\");\n script_name(\"Debian Security Advisory DSA 2207-1 (tomcat5.5)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libtomcat5.5-java\", ver:\"5.5.26-5lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat5.5\", ver:\"5.5.26-5lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat5.5-admin\", ver:\"5.5.26-5lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat5.5-webapps\", ver:\"5.5.26-5lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:39", "description": "The remote host is missing an update to tomcat5.5\nannounced via advisory DSA 2207-1.", "cvss3": {}, "published": "2011-05-12T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2207-1 (tomcat5.5)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0033", "CVE-2009-2693", "CVE-2009-0580", "CVE-2009-0781", "CVE-2008-5515", "CVE-2010-1157", "CVE-2010-2227", "CVE-2009-0783", "CVE-2009-2902"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:136141256231069417", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231069417", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2207_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2207-1 (tomcat5.5)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.69417\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-12 19:21:50 +0200 (Thu, 12 May 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_cve_id(\"CVE-2008-5515\", \"CVE-2009-0033\", \"CVE-2009-0580\", \"CVE-2009-0781\", \"CVE-2009-0783\", \"CVE-2009-2693\", \"CVE-2009-2902\", \"CVE-2010-1157\", \"CVE-2010-2227\");\n script_name(\"Debian Security Advisory DSA 2207-1 (tomcat5.5)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB5\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202207-1\");\n script_tag(name:\"insight\", value:\"Various vulnerabilities have been discovered in the Tomcat Servlet and\nJSP engine, resulting in denial of service, cross-site scripting,\ninformation disclosure and WAR file traversal.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 5.5.26-5lenny2.\n\nThe stable distribution (squeeze) no longer contains tomcat5.5. tomcat6\nis already fixed.\n\nThe unstable distribution (sid) no longer contains tomcat5.5. tomcat6\nis already fixed.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your tomcat5.5 packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to tomcat5.5\nannounced via advisory DSA 2207-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libtomcat5.5-java\", ver:\"5.5.26-5lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat5.5\", ver:\"5.5.26-5lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat5.5-admin\", ver:\"5.5.26-5lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat5.5-webapps\", ver:\"5.5.26-5lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2017-12-15T11:57:50", "description": "Check for the Version of tomcat6", "cvss3": {}, "published": "2010-11-16T00:00:00", "type": "openvas", "title": "Fedora Update for tomcat6 FEDORA-2010-16248", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0033", "CVE-2009-0580", "CVE-2010-2227"], "modified": "2017-12-15T00:00:00", "id": "OPENVAS:862500", "href": "http://plugins.openvas.org/nasl.php?oid=862500", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tomcat6 FEDORA-2010-16248\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Tomcat is the servlet container that is used in the official Reference\n Implementation for the Java Servlet and JavaServer Pages technologies.\n The Java Servlet and JavaServer Pages specifications are developed by\n Sun under the Java Community Process.\n\n Tomcat is developed in an open and participatory environment and\n released under the Apache Software License version 2.0. Tomcat is intended\n to be a collaboration of the best-of-breed developers from around the world.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"tomcat6 on Fedora 12\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050207.html\");\n script_id(862500);\n script_version(\"$Revision: 8130 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-15 07:31:09 +0100 (Fri, 15 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-16 14:49:48 +0100 (Tue, 16 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-16248\");\n script_cve_id(\"CVE-2009-0033\", \"CVE-2009-0580\", \"CVE-2010-2227\");\n script_name(\"Fedora Update for tomcat6 FEDORA-2010-16248\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tomcat6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.26~3.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-03T10:54:26", "description": "Check for the Version of tomcat6", "cvss3": {}, "published": "2010-11-16T00:00:00", "type": "openvas", "title": "Fedora Update for tomcat6 FEDORA-2010-16248", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0033", "CVE-2009-0580", "CVE-2010-2227"], "modified": "2018-01-02T00:00:00", "id": "OPENVAS:1361412562310862500", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862500", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tomcat6 FEDORA-2010-16248\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Tomcat is the servlet container that is used in the official Reference\n Implementation for the Java Servlet and JavaServer Pages technologies.\n The Java Servlet and JavaServer Pages specifications are developed by\n Sun under the Java Community Process.\n\n Tomcat is developed in an open and participatory environment and\n released under the Apache Software License version 2.0. Tomcat is intended\n to be a collaboration of the best-of-breed developers from around the world.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"tomcat6 on Fedora 12\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050207.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862500\");\n script_version(\"$Revision: 8269 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-02 08:28:22 +0100 (Tue, 02 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-16 14:49:48 +0100 (Tue, 16 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-16248\");\n script_cve_id(\"CVE-2009-0033\", \"CVE-2009-0580\", \"CVE-2010-2227\");\n script_name(\"Fedora Update for tomcat6 FEDORA-2010-16248\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tomcat6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.26~3.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:54", "description": "The remote host is missing an update to tomcat6\nannounced via advisory DSA 2160-1.", "cvss3": {}, "published": "2011-03-07T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2160-1 (tomcat6)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0013", "CVE-2011-0534", "CVE-2010-3718"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:136141256231068994", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231068994", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2160_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2160-1 (tomcat6)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.68994\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-03-07 16:04:02 +0100 (Mon, 07 Mar 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2010-3718\", \"CVE-2011-0013\", \"CVE-2011-0534\");\n script_name(\"Debian Security Advisory DSA 2160-1 (tomcat6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB6\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202160-1\");\n script_tag(name:\"insight\", value:\"Several vulnerabilities were discovered in the Tomcat Servlet and JSP\nengine:\n\nCVE-2010-3718\n\nIt was discovered that the SecurityManager insufficiently\nrestricted the working directory.\n\nCVE-2011-0013\n\nIt was discovered that the HTML manager interface is affected\nby cross-site scripting.\n\nCVE-2011-0534\n\nIt was discovered that NIO connector performs insufficient\nvalidation of the HTTP headers, which could lead to denial\nof service.\n\nThe oldstable distribution (lenny) is not affected by these issues.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 6.0.28-9+squeeze1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 6.0.28-10.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your tomcat6 packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to tomcat6\nannounced via advisory DSA 2160-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"5-java\", ver:\"6.0.28-9+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"5-java-doc\", ver:\"6.0.28-9+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.28-9+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat6\", ver:\"6.0.28-9+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat6-admin\", ver:\"6.0.28-9+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat6-common\", ver:\"6.0.28-9+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat6-docs\", ver:\"6.0.28-9+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat6-examples\", ver:\"6.0.28-9+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat6-user\", ver:\"6.0.28-9+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2018-01-06T13:07:27", "description": "Check for the Version of tomcat6", "cvss3": {}, "published": "2012-06-06T00:00:00", "type": "openvas", "title": "RedHat Update for tomcat6 RHSA-2011:0791-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4172", "CVE-2011-0013", "CVE-2010-3718"], "modified": "2018-01-04T00:00:00", "id": "OPENVAS:870626", "href": "http://plugins.openvas.org/nasl.php?oid=870626", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for tomcat6 RHSA-2011:0791-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Apache Tomcat is a servlet container for the Java Servlet and JavaServer\n Pages (JSP) technologies.\n\n It was found that web applications could modify the location of the Tomcat\n host's work directory. As web applications deployed on Tomcat have read and\n write access to this directory, a malicious web application could use this\n flaw to trick Tomcat into giving it read and write access to an arbitrary\n directory on the file system. (CVE-2010-3718)\n\n A cross-site scripting (XSS) flaw was found in the Manager application,\n used for managing web applications on Tomcat. If a remote attacker could\n trick a user who is logged into the Manager application into visiting a\n specially-crafted URL, the attacker could perform Manager application tasks\n with the privileges of the logged in user. (CVE-2010-4172)\n\n A second cross-site scripting (XSS) flaw was found in the Manager\n application. A malicious web application could use this flaw to conduct an\n XSS attack, leading to arbitrary web script execution with the privileges\n of victims who are logged into and viewing Manager application web pages.\n (CVE-2011-0013)\n\n This update also fixes the following bugs:\n\n * A bug in the "tomcat6" init script prevented additional Tomcat instances\n from starting. As well, running "service tomcat6 start" caused\n configuration options applied from "/etc/sysconfig/tomcat6" to be\n overwritten with those from "/etc/tomcat6/tomcat6.conf". With this update,\n multiple instances of Tomcat run as expected. (BZ#636997)\n\n * The "/usr/share/java/" directory was missing a symbolic link to the\n "/usr/share/tomcat6/bin/tomcat-juli.jar" library. Because this library was\n mandatory for certain operations (such as running the Jasper JSP\n precompiler), the "build-jar-repository" command was unable to compose a\n valid classpath. With this update, the missing symbolic link has been\n added. (BZ#661244)\n\n * Previously, the "tomcat6" init script failed to start Tomcat with a "This\n account is currently not available." message when Tomcat was configured to\n run under a user that did not have a valid shell configured as a login\n shell. This update modifies the init script to work correctly regardless of\n the daemon user's login shell. Additionally, these new tomcat6 packages now\n set "/sbin/nologin" as the login shell for the "tomcat" user upon\n installation, as recommended by deployment best practices. (BZ#678671 ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"tomcat6 on Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2011-May/msg00026.html\");\n script_id(870626);\n script_version(\"$Revision: 8285 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-04 07:29:16 +0100 (Thu, 04 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-06 10:35:19 +0530 (Wed, 06 Jun 2012)\");\n script_cve_id(\"CVE-2010-3718\", \"CVE-2010-4172\", \"CVE-2011-0013\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"RHSA\", value: \"2011:0791-01\");\n script_name(\"RedHat Update for tomcat6 RHSA-2011:0791-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tomcat6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.24~33.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-el-2.1-api\", rpm:\"tomcat6-el-2.1-api~6.0.24~33.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-jsp-2.1-api\", rpm:\"tomcat6-jsp-2.1-api~6.0.24~33.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-lib\", rpm:\"tomcat6-lib~6.0.24~33.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-servlet-2.5-api\", rpm:\"tomcat6-servlet-2.5-api~6.0.24~33.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-24T12:55:48", "description": "The remote host is missing an update to tomcat6\nannounced via advisory DSA 2160-1.", "cvss3": {}, "published": "2011-03-07T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2160-1 (tomcat6)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0013", "CVE-2011-0534", "CVE-2010-3718"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:68994", "href": "http://plugins.openvas.org/nasl.php?oid=68994", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2160_1.nasl 6613 2017-07-07 12:08:40Z cfischer $\n# Description: Auto-generated from advisory DSA 2160-1 (tomcat6)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities were discovered in the Tomcat Servlet and JSP\nengine:\n\nCVE-2010-3718\n\nIt was discovered that the SecurityManager insufficiently\nrestricted the working directory.\n\nCVE-2011-0013\n\nIt was discovered that the HTML manager interface is affected\nby cross-site scripting.\n\nCVE-2011-0534\n\nIt was discovered that NIO connector performs insufficient\nvalidation of the HTTP headers, which could lead to denial\nof service.\n\nThe oldstable distribution (lenny) is not affected by these issues.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 6.0.28-9+squeeze1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 6.0.28-10.\n\nWe recommend that you upgrade your tomcat6 packages.\";\ntag_summary = \"The remote host is missing an update to tomcat6\nannounced via advisory DSA 2160-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202160-1\";\n\n\nif(description)\n{\n script_id(68994);\n script_version(\"$Revision: 6613 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:40 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-03-07 16:04:02 +0100 (Mon, 07 Mar 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2010-3718\", \"CVE-2011-0013\", \"CVE-2011-0534\");\n script_name(\"Debian Security Advisory DSA 2160-1 (tomcat6)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"5-java\", ver:\"6.0.28-9+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"5-java-doc\", ver:\"6.0.28-9+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.28-9+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat6\", ver:\"6.0.28-9+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat6-admin\", ver:\"6.0.28-9+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat6-common\", ver:\"6.0.28-9+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat6-docs\", ver:\"6.0.28-9+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat6-examples\", ver:\"6.0.28-9+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat6-user\", ver:\"6.0.28-9+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:50", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-06-06T00:00:00", "type": "openvas", "title": "RedHat Update for tomcat6 RHSA-2011:0791-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4172", "CVE-2011-0013", "CVE-2010-3718"], "modified": "2019-03-12T00:00:00", "id": "OPENVAS:1361412562310870626", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870626", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for tomcat6 RHSA-2011:0791-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2011-May/msg00026.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870626\");\n script_version(\"$Revision: 14114 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-12 12:48:52 +0100 (Tue, 12 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-06 10:35:19 +0530 (Wed, 06 Jun 2012)\");\n script_cve_id(\"CVE-2010-3718\", \"CVE-2010-4172\", \"CVE-2011-0013\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name:\"RHSA\", value:\"2011:0791-01\");\n script_name(\"RedHat Update for tomcat6 RHSA-2011:0791-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat6'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n script_tag(name:\"affected\", value:\"tomcat6 on Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Apache Tomcat is a servlet container for the Java Servlet and JavaServer\n Pages (JSP) technologies.\n\n It was found that web applications could modify the location of the Tomcat\n host's work directory. As web applications deployed on Tomcat have read and\n write access to this directory, a malicious web application could use this\n flaw to trick Tomcat into giving it read and write access to an arbitrary\n directory on the file system. (CVE-2010-3718)\n\n A cross-site scripting (XSS) flaw was found in the Manager application,\n used for managing web applications on Tomcat. If a remote attacker could\n trick a user who is logged into the Manager application into visiting a\n specially-crafted URL, the attacker could perform Manager application tasks\n with the privileges of the logged in user. (CVE-2010-4172)\n\n A second cross-site scripting (XSS) flaw was found in the Manager\n application. A malicious web application could use this flaw to conduct an\n XSS attack, leading to arbitrary web script execution with the privileges\n of victims who are logged into and viewing Manager application web pages.\n (CVE-2011-0013)\n\n This update also fixes the following bugs:\n\n * A bug in the 'tomcat6' init script prevented additional Tomcat instances\n from starting. As well, running 'service tomcat6 start' caused\n configuration options applied from '/etc/sysconfig/tomcat6' to be\n overwritten with those from '/etc/tomcat6/tomcat6.conf'. With this update,\n multiple instances of Tomcat run as expected. (BZ#636997)\n\n * The '/usr/share/java/' directory was missing a symbolic link to the\n '/usr/share/tomcat6/bin/tomcat-juli.jar' library. Because this library was\n mandatory for certain operations (such as running the Jasper JSP\n precompiler), the 'build-jar-repository' command was unable to compose a\n valid classpath. With this update, the missing symbolic link has been\n added. (BZ#661244)\n\n * Previously, the 'tomcat6' init script failed to start Tomcat with a 'This\n account is currently not available.' message when Tomcat was configured to\n run under a user that did not have a valid shell configured as a login\n shell. This update modifies the init script to work correctly regardless of\n the daemon user's login shell. Additionally, these new tomcat6 packages now\n set '/sbin/nologin' as the login shell for the 'tomcat' user upon\n installation, as recommended by deployment best practices. (BZ#678671 ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.24~33.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-el-2.1-api\", rpm:\"tomcat6-el-2.1-api~6.0.24~33.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-jsp-2.1-api\", rpm:\"tomcat6-jsp-2.1-api~6.0.24~33.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-lib\", rpm:\"tomcat6-lib~6.0.24~33.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-servlet-2.5-api\", rpm:\"tomcat6-servlet-2.5-api~6.0.24~33.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-03-14T19:00:42", "description": "Oracle Linux Local Security Checks ELSA-2011-0791", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2011-0791", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4172", "CVE-2011-0013", "CVE-2010-3718"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310122163", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122163", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122163\");\n script_version(\"2020-03-13T10:06:41+0000\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:14:06 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 10:06:41 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Oracle Linux Local Check: ELSA-2011-0791\");\n script_tag(name:\"insight\", value:\"ELSA-2011-0791 - tomcat6 security and bug fix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2011-0791\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2011-0791.html\");\n script_cve_id(\"CVE-2010-3718\", \"CVE-2010-4172\", \"CVE-2011-0013\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.24~33.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat6-admin-webapps\", rpm:\"tomcat6-admin-webapps~6.0.24~33.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat6-docs-webapp\", rpm:\"tomcat6-docs-webapp~6.0.24~33.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat6-el-2.1-api\", rpm:\"tomcat6-el-2.1-api~6.0.24~33.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat6-javadoc\", rpm:\"tomcat6-javadoc~6.0.24~33.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat6-jsp-2.1-api\", rpm:\"tomcat6-jsp-2.1-api~6.0.24~33.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat6-lib\", rpm:\"tomcat6-lib~6.0.24~33.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat6-servlet-2.5-api\", rpm:\"tomcat6-servlet-2.5-api~6.0.24~33.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat6-webapps\", rpm:\"tomcat6-webapps~6.0.24~33.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2017-12-04T11:27:23", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1097-1", "cvss3": {}, "published": "2011-04-01T00:00:00", "type": "openvas", "title": "Ubuntu Update for tomcat6 vulnerabilities USN-1097-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0013", "CVE-2011-0534", "CVE-2010-3718"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840622", "href": "http://plugins.openvas.org/nasl.php?oid=840622", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1097_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for tomcat6 vulnerabilities USN-1097-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that the Tomcat SecurityManager did not properly restrict\n the working directory. An attacker could use this flaw to read or write\n files outside of the intended working directory. (CVE-2010-3718)\n\n It was discovered that Tomcat did not properly escape certain parameters in\n the Manager application which could result in browsers becoming vulnerable\n to cross-site scripting attacks when processing the output. With cross-site\n scripting vulnerabilities, if a user were tricked into viewing server\n output during a crafted server request, a remote attacker could exploit\n this to modify the contents, or steal confidential data (such as\n passwords), within the same domain. (CVE-2011-0013)\n \n It was discovered that Tomcat incorrectly enforced the maxHttpHeaderSize\n limit in certain configurations. A remote attacker could use this flaw to\n cause Tomcat to consume all available memory, resulting in a denial of\n service. (CVE-2011-0534)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1097-1\";\ntag_affected = \"tomcat6 vulnerabilities on Ubuntu 9.10 ,\n Ubuntu 10.04 LTS ,\n Ubuntu 10.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1097-1/\");\n script_id(840622);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-04-01 15:34:04 +0200 (Fri, 01 Apr 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"USN\", value: \"1097-1\");\n script_cve_id(\"CVE-2010-3718\", \"CVE-2011-0013\", \"CVE-2011-0534\");\n script_name(\"Ubuntu Update for tomcat6 vulnerabilities USN-1097-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libservlet2.5-java-doc\", ver:\"6.0.20-2ubuntu2.4\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libservlet2.5-java\", ver:\"6.0.20-2ubuntu2.4\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.20-2ubuntu2.4\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-admin\", ver:\"6.0.20-2ubuntu2.4\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-common\", ver:\"6.0.20-2ubuntu2.4\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-docs\", ver:\"6.0.20-2ubuntu2.4\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-examples\", ver:\"6.0.20-2ubuntu2.4\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-user\", ver:\"6.0.20-2ubuntu2.4\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6\", ver:\"6.0.20-2ubuntu2.4\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libservlet2.5-java-doc\", ver:\"6.0.28-2ubuntu1.2\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libservlet2.5-java\", ver:\"6.0.28-2ubuntu1.2\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.28-2ubuntu1.2\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-admin\", ver:\"6.0.28-2ubuntu1.2\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-common\", ver:\"6.0.28-2ubuntu1.2\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-docs\", ver:\"6.0.28-2ubuntu1.2\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-examples\", ver:\"6.0.28-2ubuntu1.2\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-user\", ver:\"6.0.28-2ubuntu1.2\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6\", ver:\"6.0.28-2ubuntu1.2\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libservlet2.5-java-doc\", ver:\"6.0.24-2ubuntu1.7\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libservlet2.5-java\", ver:\"6.0.24-2ubuntu1.7\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.24-2ubuntu1.7\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-admin\", ver:\"6.0.24-2ubuntu1.7\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-common\", ver:\"6.0.24-2ubuntu1.7\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-docs\", ver:\"6.0.24-2ubuntu1.7\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-examples\", ver:\"6.0.24-2ubuntu1.7\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-user\", ver:\"6.0.24-2ubuntu1.7\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6\", ver:\"6.0.24-2ubuntu1.7\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:57", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1097-1", "cvss3": {}, "published": "2011-04-01T00:00:00", "type": "openvas", "title": "Ubuntu Update for tomcat6 vulnerabilities USN-1097-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0013", "CVE-2011-0534", "CVE-2010-3718"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840622", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840622", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1097_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for tomcat6 vulnerabilities USN-1097-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1097-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840622\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-04-01 15:34:04 +0200 (Fri, 01 Apr 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"USN\", value:\"1097-1\");\n script_cve_id(\"CVE-2010-3718\", \"CVE-2011-0013\", \"CVE-2011-0534\");\n script_name(\"Ubuntu Update for tomcat6 vulnerabilities USN-1097-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(9\\.10|10\\.10|10\\.04 LTS)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1097-1\");\n script_tag(name:\"affected\", value:\"tomcat6 vulnerabilities on Ubuntu 9.10,\n Ubuntu 10.04 LTS,\n Ubuntu 10.10\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"It was discovered that the Tomcat SecurityManager did not properly restrict\n the working directory. An attacker could use this flaw to read or write\n files outside of the intended working directory. (CVE-2010-3718)\n\n It was discovered that Tomcat did not properly escape certain parameters in\n the Manager application which could result in browsers becoming vulnerable\n to cross-site scripting attacks when processing the output. With cross-site\n scripting vulnerabilities, if a user were tricked into viewing server\n output during a crafted server request, a remote attacker could exploit\n this to modify the contents, or steal confidential data (such as\n passwords), within the same domain. (CVE-2011-0013)\n\n It was discovered that Tomcat incorrectly enforced the maxHttpHeaderSize\n limit in certain configurations. A remote attacker could use this flaw to\n cause Tomcat to consume all available memory, resulting in a denial of\n service. (CVE-2011-0534)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libservlet2.5-java-doc\", ver:\"6.0.20-2ubuntu2.4\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libservlet2.5-java\", ver:\"6.0.20-2ubuntu2.4\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.20-2ubuntu2.4\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-admin\", ver:\"6.0.20-2ubuntu2.4\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-common\", ver:\"6.0.20-2ubuntu2.4\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-docs\", ver:\"6.0.20-2ubuntu2.4\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-examples\", ver:\"6.0.20-2ubuntu2.4\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-user\", ver:\"6.0.20-2ubuntu2.4\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6\", ver:\"6.0.20-2ubuntu2.4\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libservlet2.5-java-doc\", ver:\"6.0.28-2ubuntu1.2\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libservlet2.5-java\", ver:\"6.0.28-2ubuntu1.2\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.28-2ubuntu1.2\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-admin\", ver:\"6.0.28-2ubuntu1.2\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-common\", ver:\"6.0.28-2ubuntu1.2\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-docs\", ver:\"6.0.28-2ubuntu1.2\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-examples\", ver:\"6.0.28-2ubuntu1.2\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-user\", ver:\"6.0.28-2ubuntu1.2\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6\", ver:\"6.0.28-2ubuntu1.2\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libservlet2.5-java-doc\", ver:\"6.0.24-2ubuntu1.7\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libservlet2.5-java\", ver:\"6.0.24-2ubuntu1.7\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.24-2ubuntu1.7\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-admin\", ver:\"6.0.24-2ubuntu1.7\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-common\", ver:\"6.0.24-2ubuntu1.7\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-docs\", ver:\"6.0.24-2ubuntu1.7\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-examples\", ver:\"6.0.24-2ubuntu1.7\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-user\", ver:\"6.0.24-2ubuntu1.7\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6\", ver:\"6.0.24-2ubuntu1.7\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-12-14T11:48:51", "description": "Check for the Version of tomcat5", "cvss3": {}, "published": "2010-09-14T00:00:00", "type": "openvas", "title": "Mandriva Update for tomcat5 MDVSA-2010:176 (tomcat5)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0033", "CVE-2007-5333", "CVE-2009-2693", "CVE-2009-0580", "CVE-2008-5515", "CVE-2010-1157", "CVE-2009-2901", "CVE-2010-2227", "CVE-2009-0783", "CVE-2007-3385", "CVE-2009-2902"], "modified": "2017-12-13T00:00:00", "id": "OPENVAS:831148", "href": "http://plugins.openvas.org/nasl.php?oid=831148", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for tomcat5 MDVSA-2010:176 (tomcat5)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been found and corrected in tomcat5:\n\n Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0\n through 4.1.36 does not properly handle (1) double quote (") characters\n or (2) \\%5C (encoded backslash) sequences in a cookie value, which\n might cause sensitive information such as session IDs to be leaked\n to remote attackers and enable session hijacking attacks. NOTE:\n this issue exists because of an incomplete fix for CVE-2007-3385\n (CVE-2007-5333).\n \n Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through\n 6.0.18, and possibly earlier versions normalizes the target pathname\n before filtering the query string when using the RequestDispatcher\n method, which allows remote attackers to bypass intended access\n restrictions and conduct directory traversal attacks via .. (dot dot)\n sequences and the WEB-INF directory in a Request (CVE-2008-5515).\n \n Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0\n through 6.0.18, when the Java AJP connector and mod_jk load balancing\n are used, allows remote attackers to cause a denial of service\n (application outage) via a crafted request with invalid headers,\n related to temporary blocking of connectors that have encountered\n errors, as demonstrated by an error involving a malformed HTTP Host\n header (CVE-2009-0033).\n \n Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and\n 6.0.0 through 6.0.18, when FORM authentication is used, allows\n remote attackers to enumerate valid usernames via requests to\n /j_security_check with malformed URL encoding of passwords, related to\n improper error checking in the (1) MemoryRealm, (2) DataSourceRealm,\n and (3) JDBCRealm authentication realms, as demonstrated by a \\%\n (percent) value for the j_password parameter (CVE-2009-0580).\n \n Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0\n through 6.0.18 permits web applications to replace an XML parser used\n for other web applications, which allows local users to read or modify\n the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web\n applications via a crafted application that is loaded earlier than\n the target application (CVE-2009-0783).\n \n Directory traversal vulnerability in Apache Tomcat 5.5.0 through\n 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or\n overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file,\n as demonstrated by a ../../bin/catalina.bat entry (CVE-2009-2693).\n \n The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 a ... \n\n Description truncated, for more information please check the Reference URL\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"tomcat5 on Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-09/msg00010.php\");\n script_id(831148);\n script_version(\"$Revision: 8092 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-13 07:31:16 +0100 (Wed, 13 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-09-14 15:35:55 +0200 (Tue, 14 Sep 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_xref(name: \"MDVSA\", value: \"2010:176\");\n script_cve_id(\"CVE-2007-3385\", \"CVE-2007-5333\", \"CVE-2008-5515\", \"CVE-2009-0033\", \"CVE-2009-0580\", \"CVE-2009-0783\", \"CVE-2009-2693\", \"CVE-2009-2901\", \"CVE-2009-2902\", \"CVE-2010-1157\", \"CVE-2010-2227\");\n script_name(\"Mandriva Update for tomcat5 MDVSA-2010:176 (tomcat5)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tomcat5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.23~9.2.10.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.23~9.2.10.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.23~9.2.10.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.23~9.2.10.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.23~9.2.10.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.23~9.2.10.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.23~9.2.10.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.23~9.2.10.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.23~9.2.10.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.23~9.2.10.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.23~9.2.10.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:54:41", "description": "Check for the Version of tomcat5", "cvss3": {}, "published": "2010-09-14T00:00:00", "type": "openvas", "title": "Mandriva Update for tomcat5 MDVSA-2010:176 (tomcat5)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0033", "CVE-2007-5333", "CVE-2009-2693", "CVE-2009-0580", "CVE-2008-5515", "CVE-2010-1157", "CVE-2009-2901", "CVE-2010-2227", "CVE-2009-0783", "CVE-2007-3385", "CVE-2009-2902"], "modified": "2017-12-26T00:00:00", "id": "OPENVAS:1361412562310831148", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831148", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for tomcat5 MDVSA-2010:176 (tomcat5)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been found and corrected in tomcat5:\n\n Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0\n through 4.1.36 does not properly handle (1) double quote (") characters\n or (2) \\%5C (encoded backslash) sequences in a cookie value, which\n might cause sensitive information such as session IDs to be leaked\n to remote attackers and enable session hijacking attacks. NOTE:\n this issue exists because of an incomplete fix for CVE-2007-3385\n (CVE-2007-5333).\n \n Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through\n 6.0.18, and possibly earlier versions normalizes the target pathname\n before filtering the query string when using the RequestDispatcher\n method, which allows remote attackers to bypass intended access\n restrictions and conduct directory traversal attacks via .. (dot dot)\n sequences and the WEB-INF directory in a Request (CVE-2008-5515).\n \n Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0\n through 6.0.18, when the Java AJP connector and mod_jk load balancing\n are used, allows remote attackers to cause a denial of service\n (application outage) via a crafted request with invalid headers,\n related to temporary blocking of connectors that have encountered\n errors, as demonstrated by an error involving a malformed HTTP Host\n header (CVE-2009-0033).\n \n Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and\n 6.0.0 through 6.0.18, when FORM authentication is used, allows\n remote attackers to enumerate valid usernames via requests to\n /j_security_check with malformed URL encoding of passwords, related to\n improper error checking in the (1) MemoryRealm, (2) DataSourceRealm,\n and (3) JDBCRealm authentication realms, as demonstrated by a \\%\n (percent) value for the j_password parameter (CVE-2009-0580).\n \n Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0\n through 6.0.18 permits web applications to replace an XML parser used\n for other web applications, which allows local users to read or modify\n the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web\n applications via a crafted application that is loaded earlier than\n the target application (CVE-2009-0783).\n \n Directory traversal vulnerability in Apache Tomcat 5.5.0 through\n 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or\n overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file,\n as demonstrated by a ../../bin/catalina.bat entry (CVE-2009-2693).\n \n The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 a ... \n\n Description truncated, for more information please check the Reference URL\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"tomcat5 on Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-09/msg00010.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831148\");\n script_version(\"$Revision: 8246 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-26 08:29:20 +0100 (Tue, 26 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-09-14 15:35:55 +0200 (Tue, 14 Sep 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_xref(name: \"MDVSA\", value: \"2010:176\");\n script_cve_id(\"CVE-2007-3385\", \"CVE-2007-5333\", \"CVE-2008-5515\", \"CVE-2009-0033\", \"CVE-2009-0580\", \"CVE-2009-0783\", \"CVE-2009-2693\", \"CVE-2009-2901\", \"CVE-2009-2902\", \"CVE-2010-1157\", \"CVE-2010-2227\");\n script_name(\"Mandriva Update for tomcat5 MDVSA-2010:176 (tomcat5)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tomcat5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.23~9.2.10.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.23~9.2.10.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.23~9.2.10.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.23~9.2.10.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.23~9.2.10.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.23~9.2.10.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.23~9.2.10.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.23~9.2.10.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.23~9.2.10.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.23~9.2.10.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.23~9.2.10.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2020-03-14T18:58:49", "description": "Oracle Linux Local Security Checks ELSA-2010-0580", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2010-0580", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2693", "CVE-2010-2227", "CVE-2009-2696", "CVE-2009-2902"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310122335", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122335", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122335\");\n script_version(\"2020-03-13T10:06:41+0000\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:17:01 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 10:06:41 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Oracle Linux Local Check: ELSA-2010-0580\");\n script_tag(name:\"insight\", value:\"ELSA-2010-0580 - tomcat5 security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2010-0580\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2010-0580.html\");\n script_cve_id(\"CVE-2009-2693\", \"CVE-2009-2696\", \"CVE-2009-2902\", \"CVE-2010-2227\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.23~0jpp.9.el5_5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.23~0jpp.9.el5_5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.23~0jpp.9.el5_5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.23~0jpp.9.el5_5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.23~0jpp.9.el5_5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.23~0jpp.9.el5_5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.23~0jpp.9.el5_5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.23~0jpp.9.el5_5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.23~0jpp.9.el5_5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.23~0jpp.9.el5_5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.23~0jpp.9.el5_5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2017-07-25T10:55:51", "description": "Check for the Version of tomcat5", "cvss3": {}, "published": "2011-12-23T00:00:00", "type": "openvas", "title": "CentOS Update for tomcat5 CESA-2011:1845 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2204", "CVE-2011-0013", "CVE-2011-1184", "CVE-2010-3718"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:881059", "href": "http://plugins.openvas.org/nasl.php?oid=881059", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for tomcat5 CESA-2011:1845 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Apache Tomcat is a servlet container for the Java Servlet and JavaServer\n Pages (JSP) technologies.\n\n It was found that web applications could modify the location of the Tomcat\n host's work directory. As web applications deployed on Tomcat have read and\n write access to this directory, a malicious web application could use this\n flaw to trick Tomcat into giving it read and write access to an arbitrary\n directory on the file system. (CVE-2010-3718)\n\n A cross-site scripting (XSS) flaw was found in the Manager application,\n used for managing web applications on Apache Tomcat. A malicious web\n application could use this flaw to conduct an XSS attack, leading to\n arbitrary web script execution with the privileges of victims who are\n logged into and viewing Manager application web pages. (CVE-2011-0013)\n\n Multiple flaws were found in the way Tomcat handled HTTP DIGEST\n authentication. These flaws weakened the Tomcat HTTP DIGEST authentication\n implementation, subjecting it to some of the weaknesses of HTTP BASIC\n authentication, for example, allowing remote attackers to perform session\n replay attacks. (CVE-2011-1184)\n\n A flaw was found in the Tomcat MemoryUserDatabase. If a runtime exception\n occurred when creating a new user with a JMX client, that user's password\n was logged to Tomcat log files. Note: By default, only administrators have\n access to such log files. (CVE-2011-2204)\n\n Users of Tomcat should upgrade to these updated packages, which contain\n backported patches to correct these issues. Tomcat must be restarted for\n this update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"tomcat5 on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-December/018336.html\");\n script_id(881059);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-12-23 10:34:35 +0530 (Fri, 23 Dec 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"CESA\", value: \"2011:1845\");\n script_cve_id(\"CVE-2010-3718\", \"CVE-2011-0013\", \"CVE-2011-1184\", \"CVE-2011-2204\");\n script_name(\"CentOS Update for tomcat5 CESA-2011:1845 centos5 i386\");\n\n script_summary(\"Check for the Version of tomcat5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-27T10:55:33", "description": "Check for the Version of tomcat5", "cvss3": {}, "published": "2011-12-23T00:00:00", "type": "openvas", "title": "RedHat Update for tomcat5 RHSA-2011:1845-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2204", "CVE-2011-0013", "CVE-2011-1184", "CVE-2010-3718"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:870525", "href": "http://plugins.openvas.org/nasl.php?oid=870525", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for tomcat5 RHSA-2011:1845-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Apache Tomcat is a servlet container for the Java Servlet and JavaServer\n Pages (JSP) technologies.\n\n It was found that web applications could modify the location of the Tomcat\n host's work directory. As web applications deployed on Tomcat have read and\n write access to this directory, a malicious web application could use this\n flaw to trick Tomcat into giving it read and write access to an arbitrary\n directory on the file system. (CVE-2010-3718)\n\n A cross-site scripting (XSS) flaw was found in the Manager application,\n used for managing web applications on Apache Tomcat. A malicious web\n application could use this flaw to conduct an XSS attack, leading to\n arbitrary web script execution with the privileges of victims who are\n logged into and viewing Manager application web pages. (CVE-2011-0013)\n\n Multiple flaws were found in the way Tomcat handled HTTP DIGEST\n authentication. These flaws weakened the Tomcat HTTP DIGEST authentication\n implementation, subjecting it to some of the weaknesses of HTTP BASIC\n authentication, for example, allowing remote attackers to perform session\n replay attacks. (CVE-2011-1184)\n\n A flaw was found in the Tomcat MemoryUserDatabase. If a runtime exception\n occurred when creating a new user with a JMX client, that user's password\n was logged to Tomcat log files. Note: By default, only administrators have\n access to such log files. (CVE-2011-2204)\n\n Users of Tomcat should upgrade to these updated packages, which contain\n backported patches to correct these issues. Tomcat must be restarted for\n this update to take effect.\";\n\ntag_affected = \"tomcat5 on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2011-December/msg00043.html\");\n script_id(870525);\n script_version(\"$Revision: 6685 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:44:46 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-12-23 10:33:52 +0530 (Fri, 23 Dec 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"RHSA\", value: \"2011:1845-01\");\n script_cve_id(\"CVE-2010-3718\", \"CVE-2011-0013\", \"CVE-2011-1184\", \"CVE-2011-2204\");\n script_name(\"RedHat Update for tomcat5 RHSA-2011:1845-01\");\n\n script_summary(\"Check for the Version of tomcat5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.23~0jpp.22.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.23~0jpp.22.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.23~0jpp.22.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-debuginfo\", rpm:\"tomcat5-debuginfo~5.5.23~0jpp.22.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper-5.5.23~0jpp.22.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.23~0jpp.22.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.23~0jpp.22.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.23~0jpp.22.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.23~0jpp.22.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.23~0jpp.22.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.23~0jpp.22.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.23~0jpp.22.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-05-29T18:39:16", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for tomcat5 CESA-2011:1845 centos5 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2204", "CVE-2011-0013", "CVE-2011-1184", "CVE-2010-3718"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881269", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881269", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for tomcat5 CESA-2011:1845 centos5 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-December/018337.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881269\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:14:04 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2010-3718\", \"CVE-2011-0013\", \"CVE-2011-1184\", \"CVE-2011-2204\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name:\"CESA\", value:\"2011:1845\");\n script_name(\"CentOS Update for tomcat5 CESA-2011:1845 centos5 x86_64\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat5'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"tomcat5 on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"Apache Tomcat is a servlet container for the Java Servlet and JavaServer\n Pages (JSP) technologies.\n\n It was found that web applications could modify the location of the Tomcat\n host's work directory. As web applications deployed on Tomcat have read and\n write access to this directory, a malicious web application could use this\n flaw to trick Tomcat into giving it read and write access to an arbitrary\n directory on the file system. (CVE-2010-3718)\n\n A cross-site scripting (XSS) flaw was found in the Manager application,\n used for managing web applications on Apache Tomcat. A malicious web\n application could use this flaw to conduct an XSS attack, leading to\n arbitrary web script execution with the privileges of victims who are\n logged into and viewing Manager application web pages. (CVE-2011-0013)\n\n Multiple flaws were found in the way Tomcat handled HTTP DIGEST\n authentication. These flaws weakened the Tomcat HTTP DIGEST authentication\n implementation, subjecting it to some of the weaknesses of HTTP BASIC\n authentication, for example, allowing remote attackers to perform session\n replay attacks. (CVE-2011-1184)\n\n A flaw was found in the Tomcat MemoryUserDatabase. If a runtime exception\n occurred when creating a new user with a JMX client, that user's password\n was logged to Tomcat log files. Note: By default, only administrators have\n access to such log files. (CVE-2011-2204)\n\n Users of Tomcat should upgrade to these updated packages, which contain\n backported patches to correct these issues. Tomcat must be restarted for\n this update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:39:53", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-12-23T00:00:00", "type": "openvas", "title": "CentOS Update for tomcat5 CESA-2011:1845 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2204", "CVE-2011-0013", "CVE-2011-1184", "CVE-2010-3718"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881059", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881059", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for tomcat5 CESA-2011:1845 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-December/018336.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881059\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-12-23 10:34:35 +0530 (Fri, 23 Dec 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name:\"CESA\", value:\"2011:1845\");\n script_cve_id(\"CVE-2010-3718\", \"CVE-2011-0013\", \"CVE-2011-1184\", \"CVE-2011-2204\");\n script_name(\"CentOS Update for tomcat5 CESA-2011:1845 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat5'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"tomcat5 on CentOS 5\");\n script_tag(name:\"insight\", value:\"Apache Tomcat is a servlet container for the Java Servlet and JavaServer\n Pages (JSP) technologies.\n\n It was found that web applications could modify the location of the Tomcat\n host's work directory. As web applications deployed on Tomcat have read and\n write access to this directory, a malicious web application could use this\n flaw to trick Tomcat into giving it read and write access to an arbitrary\n directory on the file system. (CVE-2010-3718)\n\n A cross-site scripting (XSS) flaw was found in the Manager application,\n used for managing web applications on Apache Tomcat. A malicious web\n application could use this flaw to conduct an XSS attack, leading to\n arbitrary web script execution with the privileges of victims who are\n logged into and viewing Manager application web pages. (CVE-2011-0013)\n\n Multiple flaws were found in the way Tomcat handled HTTP DIGEST\n authentication. These flaws weakened the Tomcat HTTP DIGEST authentication\n implementation, subjecting it to some of the weaknesses of HTTP BASIC\n authentication, for example, allowing remote attackers to perform session\n replay attacks. (CVE-2011-1184)\n\n A flaw was found in the Tomcat MemoryUserDatabase. If a runtime exception\n occurred when creating a new user with a JMX client, that user's password\n was logged to Tomcat log files. Note: By default, only administrators have\n access to such log files. (CVE-2011-2204)\n\n Users of Tomcat should upgrade to these updated packages, which contain\n backported patches to correct these issues. Tomcat must be restarted for\n this update to take effect.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2018-01-02T10:56:18", "description": "Check for the Version of tomcat5", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for tomcat5 CESA-2011:1845 centos5 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2204", "CVE-2011-0013", "CVE-2011-1184", "CVE-2010-3718"], "modified": "2017-12-28T00:00:00", "id": "OPENVAS:881269", "href": "http://plugins.openvas.org/nasl.php?oid=881269", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for tomcat5 CESA-2011:1845 centos5 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Apache Tomcat is a servlet container for the Java Servlet and JavaServer\n Pages (JSP) technologies.\n\n It was found that web applications could modify the location of the Tomcat\n host's work directory. As web applications deployed on Tomcat have read and\n write access to this directory, a malicious web application could use this\n flaw to trick Tomcat into giving it read and write access to an arbitrary\n directory on the file system. (CVE-2010-3718)\n \n A cross-site scripting (XSS) flaw was found in the Manager application,\n used for managing web applications on Apache Tomcat. A malicious web\n application could use this flaw to conduct an XSS attack, leading to\n arbitrary web script execution with the privileges of victims who are\n logged into and viewing Manager application web pages. (CVE-2011-0013)\n \n Multiple flaws were found in the way Tomcat handled HTTP DIGEST\n authentication. These flaws weakened the Tomcat HTTP DIGEST authentication\n implementation, subjecting it to some of the weaknesses of HTTP BASIC\n authentication, for example, allowing remote attackers to perform session\n replay attacks. (CVE-2011-1184)\n \n A flaw was found in the Tomcat MemoryUserDatabase. If a runtime exception\n occurred when creating a new user with a JMX client, that user's password\n was logged to Tomcat log files. Note: By default, only administrators have\n access to such log files. (CVE-2011-2204)\n \n Users of Tomcat should upgrade to these updated packages, which contain\n backported patches to correct these issues. Tomcat must be restarted for\n this update to take effect.\";\n\ntag_affected = \"tomcat5 on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-December/018337.html\");\n script_id(881269);\n script_version(\"$Revision: 8253 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-28 07:29:51 +0100 (Thu, 28 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:14:04 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2010-3718\", \"CVE-2011-0013\", \"CVE-2011-1184\", \"CVE-2011-2204\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"CESA\", value: \"2011:1845\");\n script_name(\"CentOS Update for tomcat5 CESA-2011:1845 centos5 x86_64\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tomcat5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.23~0jpp.22.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2020-02-21T00:59:55", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-12-23T00:00:00", "type": "openvas", "title": "RedHat Update for tomcat5 RHSA-2011:1845-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2204", "CVE-2011-0013", "CVE-2011-1184", "CVE-2010-3718"], "modified": "2020-02-19T00:00:00", "id": "OPENVAS:1361412562310870525", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870525", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for tomcat5 RHSA-2011:1845-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2011-December/msg00043.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870525\");\n script_version(\"2020-02-19T15:17:22+0000\");\n script_tag(name:\"last_modification\", value:\"2020-02-19 15:17:22 +0000 (Wed, 19 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2011-12-23 10:33:52 +0530 (Fri, 23 Dec 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name:\"RHSA\", value:\"2011:1845-01\");\n script_cve_id(\"CVE-2010-3718\", \"CVE-2011-0013\", \"CVE-2011-1184\", \"CVE-2011-2204\");\n script_name(\"RedHat Update for tomcat5 RHSA-2011:1845-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat5'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n script_tag(name:\"affected\", value:\"tomcat5 on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Apache Tomcat is a servlet container for the Java Servlet and JavaServer\n Pages (JSP) technologies.\n\n It was found that web applications could modify the location of the Tomcat\n host's work directory. As web applications deployed on Tomcat have read and\n write access to this directory, a malicious web application could use this\n flaw to trick Tomcat into giving it read and write access to an arbitrary\n directory on the file system. (CVE-2010-3718)\n\n A cross-site scripting (XSS) flaw was found in the Manager application,\n used for managing web applications on Apache Tomcat. A malicious web\n application could use this flaw to conduct an XSS attack, leading to\n arbitrary web script execution with the privileges of victims who are\n logged into and viewing Manager application web pages. (CVE-2011-0013)\n\n Multiple flaws were found in the way Tomcat handled HTTP DIGEST\n authentication. These flaws weakened the Tomcat HTTP DIGEST authentication\n implementation, subjecting it to some of the weaknesses of HTTP BASIC\n authentication, for example, allowing remote attackers to perform session\n replay attacks. (CVE-2011-1184)\n\n A flaw was found in the Tomcat MemoryUserDatabase. If a runtime exception\n occurred when creating a new user with a JMX client, that user's password\n was logged to Tomcat log files. Note: By default, only administrators have\n access to such log files. (CVE-2011-2204)\n\n Users of Tomcat should upgrade to these updated packages, which contain\n backported patches to correct these issues. Tomcat must be restarted for\n this update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.23~0jpp.22.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.23~0jpp.22.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.23~0jpp.22.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-debuginfo\", rpm:\"tomcat5-debuginfo~5.5.23~0jpp.22.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.23~0jpp.22.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.23~0jpp.22.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.23~0jpp.22.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.23~0jpp.22.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.23~0jpp.22.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.23~0jpp.22.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.23~0jpp.22.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.23~0jpp.22.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:40:02", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for tomcat5 CESA-2010:0580 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2693", "CVE-2009-0781", "CVE-2010-2227", "CVE-2009-2696", "CVE-2009-2902"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310880632", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880632", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for tomcat5 CESA-2010:0580 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2010-August/016859.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880632\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_xref(name:\"CESA\", value:\"2010:0580\");\n script_cve_id(\"CVE-2009-2693\", \"CVE-2009-2696\", \"CVE-2009-2902\", \"CVE-2010-2227\", \"CVE-2009-0781\");\n script_name(\"CentOS Update for tomcat5 CESA-2010:0580 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat5'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"tomcat5 on CentOS 5\");\n script_tag(name:\"insight\", value:\"Apache Tomcat is a servlet container for the Java Servlet and JavaServer\n Pages (JSP) technologies.\n\n A flaw was found in the way Tomcat handled the Transfer-Encoding header in\n HTTP requests. A specially-crafted HTTP request could prevent Tomcat from\n sending replies, or cause Tomcat to return truncated replies, or replies\n containing data related to the requests of other users, for all subsequent\n HTTP requests. (CVE-2010-2227)\n\n The Tomcat security update RHSA-2009:1164 did not, unlike the erratum text\n stated, provide a fix for CVE-2009-0781, a cross-site scripting (XSS) flaw\n in the examples calendar application. With some web browsers, remote\n attackers could use this flaw to inject arbitrary web script or HTML via\n the 'time' parameter. (CVE-2009-2696)\n\n Two directory traversal flaws were found in the Tomcat deployment process.\n A specially-crafted WAR file could, when deployed, cause a file to be\n created outside of the web root into any directory writable by the Tomcat\n user, or could lead to the deletion of files in the Tomcat host's work\n directory. (CVE-2009-2693, CVE-2009-2902)\n\n Users of Tomcat should upgrade to these updated packages, which contain\n backported patches to resolve these issues. Tomcat must be restarted for\n this update to take effect.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.23~0jpp.9.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.23~0jpp.9.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.23~0jpp.9.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.23~0jpp.9.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.23~0jpp.9.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.23~0jpp.9.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.23~0jpp.9.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.23~0jpp.9.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.23~0jpp.9.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.23~0jpp.9.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.23~0jpp.9.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2018-01-02T10:54:35", "description": "Check for the Version of tomcat5", "cvss3": {}, "published": "2010-08-06T00:00:00", "type": "openvas", "title": "RedHat Update for tomcat5 RHSA-2010:0580-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2693", "CVE-2009-0781", "CVE-2010-2227", "CVE-2009-2696", "CVE-2009-2902"], "modified": "2017-12-21T00:00:00", "id": "OPENVAS:1361412562310870302", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870302", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for tomcat5 RHSA-2010:0580-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Apache Tomcat is a servlet container for the Java Servlet and JavaServer\n Pages (JSP) technologies.\n\n A flaw was found in the way Tomcat handled the Transfer-Encoding header in\n HTTP requests. A specially-crafted HTTP request could prevent Tomcat from\n sending replies, or cause Tomcat to return truncated replies, or replies\n containing data related to the requests of other users, for all subsequent\n HTTP requests. (CVE-2010-2227)\n\n The Tomcat security update RHSA-2009:1164 did not, unlike the erratum text\n stated, provide a fix for CVE-2009-0781, a cross-site scripting (XSS) flaw\n in the examples calendar application. With some web browsers, remote\n attackers could use this flaw to inject arbitrary web script or HTML via\n the "time" parameter. (CVE-2009-2696)\n\n Two directory traversal flaws were found in the Tomcat deployment process.\n A specially-crafted WAR file could, when deployed, cause a file to be\n created outside of the web root into any directory writable by the Tomcat\n user, or could lead to the deletion of files in the Tomcat host's work\n directory. (CVE-2009-2693, CVE-2009-2902)\n\n Users of Tomcat should upgrade to these updated packages, which contain\n backported patches to resolve these issues. Tomcat must be restarted for\n this update to take effect.\";\n\ntag_affected = \"tomcat5 on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2010-August/msg00000.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870302\");\n script_version(\"$Revision: 8207 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-21 08:30:12 +0100 (Thu, 21 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-06 10:34:50 +0200 (Fri, 06 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_xref(name: \"RHSA\", value: \"2010:0580-01\");\n script_cve_id(\"CVE-2009-2693\", \"CVE-2009-2696\", \"CVE-2009-2902\", \"CVE-2010-2227\", \"CVE-2009-0781\");\n script_name(\"RedHat Update for tomcat5 RHSA-2010:0580-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tomcat5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.23~0jpp.9.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.23~0jpp.9.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.23~0jpp.9.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-debuginfo\", rpm:\"tomcat5-debuginfo~5.5.23~0jpp.9.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.23~0jpp.9.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.23~0jpp.9.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.23~0jpp.9.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.23~0jpp.9.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.23~0jpp.9.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.23~0jpp.9.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.23~0jpp.9.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.23~0jpp.9.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-12-14T11:48:47", "description": "Check for the Version of tomcat5", "cvss3": {}, "published": "2010-08-06T00:00:00", "type": "openvas", "title": "RedHat Update for tomcat5 RHSA-2010:0580-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2693", "CVE-2009-0781", "CVE-2010-2227", "CVE-2009-2696", "CVE-2009-2902"], "modified": "2017-12-13T00:00:00", "id": "OPENVAS:870302", "href": "http://plugins.openvas.org/nasl.php?oid=870302", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for tomcat5 RHSA-2010:0580-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Apache Tomcat is a servlet container for the Java Servlet and JavaServer\n Pages (JSP) technologies.\n\n A flaw was found in the way Tomcat handled the Transfer-Encoding header in\n HTTP requests. A specially-crafted HTTP request could prevent Tomcat from\n sending replies, or cause Tomcat to return truncated replies, or replies\n containing data related to the requests of other users, for all subsequent\n HTTP requests. (CVE-2010-2227)\n\n The Tomcat security update RHSA-2009:1164 did not, unlike the erratum text\n stated, provide a fix for CVE-2009-0781, a cross-site scripting (XSS) flaw\n in the examples calendar application. With some web browsers, remote\n attackers could use this flaw to inject arbitrary web script or HTML via\n the "time" parameter. (CVE-2009-2696)\n\n Two directory traversal flaws were found in the Tomcat deployment process.\n A specially-crafted WAR file could, when deployed, cause a file to be\n created outside of the web root into any directory writable by the Tomcat\n user, or could lead to the deletion of files in the Tomcat host's work\n directory. (CVE-2009-2693, CVE-2009-2902)\n\n Users of Tomcat should upgrade to these updated packages, which contain\n backported patches to resolve these issues. Tomcat must be restarted for\n this update to take effect.\";\n\ntag_affected = \"tomcat5 on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2010-August/msg00000.html\");\n script_id(870302);\n script_version(\"$Revision: 8092 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-13 07:31:16 +0100 (Wed, 13 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-06 10:34:50 +0200 (Fri, 06 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_xref(name: \"RHSA\", value: \"2010:0580-01\");\n script_cve_id(\"CVE-2009-2693\", \"CVE-2009-2696\", \"CVE-2009-2902\", \"CVE-2010-2227\", \"CVE-2009-0781\");\n script_name(\"RedHat Update for tomcat5 RHSA-2010:0580-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tomcat5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.23~0jpp.9.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.23~0jpp.9.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.23~0jpp.9.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-debuginfo\", rpm:\"tomcat5-debuginfo~5.5.23~0jpp.9.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.23~0jpp.9.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.23~0jpp.9.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.23~0jpp.9.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.23~0jpp.9.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.23~0jpp.9.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.23~0jpp.9.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.23~0jpp.9.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.23~0jpp.9.el5_5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:55:30", "description": "Check for the Version of tomcat5", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for tomcat5 CESA-2010:0580 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2693", "CVE-2009-0781", "CVE-2010-2227", "CVE-2009-2696", "CVE-2009-2902"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880632", "href": "http://plugins.openvas.org/nasl.php?oid=880632", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for tomcat5 CESA-2010:0580 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Apache Tomcat is a servlet container for the Java Servlet and JavaServer\n Pages (JSP) technologies.\n\n A flaw was found in the way Tomcat handled the Transfer-Encoding header in\n HTTP requests. A specially-crafted HTTP request could prevent Tomcat from\n sending replies, or cause Tomcat to return truncated replies, or replies\n containing data related to the requests of other users, for all subsequent\n HTTP requests. (CVE-2010-2227)\n \n The Tomcat security update RHSA-2009:1164 did not, unlike the erratum text\n stated, provide a fix for CVE-2009-0781, a cross-site scripting (XSS) flaw\n in the examples calendar application. With some web browsers, remote\n attackers could use this flaw to inject arbitrary web script or HTML via\n the "time" parameter. (CVE-2009-2696)\n \n Two directory traversal flaws were found in the Tomcat deployment process.\n A specially-crafted WAR file could, when deployed, cause a file to be\n created outside of the web root into any directory writable by the Tomcat\n user, or could lead to the deletion of files in the Tomcat host's work\n directory. (CVE-2009-2693, CVE-2009-2902)\n \n Users of Tomcat should upgrade to these updated packages, which contain\n backported patches to resolve these issues. Tomcat must be restarted for\n this update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"tomcat5 on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2010-August/016859.html\");\n script_id(880632);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2010:0580\");\n script_cve_id(\"CVE-2009-2693\", \"CVE-2009-2696\", \"CVE-2009-2902\", \"CVE-2010-2227\", \"CVE-2009-0781\");\n script_name(\"CentOS Update for tomcat5 CESA-2010:0580 centos5 i386\");\n\n script_summary(\"Check for the Version of tomcat5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.23~0jpp.9.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.23~0jpp.9.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.23~0jpp.9.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.23~0jpp.9.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.23~0jpp.9.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.23~0jpp.9.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.23~0jpp.9.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.23~0jpp.9.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.23~0jpp.9.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.23~0jpp.9.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.23~0jpp.9.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:55:33", "description": "Check for the Version of tomcat6", "cvss3": {}, "published": "2011-10-21T00:00:00", "type": "openvas", "title": "Fedora Update for tomcat6 FEDORA-2011-13457", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2204", "CVE-2011-2526", "CVE-2011-0013", "CVE-2011-0534", "CVE-2010-3718", "CVE-2011-3190"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:863592", "href": "http://plugins.openvas.org/nasl.php?oid=863592", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tomcat6 FEDORA-2011-13457\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Tomcat is the servlet container that is used in the official Reference\n Implementation for the Java Servlet and JavaServer Pages technologies.\n The Java Servlet and JavaServer Pages specifications are developed by\n Sun under the Java Community Process.\n\n Tomcat is developed in an open and participatory environment and\n released under the Apache Software License version 2.0. Tomcat is intended\n to be a collaboration of the best-of-breed developers from around the world.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"tomcat6 on Fedora 14\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068453.html\");\n script_id(863592);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-21 16:31:29 +0200 (Fri, 21 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2011-13457\");\n script_cve_id(\"CVE-2011-3190\", \"CVE-2011-2526\", \"CVE-2011-2204\", \"CVE-2011-0534\",\n \"CVE-2011-0013\", \"CVE-2010-3718\");\n script_name(\"Fedora Update for tomcat6 FEDORA-2011-13457\");\n\n script_summary(\"Check for the Version of tomcat6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.26~27.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:41", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-10-21T00:00:00", "type": "openvas", "title": "Fedora Update for tomcat6 FEDORA-2011-13457", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2204", "CVE-2011-2526", "CVE-2011-0013", "CVE-2011-0534", "CVE-2010-3718", "CVE-2011-3190"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863592", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863592", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tomcat6 FEDORA-2011-13457\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068453.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863592\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-21 16:31:29 +0200 (Fri, 21 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2011-13457\");\n script_cve_id(\"CVE-2011-3190\", \"CVE-2011-2526\", \"CVE-2011-2204\", \"CVE-2011-0534\",\n \"CVE-2011-0013\", \"CVE-2010-3718\");\n script_name(\"Fedora Update for tomcat6 FEDORA-2011-13457\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat6'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC14\");\n script_tag(name:\"affected\", value:\"tomcat6 on Fedora 14\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.26~27.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:53", "description": "The remote host is missing an update for the Apache Web Server package(s) announced via the referenced advisory.", "cvss3": {}, "published": "2011-05-05T00:00:00", "type": "openvas", "title": "HP-UX Update for Apache Web Server HPSBUX02645", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0013", "CVE-2010-4476", "CVE-2010-1623", "CVE-2010-3718", "CVE-2009-3720", "CVE-2009-3560"], "modified": "2018-10-04T00:00:00", "id": "OPENVAS:1361412562310835253", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310835253", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_hp_ux_HPSBUX02645.nasl 11739 2018-10-04 07:49:31Z cfischer $\n#\n# HP-UX Update for Apache Web Server HPSBUX02645\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02752210\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.835253\");\n script_version(\"$Revision: 11739 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-04 09:49:31 +0200 (Thu, 04 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-05 07:14:22 +0200 (Thu, 05 May 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"HPSBUX\", value:\"02645\");\n script_cve_id(\"CVE-2009-3560\", \"CVE-2009-3720\", \"CVE-2010-1623\", \"CVE-2010-3718\", \"CVE-2010-4476\", \"CVE-2011-0013\");\n script_name(\"HP-UX Update for Apache Web Server HPSBUX02645\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Apache Web Server package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/hp_pkgrev\", re:\"ssh/login/release=HPUX(11\\.31|11\\.23|11\\.11)\");\n\n script_tag(name:\"impact\", value:\"Remote information disclosure, cross-site scripting (XSS) or Denial of Service (DoS).\");\n\n script_tag(name:\"affected\", value:\"Apache Web Server on HP-UX B.11.23, B.11.31 running HP-UX Apache Web Server Suite v3.14 or\n earlier HP-UX B.11.11, B.11.23, B.11.31 running HP-UX Apache Web Server\n Suite v2.32 or earlier\");\n\n script_tag(name:\"insight\", value:\"Potential security vulnerabilities have been identified with HP-UX Apache\n Web Server. These vulnerabilities could be exploited remotely to disclose\n information, allow cross-site scripting (XSS), or create a Denial of Service\n (DoS). The Tomcat-based Servlet Engine is contained in the HP-UX Apache Web\n Server Suite.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = hpux_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"HPUX11.31\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.APACHE\", revision:\"B.2.0.64.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.APACHE2\", revision:\"B.2.0.64.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.AUTH_LDAP\", revision:\"B.2.0.64.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.AUTH_LDAP2\", revision:\"B.2.0.64.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.MOD_JK\", revision:\"B.2.0.64.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.MOD_JK2\", revision:\"B.2.0.64.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.MOD_PERL\", revision:\"B.2.0.64.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.MOD_PERL2\", revision:\"B.2.0.64.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.PHP\", revision:\"B.2.0.64.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.PHP2\", revision:\"B.2.0.64.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.WEBPROXY\", revision:\"B.2.0.64.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxws22TOMCAT.TOMCAT\", revision:\"B.5.5.30.04\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.APACHE\", revision:\"B.2.2.15.05\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.APACHE2\", revision:\"B.2.2.15.05\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.AUTH_LDAP\", revision:\"B.2.2.15.05\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.AUTH_LDAP2\", revision:\"B.2.2.15.05\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_JK\", revision:\"B.2.2.15.05\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_JK2\", revision:\"B.2.2.15.05\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_PERL\", revision:\"B.2.2.15.05\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_PERL2\", revision:\"B.2.2.15.05\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.PHP\", revision:\"B.2.2.15.05\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.PHP2\", revision:\"B.2.2.15.05\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.WEBPROXY\", revision:\"B.2.2.15.05\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxws22TOMCAT.TOMCAT\", revision:\"B.5.5.30.04\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.APACHE\", revision:\"B.2.0.64.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.APACHE2\", revision:\"B.2.0.64.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.AUTH_LDAP\", revision:\"B.2.0.64.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.AUTH_LDAP2\", revision:\"B.2.0.64.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.MOD_JK\", revision:\"B.2.0.64.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.MOD_JK2\", revision:\"B.2.0.64.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.MOD_PERL\", revision:\"B.2.0.64.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.MOD_PERL2\", revision:\"B.2.0.64.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.PHP\", revision:\"B.2.0.64.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.PHP2\", revision:\"B.2.0.64.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.WEBPROXY\", revision:\"B.2.0.64.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxws22TOMCAT.TOMCAT\", revision:\"B.5.5.30.04\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.APACHE\", revision:\"B.2.2.15.05\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.APACHE2\", revision:\"B.2.2.15.05\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.AUTH_LDAP\", revision:\"B.2.2.15.05\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.AUTH_LDAP2\", revision:\"B.2.2.15.05\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_JK\", revision:\"B.2.2.15.05\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_JK2\", revision:\"B.2.2.15.05\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_PERL\", revision:\"B.2.2.15.05\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_PERL2\", revision:\"B.2.2.15.05\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.PHP\", revision:\"B.2.2.15.05\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.PHP2\", revision:\"B.2.2.15.05\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.WEBPROXY\", revision:\"B.2.2.15.05\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxws22TOMCAT.TOMCAT\", revision:\"B.5.5.30.04\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.APACHE\", revision:\"B.2.0.64.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.APACHE2\", revision:\"B.2.0.64.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.AUTH_LDAP\", revision:\"B.2.0.64.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.AUTH_LDAP2\", revision:\"B.2.0.64.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_JK\", revision:\"B.2.0.64.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_JK2\", revision:\"B.2.0.64.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_PERL\", revision:\"B.2.0.64.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_PERL2\", revision:\"B.2.0.64.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.PHP\", revision:\"B.2.0.64.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.PHP2\", revision:\"B.2.0.64.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.WEBPROXY\", revision:\"B.2.0.64.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxws22TOMCAT.TOMCAT\", revision:\"B.5.5.30.04\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-24T12:55:30", "description": "Check for the Version of Apache Web Server", "cvss3": {}, "published": "2011-05-05T00:00:00", "type": "openvas", "title": "HP-UX Update for Apache Web Server HPSBUX02645", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0013", "CVE-2010-4476", "CVE-2010-1623", "CVE-2010-3718", "CVE-2009-3720", "CVE-2009-3560"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:835253", "href": "http://plugins.openvas.org/nasl.php?oid=835253", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for Apache Web Server HPSBUX02645\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Remote information disclosure\n cross-site scripting (XSS)\n or Denial of Service (DoS).\";\ntag_affected = \"Apache Web Server on\n HP-UX B.11.23, B.11.31 running HP-UX Apache Web Server Suite v3.14 or \n earlier HP-UX B.11.11, B.11.23, B.11.31 running HP-UX Apache Web Server \n Suite v2.32 or earlier\";\ntag_insight = \"Potential security vulnerabilities have been identified with HP-UX Apache \n Web Server. These vulnerabilities could be exploited remotely to disclose \n information, allow cross-site scripting (XSS), or create a Denial of Service \n (DoS). The Tomcat-based Servlet Engine is contained in the HP-UX Apache Web \n Server Suite.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02752210\");\n script_id(835253);\n script_version(\"$Revision: 6582 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 16:11:56 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\
Apache Tomcat 5.5.x < 5.5.30 Multiple Vulnerabilities
