Tenable8141.PASL

HistoryFeb 26, 2014 - 12:00 a.m.

Apache Tomcat 6.0.x < 6.0.39 Multiple Vulnerabilities

2014-02-2600:00:00

Tenable

www.tenable.com

According to its self-reported version number, the instance of Apache Tomcat 6.0.x listening on the remote host is prior to 6.0.39. It is, therefore, affected by the following vulnerabilities:

The version of Java used to build the application generates Javadoc containing a frame injection error. (CVE-2013-1571)
The fix for CVE-2005-2090 was not complete and the application does not reject requests with multiple Content-Length HTTP headers or with Content-Length HTTP headers when using chunked encoding. (CVE-2013-4286)
The fix for CVE-2012-3544 was not complete and limits are not properly applied to chunk extensions and whitespaces in certain trailing headers. This error allows denial of service attacks. (CVE-2013-4322)
The application allows XML External Entity (XXE) processing that discloses sensitive information. (CVE-2013-4590)
An error exists related to the ‘disableURLRewriting’ configuration option and session IDs. (CVE-2014-0033)

Note that Nessus Network Monitor has not tested for these issues but has instead relied only on the application’s self-reported version number.

Binary data 8141.pasl

VendorProductVersionCPE
apachetomcatcpe:/a:apache:tomcat

Vendor	Product	Version	CPE
apache	tomcat		cpe:/a:apache:tomcat

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1571

tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.39

tomcat 6

nessus 25

ibm 61

openvas 27

osv 8

debian 2

fedora 1

redhat 7

mageia 3

securityvulns 6

ubuntu 1

centos 1

seebug 5

amazon 1

debiancve 4

cve 7

ubuntucve 6

github 5

veracode 4

prion 6

oraclelinux 2

cert 1

f5 2

atlassian 2

checkpoint_advisories 2

vmware 2

gentoo 1

threatpost 1

tomcat

Fixed in Apache Tomcat 6.0.39

2014-01-31 00:00:00

Fixed in Apache Tomcat 7.0.50

2014-01-08 00:00:00

Fixed in Apache Tomcat 8.0.0-RC10

2013-12-26 00:00:00

nessus

Apache Tomcat 6.0.x < 6.0.39 Multiple Vulnerabilities

2014-02-25 00:00:00

Oracle Solaris Third-Party Patch Update : tomcat (multiple_vulnerabilities_in_apache_tomcat4)

2015-01-19 00:00:00

Fedora 20 : tomcat-7.0.52-1.fc20 (2014-11048)

2014-09-29 00:00:00

ibm

Security Bulletin: Security vulnerabilities in Apache Tomcat for WebSphere Application Server Community Edition 2.1.1.6 and 3.0.0.4(CVE-2013-4286,CVE-2012-3544,CVE-2013-4322,CVE-2013-4590,CVE-2014-0033)

2018-06-15 07:01:06

Security Bulletin: Apache Tomcat security vulnerability issues on IBM Storwize V7000 Unified system (CVE-2013-4286, CVE-2014-0033, CVE-2013-4322, CVE-2013-4590)

2018-06-18 00:08:13

Security Bulletin: Multiple Apache Tomcat vulnerabilities in IBM Algo Audit and Compliance (CVE-2013-4286, CVE-2013-4322, CVE-2013-4590, CVE-2014-0033)

2018-06-15 22:31:20

openvas

Fedora Update for tomcat FEDORA-2014-11048

2014-10-01 00:00:00

Mageia: Security Advisory (MGASA-2014-0148)

2022-01-28 00:00:00

Mageia: Security Advisory (MGASA-2014-0149)

2022-01-28 00:00:00

osv

tomcat6 - security update

2014-11-23 00:00:00

tomcat6 - regression update

2014-11-23 00:00:00

Apache Tomcat is vulnerable to HTTP request-smuggling

2022-05-14 01:10:36

debian

[SECURITY] [DLA 91-1] tomcat6 security update

2014-11-23 09:02:25

[SECURITY] [DSA 2897-1] tomcat7 security update

2014-04-08 18:25:14

fedora

[SECURITY] Fedora 20 Update: tomcat-7.0.52-1.fc20

2014-09-26 09:02:42

redhat

(RHSA-2014:0528) Moderate: Red Hat JBoss Web Server 2.0.1 tomcat6 security update

2014-05-21 15:32:03

(RHSA-2014:0525) Moderate: Red Hat JBoss Web Server 2.0.1 tomcat6 security update

2014-05-21 15:09:00

(RHSA-2014:0526) Moderate: Red Hat JBoss Web Server 2.0.1 tomcat7 security update

2014-05-21 15:09:06

mageia

Updated tomcat package fixes security vulnerabilities

2014-04-03 04:16:05

Updated tomcat package fixes security vulnerabilities

2014-04-03 04:16:05

Updated tomcat6 packages fix multiple vulnerabilities and logging

2014-02-17 22:13:24

securityvulns

Apache Tomcat multiple security vulnerabilities

2014-03-31 00:00:00

[SECURITY] CVE-2013-4286 Incomplete fix for CVE-2005-2090 (Information disclosure)

2014-02-28 00:00:00

[SECURITY] CVE-2013-4322 Incomplete fix for CVE-2012-3544 (Denial of Service)

2014-02-28 00:00:00

ubuntu

Tomcat vulnerabilities

2014-03-06 00:00:00

centos

tomcat6 security update

2014-04-23 19:07:14

seebug

Apache Tomcat 安全限制绕过漏洞

2014-02-26 00:00:00

Apache Tomcat不完整修复信息泄漏漏洞

2014-02-27 00:00:00

Apache Tomcat 不完整修复拒绝服务漏洞

2014-02-27 00:00:00

amazon

Medium: tomcat6

2014-05-21 10:45:00

debiancve

CVE-2013-4286

2014-02-26 14:55:00

CVE-2013-4322

2014-02-26 14:55:00

CVE-2013-4590

2014-02-26 14:55:00

cve

CVE-2013-4286

2014-02-26 14:55:00

CVE-2013-4322

2014-02-26 14:55:00

CVE-2005-2090

2005-07-05 04:00:00

ubuntucve

CVE-2013-4286

2014-02-26 00:00:00

CVE-2013-4322

2014-02-26 00:00:00

CVE-2013-4590

2014-02-26 00:00:00

github

Apache Tomcat is vulnerable to HTTP request-smuggling

2022-05-14 01:10:36

Apache Tomcat Denial of Service vulnerability

2022-05-14 01:10:35

Tomcat Vulnerable to Web Cache Poisoning

2022-05-01 02:04:54

veracode

Request-smuggling Attacks

2019-01-15 08:59:20

HTTP Request Smuggling

2018-11-13 06:55:19

XML External Entity (XXE)

2019-01-15 08:58:51

prion

Design/Logic Flaw

2014-02-26 14:55:00

Design/Logic Flaw

2014-02-26 14:55:00

Xxe

2014-02-26 14:55:00

oraclelinux

tomcat6 security update

2014-04-23 00:00:00

tomcat security update

2014-07-20 00:00:00

cert

Single crafted HTTP request may result in multiple responses

2005-02-04 00:00:00

K16828 : Apache Tomcat vulnerability CVE-2005-2090

2015-07-02 00:00:00

SOL16828 - Apache Tomcat vulnerability CVE-2005-2090

2015-07-02 00:00:00

atlassian

CVE-2013-4590 vulnerability with Tomcat 7.0.42 shipped with Crowd 2.7.2

2014-05-24 04:42:42

CVE-2013-4590 vulnerability with Tomcat 7.0.42 shipped with Crowd 2.7.2

2014-05-24 04:42:42

checkpoint_advisories

Apache Tomcat Large Chunked Transfer Denial of Service (CVE-2013-4322)

2014-03-05 00:00:00

Apache Tomcat Chunked Transfer Denial of Service - Ver 2 (CVE-2012-3544)

2013-11-10 00:00:00

vmware

VMware vSphere product updates to third party libraries

2014-09-09 00:00:00

VMware vSphere product updates to third party libraries

2014-09-09 00:00:00

gentoo

Apache Tomcat: Multiple vulnerabilities

2014-12-15 00:00:00

threatpost

Oracle Releases 40 Critical Java Patches in June Update

2013-06-19 10:40:35

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

JSON

Related for 8141.PASL