Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.AL2_ALASTOMCAT8_5-2023-007.NASL
HistorySep 27, 2023 - 12:00 a.m.

Amazon Linux 2 : tomcat (ALASTOMCAT8.5-2023-007)

2023-09-2700:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
6
JSON

The version of tomcat installed on the remote host is prior to 8.5.69-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2TOMCAT8.5-2023-007 advisory.

  • A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65. (CVE-2021-30640)

  • Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer encoding header if the client declared it would only accept an HTTP/1.0 response; - Tomcat honoured the identify encoding;
    and - Tomcat did not ensure that, if present, the chunked encoding was the final encoding.
    (CVE-2021-33037)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux 2 Security Advisory ALASTOMCAT8.5-2023-007.
##

include('compat.inc');

if (description)
{
  script_id(181993);
  script_version("1.0");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/09/27");

  script_cve_id("CVE-2021-30640", "CVE-2021-33037");
  script_xref(name:"IAVA", value:"2021-A-0303-S");

  script_name(english:"Amazon Linux 2 : tomcat (ALASTOMCAT8.5-2023-007)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux 2 host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"The version of tomcat installed on the remote host is prior to 8.5.69-1. It is, therefore, affected by multiple
vulnerabilities as referenced in the ALAS2TOMCAT8.5-2023-007 advisory.

  - A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of
    a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue
    affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65. (CVE-2021-30640)

  - Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP
    transfer-encoding request header in some circumstances leading to the possibility to request smuggling
    when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer encoding header if
    the client declared it would only accept an HTTP/1.0 response; - Tomcat honoured the identify encoding;
    and - Tomcat did not ensure that, if present, the chunked encoding was the final encoding.
    (CVE-2021-33037)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/AL2/ALASTOMCAT8.5-2023-007.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2021-30640.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2021-33037.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/faqs.html");
  script_set_attribute(attribute:"solution", value:
"Run 'yum update tomcat' to update your system.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-30640");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/05/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/08/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/09/27");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat-admin-webapps");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat-docs-webapp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat-el-3.0-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat-javadoc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat-jsp-2.3-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat-jsvc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat-lib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat-servlet-3.1-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat-webapps");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Amazon Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}

include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var alas_release = get_kb_item("Host/AmazonLinux/release");
if (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, "Amazon Linux");
var os_ver = pregmatch(pattern: "^AL(A|\d+|-\d+)", string:alas_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "2")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux 2", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var pkgs = [
    {'reference':'tomcat-8.5.69-1.amzn2.0.1', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'tomcat8.5'},
    {'reference':'tomcat-admin-webapps-8.5.69-1.amzn2.0.1', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'tomcat8.5'},
    {'reference':'tomcat-docs-webapp-8.5.69-1.amzn2.0.1', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'tomcat8.5'},
    {'reference':'tomcat-el-3.0-api-8.5.69-1.amzn2.0.1', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'tomcat8.5'},
    {'reference':'tomcat-javadoc-8.5.69-1.amzn2.0.1', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'tomcat8.5'},
    {'reference':'tomcat-jsp-2.3-api-8.5.69-1.amzn2.0.1', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'tomcat8.5'},
    {'reference':'tomcat-jsvc-8.5.69-1.amzn2.0.1', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'tomcat8.5'},
    {'reference':'tomcat-lib-8.5.69-1.amzn2.0.1', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'tomcat8.5'},
    {'reference':'tomcat-servlet-3.1-api-8.5.69-1.amzn2.0.1', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'tomcat8.5'},
    {'reference':'tomcat-webapps-8.5.69-1.amzn2.0.1', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'tomcat8.5'}
];

var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  var exists_check = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc");
}
VendorProductVersionCPE
amazonlinuxtomcatp-cpe:/a:amazon:linux:tomcat
amazonlinuxtomcat-admin-webappsp-cpe:/a:amazon:linux:tomcat-admin-webapps
amazonlinuxtomcat-docs-webappp-cpe:/a:amazon:linux:tomcat-docs-webapp
amazonlinuxtomcat-el-3.0-apip-cpe:/a:amazon:linux:tomcat-el-3.0-api
amazonlinuxtomcat-javadocp-cpe:/a:amazon:linux:tomcat-javadoc
amazonlinuxtomcat-jsp-2.3-apip-cpe:/a:amazon:linux:tomcat-jsp-2.3-api
amazonlinuxtomcat-jsvcp-cpe:/a:amazon:linux:tomcat-jsvc
amazonlinuxtomcat-libp-cpe:/a:amazon:linux:tomcat-lib
amazonlinuxtomcat-servlet-3.1-apip-cpe:/a:amazon:linux:tomcat-servlet-3.1-api
amazonlinuxtomcat-webappsp-cpe:/a:amazon:linux:tomcat-webapps
Rows per page:
1-10 of 111

Related

osv 8
debian 3
nessus 42
openvas 17
suse 2
mageia 1
cve 2
freebsd 2
redhatcve 2
ibm 13
f5 2
ubuntucve 2
tomcat 7
debiancve 2
veracode 2
kaspersky 2
amazon 2
github 2
seebug 1
prion 2
atlassian 4
photon 8
qualysblog 1
redhat 4
gentoo 1
ubuntu 1
rosalinux 1
oracle 4
osv
osv
tomcat9 - security update
2021-08-09 00:00:00
tomcat8 - security update
2021-08-05 00:00:00
CVE-2021-30640
2021-07-12 15:15:08
debian
debian
[SECURITY] [DLA 2733-1] tomcat8 security update
2021-08-05 21:40:35
[SECURITY] [DSA 4952-1] tomcat9 security update
2021-08-09 21:06:14
[SECURITY] [DSA 4984-1] tomcat9 security update
2021-10-14 20:33:21
nessus
nessus
Debian DSA-4952-1 : tomcat9 - security update
2021-08-10 00:00:00
Debian DLA-2733-1 : tomcat8 - LTS security update
2021-08-09 00:00:00
SUSE SLES15 Security Update : tomcat (SUSE-SU-2021:3670-1)
2021-11-17 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-2733-1)
2021-08-06 00:00:00
Debian: Security Advisory (DSA-4952-1)
2021-08-12 00:00:00
SUSE: Security Advisory (SUSE-SU-2021:3669-1)
2021-11-17 00:00:00
suse
suse
Security update for tomcat (moderate)
2021-11-19 00:00:00
Security update for tomcat (moderate)
2021-11-16 00:00:00
mageia
mageia
Updated tomcat packages fix security vulnerability
2021-10-23 13:05:28
cve
cve
CVE-2021-33037
2021-07-12 15:15:00
CVE-2021-30640
2021-07-12 15:15:00
freebsd
freebsd
tomcat -- HTTP request smuggling in multiple versions
2021-05-07 00:00:00
tomcat -- JNDI Realm Authentication Weakness in multiple versions
2021-04-08 00:00:00
redhatcve
redhatcve
CVE-2021-30640
2021-07-12 19:46:17
CVE-2021-33037
2021-07-12 18:56:38
ibm
ibm
Security Bulletin: Open Source Apache Tomcat vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (CVE-2021-30640)
2021-08-24 10:04:38
Security Bulletin: IBM Rational Build Forge is affected by Apache Tomcat version used in it. (CVE-2021-30640)
2022-07-07 16:39:00
Security Bulletin: IBM UrbanCode Release is affected by CVE-2021-30640
2022-01-25 07:56:03
f5
f5
K35033051 : Tomcat vulnerability CVE-2021-30640
2021-07-28 00:00:00
K32469285 : Apache Tomcat vulnerability CVE-2021-33037
2021-08-06 00:00:00
ubuntucve
ubuntucve
CVE-2021-30640
2021-07-12 00:00:00
CVE-2021-33037
2021-07-12 00:00:00
tomcat
tomcat
Fixed in Apache Tomcat 9.0.46
2021-05-12 00:00:00
Fixed in Apache Tomcat 8.5.66
2021-05-12 00:00:00
Fixed in Apache Tomcat 7.0.109
2021-04-26 00:00:00
debiancve
debiancve
CVE-2021-30640
2021-07-12 15:15:00
CVE-2021-33037
2021-07-12 15:15:00
veracode
veracode
Request Smuggling
2021-07-30 03:29:00
Access Restriction Bypass
2021-07-13 03:39:12
kaspersky
kaspersky
KLA12217 SB vulnerability in Apache Tomcat
2021-05-12 00:00:00
KLA12218 SB vulnerability in Apache Tomcat
2021-06-15 00:00:00
amazon
amazon
Low: tomcat7
2021-09-02 22:54:00
Medium: tomcat8
2021-09-02 22:54:00
github
github
Authentication Bypass by Alternate Name in Apache Tomcat
2021-08-13 15:21:24
HTTP Request Smuggling in Apache Tomcat
2021-08-13 15:21:14
seebug
seebug
Apache Tomcat HTTP请求走私(CVE-2021-33037)
2021-07-27 00:00:00
prion
prion
Cross site request forgery (csrf)
2021-07-12 15:15:00
Design/Logic Flaw
2021-07-12 15:15:00
atlassian
atlassian
Request smuggling via a vulnerable version of Apache Tomcat - CVE-2021-33037
2022-01-06 02:02:04
Upgrade the bundled version of Apache Tomcat to 8.5.68 or later
2021-07-14 11:35:20
Tomcat versions bundled with the Crowd product are vulnerable to CVE-2021-33037
2022-03-10 04:57:07
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-1.0-0420
2021-07-30 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-2.0-0375
2021-07-30 00:00:00
Moderate Photon OS Security Update - PHSA-2021-0277
2021-07-30 00:00:00
qualysblog
qualysblog
Apache Tomcat HTTP Request Smuggling Vulnerability (CVE-2021-33037)
2021-10-27 12:07:58
redhat
redhat
(RHSA-2021:4863) Important: Red Hat JBoss Web Server 5.6.0 Security release
2021-11-30 14:21:16
(RHSA-2021:4861) Important: Red Hat JBoss Web Server 5.6.0 Security release
2021-11-30 14:19:46
(RHSA-2022:1179) Important: Red Hat support for Spring Boot 2.5.10 update
2022-04-12 19:02:50
gentoo
gentoo
Apache Tomcat: Multiple Vulnerabilities
2022-08-21 00:00:00
ubuntu
ubuntu
Tomcat vulnerabilities
2022-03-31 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2258
2023-10-21 16:49:43
oracle
oracle
Oracle Critical Patch Update Advisory - July 2021
2021-07-20 00:00:00
Oracle Critical Patch Update Advisory - January 2022
2022-01-18 00:00:00
Oracle Critical Patch Update Advisory - October 2021
2021-10-19 00:00:00
JSON
Related for AL2_ALASTOMCAT8_5-2023-007.NASL
osv8debian3nessus42openvas17suse2mageia1cve2freebsd2redhatcve2ibm13f52ubuntucve2tomcat7debiancve2veracode2kaspersky2amazon2github2seebug1prion2atlassian4photon8qualysblog1redhat4gentoo1ubuntu1rosalinux1oracle4