Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.ALA_ALAS-2021-1472.NASL
HistoryJan 14, 2021 - 12:00 a.m.

Amazon Linux AMI : tomcat7 (ALAS-2021-1472)

2021-01-1400:00:00
This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12
JSON

The version of tomcat7 installed on the remote host is prior to 7.0.107-1.39. It is, therefore, affected by a vulnerability as referenced in the ALAS-2021-1472 advisory.

  • In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely. (CVE-2020-1935)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

##
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux AMI Security Advisory ALAS-2021-1472.
##

include('compat.inc');

if (description)
{
  script_id(145002);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2020-1935");
  script_xref(name:"ALAS", value:"2021-1472");

  script_name(english:"Amazon Linux AMI : tomcat7 (ALAS-2021-1472)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux AMI host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"The version of tomcat7 installed on the remote host is prior to 7.0.107-1.39. It is, therefore, affected by a
vulnerability as referenced in the ALAS-2021-1472 advisory.

  - In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used
    an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led
    to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly
    handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered
    unlikely. (CVE-2020-1935)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2021-1472.html");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-1935");
  script_set_attribute(attribute:"solution", value:
"Run 'yum update tomcat7' to update your system.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-1935");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/02/24");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/01/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2021/01/14");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat7");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat7-admin-webapps");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat7-docs-webapp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat7-el-2.2-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat7-javadoc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat7-jsp-2.2-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat7-lib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat7-log4j");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat7-servlet-3.0-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat7-webapps");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Amazon Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "A")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

pkgs = [
    {'reference':'tomcat7-7.0.107-1.39.amzn1', 'release':'ALA'},
    {'reference':'tomcat7-admin-webapps-7.0.107-1.39.amzn1', 'release':'ALA'},
    {'reference':'tomcat7-docs-webapp-7.0.107-1.39.amzn1', 'release':'ALA'},
    {'reference':'tomcat7-el-2.2-api-7.0.107-1.39.amzn1', 'release':'ALA'},
    {'reference':'tomcat7-javadoc-7.0.107-1.39.amzn1', 'release':'ALA'},
    {'reference':'tomcat7-jsp-2.2-api-7.0.107-1.39.amzn1', 'release':'ALA'},
    {'reference':'tomcat7-lib-7.0.107-1.39.amzn1', 'release':'ALA'},
    {'reference':'tomcat7-log4j-7.0.107-1.39.amzn1', 'release':'ALA'},
    {'reference':'tomcat7-servlet-3.0-api-7.0.107-1.39.amzn1', 'release':'ALA'},
    {'reference':'tomcat7-webapps-7.0.107-1.39.amzn1', 'release':'ALA'}
];

flag = 0;
foreach package_array ( pkgs ) {
  reference = NULL;
  release = NULL;
  cpu = NULL;
  el_string = NULL;
  rpm_spec_vers_cmp = NULL;
  allowmaj = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) release = package_array['release'];
  if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (reference && release) {
    if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "tomcat7 / tomcat7-admin-webapps / tomcat7-docs-webapp / etc");
}
VendorProductVersionCPE
amazonlinuxtomcat7p-cpe:/a:amazon:linux:tomcat7
amazonlinuxtomcat7-admin-webappsp-cpe:/a:amazon:linux:tomcat7-admin-webapps
amazonlinuxtomcat7-docs-webappp-cpe:/a:amazon:linux:tomcat7-docs-webapp
amazonlinuxtomcat7-el-2.2-apip-cpe:/a:amazon:linux:tomcat7-el-2.2-api
amazonlinuxtomcat7-javadocp-cpe:/a:amazon:linux:tomcat7-javadoc
amazonlinuxtomcat7-jsp-2.2-apip-cpe:/a:amazon:linux:tomcat7-jsp-2.2-api
amazonlinuxtomcat7-libp-cpe:/a:amazon:linux:tomcat7-lib
amazonlinuxtomcat7-log4jp-cpe:/a:amazon:linux:tomcat7-log4j
amazonlinuxtomcat7-servlet-3.0-apip-cpe:/a:amazon:linux:tomcat7-servlet-3.0-api
amazonlinuxtomcat7-webappsp-cpe:/a:amazon:linux:tomcat7-webapps
Rows per page:
1-10 of 111

Related

nessus 31
osv 8
ubuntucve 1
github 1
amazon 5
redhatcve 1
openvas 15
cgr 1
redhat 10
veracode 1
prion 1
debiancve 1
centos 1
f5 1
oraclelinux 1
cve 1
ibm 10
photon 5
kaspersky 1
debian 4
tomcat 3
mageia 1
ubuntu 1
suse 1
thn 1
atlassian 5
symantec 1
hackerone 1
rocky 1
oracle 3
nessus
nessus
RHEL 7 : tomcat (RHSA-2020:5020)
2020-11-11 00:00:00
Amazon Linux 2 : tomcat (ALAS-2023-2216)
2023-08-23 00:00:00
Virtuozzo 7 : tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc (VZLSA-2020-5020)
2020-12-18 00:00:00
osv
osv
BIT-tomcat-2020-1935
2024-03-06 11:11:33
Potential HTTP request smuggling in Apache Tomcat
2020-02-28 01:10:48
CVE-2020-1935
2020-02-24 22:15:11
ubuntucve
ubuntucve
CVE-2020-1935
2020-02-24 00:00:00
github
github
Potential HTTP request smuggling in Apache Tomcat
2020-02-28 01:10:48
amazon
amazon
Medium: tomcat
2023-08-17 11:58:00
Low: tomcat7
2020-12-16 20:51:00
Low: tomcat7
2021-01-12 22:52:00
redhatcve
redhatcve
CVE-2020-1935
2020-02-25 06:40:48
openvas
openvas
CentOS: Security Advisory for tomcat (CESA-2020:5020)
2020-11-19 00:00:00
Apache Tomcat Multiple Vulnerabilities (Feb 2020) - Windows
2020-02-25 00:00:00
SUSE: Security Advisory (SUSE-SU-2020:2611-1)
2021-04-19 00:00:00
cgr
cgr
CVE-2020-1935 vulnerabilities
2024-05-09 21:06:51
redhat
redhat
(RHSA-2020:5020) Low: tomcat security update
2020-11-10 09:40:58
(RHSA-2021:1030) Low: tomcat security update
2021-03-30 07:25:02
(RHSA-2021:0882) Low: tomcat security update
2021-03-16 13:08:14
veracode
veracode
HTTP Request Smuggling
2020-02-25 05:38:50
prion
prion
Design/Logic Flaw
2020-02-24 22:15:00
debiancve
debiancve
CVE-2020-1935
2020-02-24 22:15:00
centos
centos
tomcat security update
2020-11-18 17:27:18
f5
f5
K43709560 : Apache Tomcat vulnerability CVE-2020-1935
2020-03-06 00:00:00
oraclelinux
oraclelinux
tomcat security update
2020-11-12 00:00:00
cve
cve
CVE-2020-1935
2020-02-24 22:15:00
ibm
ibm
Security Bulletin: CVE-2019-17569, CVE-2020-1935 HTTP Request Smuggling if Tomcat was located behind a reverse proxy
2020-11-05 19:49:28
Security Bulletin: IBM Integration Bus affected by multiple Apache Tomcat vulnerabilities.
2020-06-26 12:28:50
Security Bulletin: Open Source Apache Tomcat vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (CVE-2020-1935, CVE-2019-17569)
2020-07-24 22:19:08
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-1.0-0285
2020-03-20 00:00:00
Critical Photon OS Security Update - PHSA-2020-0285
2020-03-09 00:00:00
Critical Photon OS Security Update - PHSA-2020-0218
2020-03-09 00:00:00
kaspersky
kaspersky
KLA11679 Multiple vulnerabilities in Apache Tomcat
2020-02-24 00:00:00
debian
debian
[SECURITY] [DSA 4673-1] tomcat8 security update
2020-05-03 18:29:53
[SECURITY] [DLA 2133-1] tomcat7 security update
2020-03-04 18:15:06
[SECURITY] [DLA 2209-1] tomcat8 security update
2020-05-28 17:54:05
tomcat
tomcat
Fixed in Apache Tomcat 9.0.31
2020-02-11 00:00:00
Fixed in Apache Tomcat 8.5.51
2020-02-11 00:00:00
Fixed in Apache Tomcat 7.0.100
2020-02-14 00:00:00
mageia
mageia
Updated tomcat packages fix security vulnerabilities
2020-03-10 22:04:50
ubuntu
ubuntu
Tomcat vulnerabilities
2020-08-04 00:00:00
suse
suse
Security update for tomcat (important)
2020-03-15 00:00:00
thn
thn
GhostCat: New High-Risk Vulnerability Affects Servers Running Apache Tomcat
2020-02-28 13:00:00
atlassian
atlassian
Upgrade Tomcat to version 8.5.75 - CVE-2020-9484/CVE-2022-23181
2022-01-27 13:24:58
Upgrade Tomcat to 8.5.50 to fix CVE-2019-17563 & CVE-2019-12418
2020-01-15 15:29:54
Upgrade Tomcat to 8.5.50 to fix CVE-2019-17563 & CVE-2019-12418
2020-01-15 15:29:54
symantec
symantec
Apache Tomcat Vulnerabilities Oct 2018 – Feb 2020
2020-05-12 19:02:01
hackerone
hackerone
U.S. Dept Of Defense: Tomcat examples available for public, Disclosure Apache Tomcat version, Critical/High/Medium CVE
2020-05-14 19:38:44
rocky
rocky
pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update
2020-11-03 12:29:58
oracle
oracle
Oracle Critical Patch Update Advisory - January 2021
2021-01-19 00:00:00
Oracle Critical Patch Update Advisory - October 2020
2020-10-20 00:00:00
Oracle Critical Patch Update Advisory - July 2020
2020-07-14 00:00:00
JSON
Related for ALA_ALAS-2021-1472.NASL
nessus31osv8ubuntucve1github1amazon5redhatcve1openvas15cgr1redhat10veracode1prion1debiancve1centos1f51oraclelinux1cve1ibm10photon5kaspersky1debian4tomcat3mageia1ubuntu1suse1thn1atlassian5symantec1hackerone1rocky1oracle3