Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.ALA_ALAS-2023-1738.NASL
HistoryMay 04, 2023 - 12:00 a.m.

Amazon Linux AMI : tomcat7 (ALAS-2023-1738)

2023-05-0400:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
14
JSON

The version of tomcat7 installed on the remote host is prior to 7.0.109-1.42. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1738 advisory.

  • When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request. (CVE-2017-12616)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux AMI Security Advisory ALAS-2023-1738.
##

include('compat.inc');

if (description)
{
  script_id(175088);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/09/15");

  script_cve_id("CVE-2017-12616", "CVE-2022-4132", "CVE-2023-24998");
  script_xref(name:"IAVA", value:"2023-A-0112-S");

  script_name(english:"Amazon Linux AMI : tomcat7 (ALAS-2023-1738)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux AMI host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"The version of tomcat7 installed on the remote host is prior to 7.0.109-1.42. It is, therefore, affected by multiple
vulnerabilities as referenced in the ALAS-2023-1738 advisory.

  - When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security
    constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a
    specially crafted request. (CVE-2017-12616)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2023-1738.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2017-12616.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2022-4132.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2023-24998.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/faqs.html");
  script_set_attribute(attribute:"solution", value:
"Run 'yum update tomcat7' to update your system.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-12616");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"d2_elliot_name", value:"Apache Tomcat VirtualDirContext Class File Handling Remote JSP Source Code Disclosure");
  script_set_attribute(attribute:"exploit_framework_d2_elliot", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/02/20");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/04/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/05/04");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat7");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat7-admin-webapps");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat7-docs-webapp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat7-el-2.2-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat7-javadoc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat7-jsp-2.2-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat7-lib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat7-log4j");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat7-servlet-3.0-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tomcat7-webapps");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Amazon Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}

include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var alas_release = get_kb_item("Host/AmazonLinux/release");
if (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, "Amazon Linux");
var os_ver = pregmatch(pattern: "^AL(A|\d+|-\d+)", string:alas_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "A")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var pkgs = [
    {'reference':'tomcat7-7.0.109-1.42.amzn1', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'tomcat7-admin-webapps-7.0.109-1.42.amzn1', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'tomcat7-docs-webapp-7.0.109-1.42.amzn1', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'tomcat7-el-2.2-api-7.0.109-1.42.amzn1', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'tomcat7-javadoc-7.0.109-1.42.amzn1', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'tomcat7-jsp-2.2-api-7.0.109-1.42.amzn1', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'tomcat7-lib-7.0.109-1.42.amzn1', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'tomcat7-log4j-7.0.109-1.42.amzn1', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'tomcat7-servlet-3.0-api-7.0.109-1.42.amzn1', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'tomcat7-webapps-7.0.109-1.42.amzn1', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE}
];

var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  var exists_check = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "tomcat7 / tomcat7-admin-webapps / tomcat7-docs-webapp / etc");
}
VendorProductVersionCPE
amazonlinuxtomcat7p-cpe:/a:amazon:linux:tomcat7
amazonlinuxtomcat7-admin-webappsp-cpe:/a:amazon:linux:tomcat7-admin-webapps
amazonlinuxtomcat7-docs-webappp-cpe:/a:amazon:linux:tomcat7-docs-webapp
amazonlinuxtomcat7-el-2.2-apip-cpe:/a:amazon:linux:tomcat7-el-2.2-api
amazonlinuxtomcat7-javadocp-cpe:/a:amazon:linux:tomcat7-javadoc
amazonlinuxtomcat7-jsp-2.2-apip-cpe:/a:amazon:linux:tomcat7-jsp-2.2-api
amazonlinuxtomcat7-libp-cpe:/a:amazon:linux:tomcat7-lib
amazonlinuxtomcat7-log4jp-cpe:/a:amazon:linux:tomcat7-log4j
amazonlinuxtomcat7-servlet-3.0-apip-cpe:/a:amazon:linux:tomcat7-servlet-3.0-api
amazonlinuxtomcat7-webappsp-cpe:/a:amazon:linux:tomcat7-webapps
Rows per page:
1-10 of 111

Related

amazon 4
prion 4
debiancve 3
veracode 2
redhatcve 4
osv 10
archlinux 1
openvas 17
checkpoint_advisories 1
nessus 24
dsquare 1
cve 3
f5 2
github 3
debian 1
vaadin 1
tomcat 7
ibm 93
cgr 1
cisa 1
cnvd 2
kaspersky 3
ubuntucve 3
mageia 2
githubexploit 1
wolfi 1
myhack58 1
seebug 1
alpinelinux 1
atlassian 1
amazon
amazon
Important: tomcat7
2023-04-27 16:19:00
Important: tomcat
2023-04-27 18:36:00
Important: tomcat
2024-04-11 01:07:00
prion
prion
Design/Logic Flaw
2017-09-19 13:29:00
Default credentials
2023-02-20 16:15:00
Memory corruption
2023-10-04 12:15:00
debiancve
debiancve
CVE-2017-12616
2017-09-19 13:29:00
CVE-2023-24998
2023-02-20 16:15:10
CVE-2022-4132
2023-10-04 12:15:10
veracode
veracode
Information Disclosure
2017-09-20 02:23:33
Denial Of Service (DoS)
2023-02-24 11:02:57
redhatcve
redhatcve
CVE-2017-12616
2019-10-08 03:55:37
CVE-2023-24998
2023-02-21 21:59:14
CVE-2022-4132
2022-11-23 20:26:00
osv
osv
tomcat7 - security update
2017-09-24 00:00:00
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
2022-05-14 01:10:16
CVE-2017-12616
2017-09-19 13:29:00
archlinux
archlinux
[ASA-201709-17] tomcat7: information disclosure
2017-09-19 00:00:00
openvas
openvas
Apache Tomcat 'VirtualDirContext' Information Disclosure Vulnerability - Windows
2017-09-25 00:00:00
Debian: Security Advisory (DLA-1108-1)
2018-02-06 00:00:00
Apache Tomcat 'VirtualDirContext' Information Disclosure Vulnerability - Linux
2017-09-25 00:00:00
checkpoint_advisories
checkpoint_advisories
Apache Tomcat VirtualDirContext Information Disclosure (CVE-2017-12616)
2017-10-02 00:00:00
nessus
nessus
Debian DLA-1108-1 : tomcat7 security update
2017-09-25 00:00:00
Apache Tomcat 10.1.0.M1 < 10.1.5
2023-02-20 00:00:00
EulerOS 2.0 SP8 : tomcat (EulerOS-SA-2023-1612)
2023-04-12 00:00:00
dsquare
dsquare
Apache Tomcat VirtualDirContext Class File Handling Remote JSP Source Code Disclosure
2018-03-09 00:00:00
cve
cve
CVE-2017-12616
2017-09-19 13:29:00
CVE-2023-24998
2023-02-20 16:15:10
CVE-2022-4132
2023-10-04 12:15:10
f5
f5
K24335161 : Apache Tomcat vulnerability CVE-2017-12616
2017-09-28 00:00:00
K000133052 : Apache Commons FileUpload vulnerability CVE-2023-24998
2023-03-18 00:00:00
github
github
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
2022-05-14 01:10:16
DoS vulnerabilities persist in ESAPI file uploads despite remediation of CVE-2023-24998
2023-10-27 21:55:44
Apache Commons FileUpload denial of service vulnerability
2023-02-20 18:30:17
debian
debian
[SECURITY] [DLA 1108-1] tomcat7 security update
2017-09-24 16:53:09
vaadin
vaadin
Apache Commons FileUpload - DoS with excessive parts
2023-06-22 00:00:00
tomcat
tomcat
Fixed in Apache Tomcat 10.1.5
2023-01-13 00:00:00
Fixed in Apache Tomcat 9.0.71
2023-01-13 00:00:00
Fixed in Apache Tomcat 8.5.85
2023-01-19 00:00:00
ibm
ibm
Security Bulletin: IBM® MobileFirst Platform is vulnerable to CVE-2023-24998
2023-05-22 19:32:30
Security Bulletin: Denial of Service vulnerability in Apache commons-fileupload may affect IBM Business Automation Workflow (CVE-2023-24998)
2023-05-15 17:19:49
Security Bulletin: Denial of Service in Apache Commons used by WebSphere Application Server affect IBM Operations Analytics - Log Analysis (CVE-2023-24998)
2023-05-10 14:42:12
cgr
cgr
CVE-2023-24998 vulnerabilities
2024-05-07 21:06:45
cisa
cisa
Apache Releases Security Updates for Apache Tomcat
2017-09-19 00:00:00
cnvd
cnvd
Apache Commons FileUpload Denial of Service Vulnerability (CNVD-2023-23552)
2023-02-22 00:00:00
Apache Tomcat has an unspecified vulnerability
2022-11-25 00:00:00
kaspersky
kaspersky
KLA40221 DoS vulnerability in Apache Tomcat
2023-01-13 00:00:00
KLA40220 DoS vulnerability in Apache Tomcat
2023-01-19 00:00:00
KLA11106 Multiple vulnerabilities in Apache Tomcat
2017-09-19 00:00:00
ubuntucve
ubuntucve
CVE-2023-24998
2023-02-20 00:00:00
CVE-2022-4132
2023-10-04 00:00:00
CVE-2017-12616
2017-09-19 00:00:00
mageia
mageia
Updated apache-commons-fileupload packages fix security vulnerability
2023-02-27 23:27:16
Updated tomcat packages fix security vulnerability
2017-09-21 16:43:32
githubexploit
githubexploit
Exploit for Allocation of Resources Without Limits or Throttling in Apache Commons Fileupload
2023-03-29 01:36:29
wolfi
wolfi
CVE-2023-24998 vulnerabilities
2024-05-07 21:06:45
myhack58
myhack58
Tomcat remote code execution vulnerability flaws bug research CVE-2017-12615 and patch Bypass-vulnerability warning-the black bar safety net
2017-09-20 00:00:00
seebug
seebug
Tomcat code execution vulnerability(CVE-2017-12615)
2017-09-20 00:00:00
alpinelinux
alpinelinux
CVE-2023-27901
2023-03-10 21:15:00
atlassian
atlassian
Third-Party Dependency Vulnerability in Confluence
2023-07-13 10:00:53
JSON
Related for ALA_ALAS-2023-1738.NASL
amazon4prion4debiancve3veracode2redhatcve4osv10archlinux1openvas17checkpoint_advisories1nessus24dsquare1cve3f52github3debian1vaadin1tomcat7ibm93cgr1cisa1cnvd2kaspersky3ubuntucve3mageia2githubexploit1wolfi1myhack581seebug1alpinelinux1atlassian1