Search...

Debian DSA-3428-1 : tomcat8 - security update

2015-12-21T00:00:00

ID DEBIAN_DSA-3428.NASL
Type nessus
Reporter This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2020-05-02T00:00:00

Description

It was discovered that malicious web applications could use the Expression Language to bypass protections of a Security Manager as expressions were evaluated within a privileged code section.

                                        
                                            #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-3428. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include("compat.inc");

if (description)
{
  script_id(87511);
  script_version("2.7");
  script_cvs_date("Date: 2018/11/10 11:49:37");

  script_cve_id("CVE-2014-7810");
  script_xref(name:"DSA", value:"3428");

  script_name(english:"Debian DSA-3428-1 : tomcat8 - security update");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"It was discovered that malicious web applications could use the
Expression Language to bypass protections of a Security Manager as
expressions were evaluated within a privileged code section."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/jessie/tomcat8"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.debian.org/security/2015/dsa-3428"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the tomcat8 packages.

For the stable distribution (jessie), this problem has been fixed in
version 8.0.14-1+deb8u1."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:tomcat8");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2015/12/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/12/21");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"8.0", prefix:"libservlet3.1-java", reference:"8.0.14-1+deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"libservlet3.1-java-doc", reference:"8.0.14-1+deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"libtomcat8-java", reference:"8.0.14-1+deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"tomcat8", reference:"8.0.14-1+deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"tomcat8-admin", reference:"8.0.14-1+deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"tomcat8-common", reference:"8.0.14-1+deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"tomcat8-docs", reference:"8.0.14-1+deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"tomcat8-examples", reference:"8.0.14-1+deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"tomcat8-user", reference:"8.0.14-1+deb8u1")) flag++;

if (flag)
{
  if (report_verbosity &gt; 0) security_warning(port:0, extra:deb_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

JSON Vulners Source

Initial Source

{"id": "DEBIAN_DSA-3428.NASL", "bulletinFamily": "scanner", "title": "Debian DSA-3428-1 : tomcat8 - security update", "description": "It was discovered that malicious web applications could use the\nExpression Language to bypass protections of a Security Manager as\nexpressions were evaluated within a privileged code section.", "published": "2015-12-21T00:00:00", "modified": "2020-05-02T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "href": "https://www.tenable.com/plugins/nessus/87511", "reporter": "This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://packages.debian.org/source/jessie/tomcat8", "https://www.debian.org/security/2015/dsa-3428"], "cvelist": ["CVE-2014-7810"], "type": "nessus", "lastseen": "2020-05-03T02:01:28", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:tomcat8"], "cvelist": ["CVE-2014-7810"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cvss3": {}, "description": "It was discovered that malicious web applications could use the\nExpression Language to bypass protections of a Security Manager as\nexpressions were evaluated within a privileged code section.", "edition": 15, "enchantments": {"dependencies": {"modified": "2020-04-01T06:59:41", "references": [{"idList": ["F5:K38110373", "SOL38110373"], "type": "f5"}, {"idList": ["ALAS-2016-658", "ALAS-2016-657", "ALAS-2016-656"], "type": "amazon"}, {"idList": ["25E0593D-13C0-11E5-9AFB-3C970E169BC2"], "type": "freebsd"}, {"idList": ["DEBIAN:DSA-3447-1:CE269", "DEBIAN:DSA-3428-1:EC79D", "DEBIAN:DLA-232-1:8CB78", "DEBIAN:DSA-3530-1:6A530"], "type": "debian"}, {"idList": ["ELSA-2017-2247", "ELSA-2016-0492", "ELSA-2016-2599", "ELSA-2016-2046"], "type": "oraclelinux"}, {"idList": ["CVE-2014-7810"], "type": "cve"}, {"idList": ["CESA-2016:2046", "CESA-2016:0492"], "type": "centos"}, {"idList": ["ORACLE:CPUJUL2018-4258247"], "type": "oracle"}, {"idList": ["USN-2655-1", "USN-2654-1"], "type": "ubuntu"}, {"idList": ["RHSA-2015:1622", "RHSA-2016:2046", "RHSA-2016:0492", "RHSA-2016:22545"], "type": "redhat"}, {"idList": ["OPENVAS:1361412562310120647", "OPENVAS:1361412562310805701", "OPENVAS:703428", "OPENVAS:1361412562310122909", "OPENVAS:1361412562310120648", "OPENVAS:1361412562310120646", "OPENVAS:1361412562310871581", "OPENVAS:1361412562310882434", "OPENVAS:1361412562310703428", "OPENVAS:1361412562310805702"], "type": "openvas"}, {"idList": ["TOMCAT_7_0_59.NASL", "ORACLELINUX_ELSA-2016-0492.NASL", "ALA_ALAS-2016-657.NASL", "SL_20160323_TOMCAT6_ON_SL6_X.NASL", "ALA_ALAS-2016-656.NASL", "TOMCAT_8_0_17.NASL", "REDHAT-RHSA-2015-1622.NASL", "CENTOS_RHSA-2016-0492.NASL", "FREEBSD_PKG_25E0593D13C011E59AFB3C970E169BC2.NASL", "REDHAT-RHSA-2016-0492.NASL"], "type": "nessus"}, {"idList": ["SECURITYVULNS:VULN:14462", "SECURITYVULNS:DOC:32123"], "type": "securityvulns"}], "rev": 2}, "score": {"modified": "2020-04-01T06:59:41", "rev": 2, "value": 5.9, "vector": "NONE"}}, "hash": "ea70d79097c134e207b06946889d0a0e10abf9bb11393e74ee47242af6dbecfc", "hashmap": [{"hash": "1a3e991f1270d1299d7f25f2519bac72", "key": "pluginID"}, {"hash": "b5bbdd851ff7634dd01c09e00d03be1e", "key": "cvss"}, {"hash": "4a3e3323784614458fe3dc74d29db3e5", "key": "href"}, {"hash": "0c55f6f2d91bfca6a2d650fcae122dc4", "key": "reporter"}, {"hash": "daf42bf61d859c088405e086f799d4ce", "key": "sourceData"}, {"hash": "e4319f8044a9a9b140fe234980033da9", "key": "references"}, {"hash": "85d97e1adf3c67c62823ca04b4f9293a", "key": "description"}, {"hash": "042bae3a06ddca216b6ffa156921831d", "key": "title"}, {"hash": "0c26cbe1df6ba78f5a148d30d2c8b039", "key": "cpe"}, {"hash": "622d8025e3b28396cdac8d7bca94bbf2", "key": "cvelist"}, {"hash": "9cbb53f4166931607d769bd0f59fdae8", "key": "published"}, {"hash": "0658bb008399a687b703257886c78457", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "74562d71b087df9eabd0c21f99b132cc", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/nessus/87511", "id": "DEBIAN_DSA-3428.NASL", "lastseen": "2020-04-01T06:59:41", "modified": "2020-04-02T00:00:00", "naslFamily": "Debian Local Security Checks", "objectVersion": "1.3", "pluginID": "87511", "published": "2015-12-21T00:00:00", "references": ["https://packages.debian.org/source/jessie/tomcat8", "https://www.debian.org/security/2015/dsa-3428"], "reporter": "This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3428. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87511);\n script_version(\"2.7\");\n script_cvs_date(\"Date: 2018/11/10 11:49:37\");\n\n script_cve_id(\"CVE-2014-7810\");\n script_xref(name:\"DSA\", value:\"3428\");\n\n script_name(english:\"Debian DSA-3428-1 : tomcat8 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that malicious web applications could use the\nExpression Language to bypass protections of a Security Manager as\nexpressions were evaluated within a privileged code section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/tomcat8\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2015/dsa-3428\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the tomcat8 packages.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 8.0.14-1+deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libservlet3.1-java\", reference:\"8.0.14-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libservlet3.1-java-doc\", reference:\"8.0.14-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libtomcat8-java\", reference:\"8.0.14-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat8\", reference:\"8.0.14-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat8-admin\", reference:\"8.0.14-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat8-common\", reference:\"8.0.14-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat8-docs\", reference:\"8.0.14-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat8-examples\", reference:\"8.0.14-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat8-user\", reference:\"8.0.14-1+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Debian DSA-3428-1 : tomcat8 - security update", "type": "nessus", "viewCount": 0}, "differentElements": ["modified"], "edition": 15, "lastseen": "2020-04-01T06:59:41"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:tomcat8"], "cvelist": ["CVE-2014-7810"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "It was discovered that malicious web applications could use the Expression Language to bypass protections of a Security Manager as expressions were evaluated within a privileged code section.", "edition": 5, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "d19bdd638398e70d35dad3b5784062ae75f3da82b92fa2c0571a8850a47e47b1", "hashmap": [{"hash": "1a3e991f1270d1299d7f25f2519bac72", "key": "pluginID"}, {"hash": "126aa6199253ddc5259666d479153208", "key": "modified"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "badb37b6ea56e6f6ed47b3e692c1fed8", "key": "references"}, {"hash": "26769fd423968d45be7383413e2552f1", "key": "cvss"}, {"hash": "042bae3a06ddca216b6ffa156921831d", "key": "title"}, {"hash": "0c26cbe1df6ba78f5a148d30d2c8b039", "key": "cpe"}, {"hash": "13b226fb85121a44cc26e24e64c73de6", "key": "description"}, {"hash": "622d8025e3b28396cdac8d7bca94bbf2", "key": "cvelist"}, {"hash": "9cbb53f4166931607d769bd0f59fdae8", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "94ba03e8da0c711307ffa20fda4c0654", "key": "href"}, {"hash": "38809461a6f1e423a6dc82f07df54411", "key": "sourceData"}, {"hash": "74562d71b087df9eabd0c21f99b132cc", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=87511", "id": "DEBIAN_DSA-3428.NASL", "lastseen": "2018-09-02T00:09:09", "modified": "2018-07-10T00:00:00", "naslFamily": "Debian Local Security Checks", "objectVersion": "1.3", "pluginID": "87511", "published": "2015-12-21T00:00:00", "references": ["https://packages.debian.org/source/jessie/tomcat8", "http://www.debian.org/security/2015/dsa-3428"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3428. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87511);\n script_version(\"2.6\");\n script_cvs_date(\"Date: 2018/07/10 14:27:31\");\n\n script_cve_id(\"CVE-2014-7810\");\n script_xref(name:\"DSA\", value:\"3428\");\n\n script_name(english:\"Debian DSA-3428-1 : tomcat8 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that malicious web applications could use the\nExpression Language to bypass protections of a Security Manager as\nexpressions were evaluated within a privileged code section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/tomcat8\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2015/dsa-3428\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the tomcat8 packages.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 8.0.14-1+deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libservlet3.1-java\", reference:\"8.0.14-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libservlet3.1-java-doc\", reference:\"8.0.14-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libtomcat8-java\", reference:\"8.0.14-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat8\", reference:\"8.0.14-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat8-admin\", reference:\"8.0.14-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat8-common\", reference:\"8.0.14-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat8-docs\", reference:\"8.0.14-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat8-examples\", reference:\"8.0.14-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat8-user\", reference:\"8.0.14-1+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Debian DSA-3428-1 : tomcat8 - security update", "type": "nessus", "viewCount": 0}, "differentElements": ["references", "modified", "sourceData"], "edition": 5, "lastseen": "2018-09-02T00:09:09"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2014-7810"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "It was discovered that malicious web applications could use the Expression Language to bypass protections of a Security Manager as expressions were evaluated within a privileged code section.", "edition": 1, "enchantments": {}, "hash": "0bf33a1200cce3cad72fa90380cc545cacdfd4899aeeb5ecba7dfe73a096b727", "hashmap": [{"hash": "7682593865fe3c4bfddc41a9be4d6e7d", "key": "modified"}, {"hash": "1a3e991f1270d1299d7f25f2519bac72", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "badb37b6ea56e6f6ed47b3e692c1fed8", "key": "references"}, {"hash": "26769fd423968d45be7383413e2552f1", "key": "cvss"}, {"hash": "042bae3a06ddca216b6ffa156921831d", "key": "title"}, {"hash": "172b6217f06be9ebf1a4e81944a65518", "key": "sourceData"}, {"hash": "13b226fb85121a44cc26e24e64c73de6", "key": "description"}, {"hash": "622d8025e3b28396cdac8d7bca94bbf2", "key": "cvelist"}, {"hash": "9cbb53f4166931607d769bd0f59fdae8", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "94ba03e8da0c711307ffa20fda4c0654", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "74562d71b087df9eabd0c21f99b132cc", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=87511", "id": "DEBIAN_DSA-3428.NASL", "lastseen": "2016-09-26T17:26:36", "modified": "2016-04-28T00:00:00", "naslFamily": "Debian Local Security Checks", "objectVersion": "1.2", "pluginID": "87511", "published": "2015-12-21T00:00:00", "references": ["https://packages.debian.org/source/jessie/tomcat8", "http://www.debian.org/security/2015/dsa-3428"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3428. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87511);\n script_version(\"$Revision: 2.5 $\");\n script_cvs_date(\"$Date: 2016/04/28 18:33:24 $\");\n\n script_cve_id(\"CVE-2014-7810\");\n script_osvdb_id(122158);\n script_xref(name:\"DSA\", value:\"3428\");\n\n script_name(english:\"Debian DSA-3428-1 : tomcat8 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that malicious web applications could use the\nExpression Language to bypass protections of a Security Manager as\nexpressions were evaluated within a privileged code section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/tomcat8\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2015/dsa-3428\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the tomcat8 packages.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 8.0.14-1+deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libservlet3.1-java\", reference:\"8.0.14-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libservlet3.1-java-doc\", reference:\"8.0.14-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libtomcat8-java\", reference:\"8.0.14-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat8\", reference:\"8.0.14-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat8-admin\", reference:\"8.0.14-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat8-common\", reference:\"8.0.14-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat8-docs\", reference:\"8.0.14-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat8-examples\", reference:\"8.0.14-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat8-user\", reference:\"8.0.14-1+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Debian DSA-3428-1 : tomcat8 - security update", "type": "nessus", "viewCount": 0}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:26:36"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:tomcat8"], "cvelist": ["CVE-2014-7810"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cvss3": {}, "description": "It was discovered that malicious web applications could use the\nExpression Language to bypass protections of a Security Manager as\nexpressions were evaluated within a privileged code section.", "edition": 13, "enchantments": {"dependencies": {"modified": "2020-02-01T06:52:59", "references": [{"idList": ["F5:K38110373", "SOL38110373"], "type": "f5"}, {"idList": ["ALAS-2016-658", "ALAS-2016-657", "ALAS-2016-656"], "type": "amazon"}, {"idList": ["25E0593D-13C0-11E5-9AFB-3C970E169BC2"], "type": "freebsd"}, {"idList": ["DEBIAN:DSA-3447-1:CE269", "DEBIAN:DSA-3428-1:EC79D", "DEBIAN:DLA-232-1:8CB78", "DEBIAN:DSA-3530-1:6A530"], "type": "debian"}, {"idList": ["ELSA-2017-2247", "ELSA-2016-0492", "ELSA-2016-2599", "ELSA-2016-2046"], "type": "oraclelinux"}, {"idList": ["CVE-2014-7810"], "type": "cve"}, {"idList": ["CESA-2016:2046", "CESA-2016:0492"], "type": "centos"}, {"idList": ["OPENVAS:1361412562310120647", "OPENVAS:1361412562310805701", "OPENVAS:703428", "OPENVAS:1361412562310122909", "OPENVAS:1361412562310120646", "OPENVAS:1361412562310871581", "OPENVAS:1361412562310882434", "OPENVAS:1361412562310842262", "OPENVAS:1361412562310703428", "OPENVAS:1361412562310805702"], "type": "openvas"}, {"idList": ["ORACLE:CPUJUL2018-4258247"], "type": "oracle"}, {"idList": ["USN-2655-1", "USN-2654-1"], "type": "ubuntu"}, {"idList": ["TOMCAT_7_0_59.NASL", "ALA_ALAS-2016-658.NASL", "ORACLELINUX_ELSA-2016-0492.NASL", "SL_20160323_TOMCAT6_ON_SL6_X.NASL", "ALA_ALAS-2016-656.NASL", "TOMCAT_8_0_17.NASL", "REDHAT-RHSA-2015-1622.NASL", "CENTOS_RHSA-2016-0492.NASL", "FREEBSD_PKG_25E0593D13C011E59AFB3C970E169BC2.NASL", "REDHAT-RHSA-2016-0492.NASL"], "type": "nessus"}, {"idList": ["RHSA-2015:1622", "RHSA-2016:2046", "RHSA-2016:0492", "RHSA-2016:22545"], "type": "redhat"}, {"idList": ["SECURITYVULNS:VULN:14462", "SECURITYVULNS:DOC:32123"], "type": "securityvulns"}]}, "score": {"modified": "2020-02-01T06:52:59", "value": 5.9, "vector": "NONE"}}, "hash": "84c9c461193f262d2082b1744d9984d647f90ad6fd8cae6149e7b6d144df6ccd", "hashmap": [{"hash": "1a3e991f1270d1299d7f25f2519bac72", "key": "pluginID"}, {"hash": "b5bbdd851ff7634dd01c09e00d03be1e", "key": "cvss"}, {"hash": "4a3e3323784614458fe3dc74d29db3e5", "key": "href"}, {"hash": "0c55f6f2d91bfca6a2d650fcae122dc4", "key": "reporter"}, {"hash": "daf42bf61d859c088405e086f799d4ce", "key": "sourceData"}, {"hash": "e4319f8044a9a9b140fe234980033da9", "key": "references"}, {"hash": "85d97e1adf3c67c62823ca04b4f9293a", "key": "description"}, {"hash": "042bae3a06ddca216b6ffa156921831d", "key": "title"}, {"hash": "0c26cbe1df6ba78f5a148d30d2c8b039", "key": "cpe"}, {"hash": "622d8025e3b28396cdac8d7bca94bbf2", "key": "cvelist"}, {"hash": "9cbb53f4166931607d769bd0f59fdae8", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "248ddfee5cc8aa2c1a4fce14baf1e1b1", "key": "modified"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "74562d71b087df9eabd0c21f99b132cc", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/nessus/87511", "id": "DEBIAN_DSA-3428.NASL", "lastseen": "2020-02-01T06:52:59", "modified": "2020-02-02T00:00:00", "naslFamily": "Debian Local Security Checks", "objectVersion": "1.3", "pluginID": "87511", "published": "2015-12-21T00:00:00", "references": ["https://packages.debian.org/source/jessie/tomcat8", "https://www.debian.org/security/2015/dsa-3428"], "reporter": "This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3428. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87511);\n script_version(\"2.7\");\n script_cvs_date(\"Date: 2018/11/10 11:49:37\");\n\n script_cve_id(\"CVE-2014-7810\");\n script_xref(name:\"DSA\", value:\"3428\");\n\n script_name(english:\"Debian DSA-3428-1 : tomcat8 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that malicious web applications could use the\nExpression Language to bypass protections of a Security Manager as\nexpressions were evaluated within a privileged code section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/tomcat8\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2015/dsa-3428\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the tomcat8 packages.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 8.0.14-1+deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libservlet3.1-java\", reference:\"8.0.14-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libservlet3.1-java-doc\", reference:\"8.0.14-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libtomcat8-java\", reference:\"8.0.14-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat8\", reference:\"8.0.14-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat8-admin\", reference:\"8.0.14-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat8-common\", reference:\"8.0.14-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat8-docs\", reference:\"8.0.14-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat8-examples\", reference:\"8.0.14-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat8-user\", reference:\"8.0.14-1+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Debian DSA-3428-1 : tomcat8 - security update", "type": "nessus", "viewCount": 0}, "differentElements": ["modified"], "edition": 13, "lastseen": "2020-02-01T06:52:59"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:tomcat8"], "cvelist": ["CVE-2014-7810"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "description": "It was discovered that malicious web applications could use the\nExpression Language to bypass protections of a Security Manager as\nexpressions were evaluated within a privileged code section.", "edition": 9, "enchantments": {"dependencies": {"modified": "2019-10-28T20:06:07", "references": [{"idList": ["F5:K38110373", "SOL38110373"], "type": "f5"}, {"idList": ["ALAS-2016-658", "ALAS-2016-657", "ALAS-2016-656"], "type": "amazon"}, {"idList": ["25E0593D-13C0-11E5-9AFB-3C970E169BC2"], "type": "freebsd"}, {"idList": ["DEBIAN:DSA-3447-1:CE269", "DEBIAN:DSA-3428-1:EC79D", "DEBIAN:DLA-232-1:8CB78", "DEBIAN:DSA-3530-1:6A530"], "type": "debian"}, {"idList": ["ELSA-2017-2247", "ELSA-2016-0492", "ELSA-2016-2599", "ELSA-2016-2046"], "type": "oraclelinux"}, {"idList": ["CVE-2014-7810"], "type": "cve"}, {"idList": ["TOMCAT_7_0_59.NASL", "UBUNTU_USN-2655-1.NASL", "ORACLELINUX_ELSA-2016-0492.NASL", "SL_20160323_TOMCAT6_ON_SL6_X.NASL", "ALA_ALAS-2016-656.NASL", "TOMCAT_8_0_17.NASL", "REDHAT-RHSA-2015-1622.NASL", "CENTOS_RHSA-2016-0492.NASL", "FREEBSD_PKG_25E0593D13C011E59AFB3C970E169BC2.NASL", "REDHAT-RHSA-2016-0492.NASL"], "type": "nessus"}, {"idList": ["CESA-2016:2046", "CESA-2016:0492"], "type": "centos"}, {"idList": ["ORACLE:CPUJUL2018-4258247"], "type": "oracle"}, {"idList": ["USN-2655-1", "USN-2654-1"], "type": "ubuntu"}, {"idList": ["RHSA-2015:1622", "RHSA-2016:2046", "RHSA-2016:0492", "RHSA-2016:22545"], "type": "redhat"}, {"idList": ["OPENVAS:1361412562310120647", "OPENVAS:1361412562310805701", "OPENVAS:703428", "OPENVAS:1361412562310122909", "OPENVAS:1361412562310120648", "OPENVAS:1361412562310120646", "OPENVAS:1361412562310871581", "OPENVAS:1361412562310882434", "OPENVAS:1361412562310703428", "OPENVAS:1361412562310805702"], "type": "openvas"}, {"idList": ["SECURITYVULNS:VULN:14462", "SECURITYVULNS:DOC:32123"], "type": "securityvulns"}]}, "score": {"modified": "2019-10-28T20:06:07", "value": 5.9, "vector": "NONE"}}, "hash": "4d10ccc724ab604d81d7cda2ca35391a6e9c7d85325ec83e99568cbb03f2495e", "hashmap": [{"hash": "1a3e991f1270d1299d7f25f2519bac72", "key": "pluginID"}, {"hash": "b5bbdd851ff7634dd01c09e00d03be1e", "key": "cvss"}, {"hash": "4a3e3323784614458fe3dc74d29db3e5", "key": "href"}, {"hash": "0c55f6f2d91bfca6a2d650fcae122dc4", "key": "reporter"}, {"hash": "daf42bf61d859c088405e086f799d4ce", "key": "sourceData"}, {"hash": "e4319f8044a9a9b140fe234980033da9", "key": "references"}, {"hash": "85d97e1adf3c67c62823ca04b4f9293a", "key": "description"}, {"hash": "042bae3a06ddca216b6ffa156921831d", "key": "title"}, {"hash": "0c26cbe1df6ba78f5a148d30d2c8b039", "key": "cpe"}, {"hash": "622d8025e3b28396cdac8d7bca94bbf2", "key": "cvelist"}, {"hash": "9cbb53f4166931607d769bd0f59fdae8", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0bafb6325bcaf483a25404f785191cc5", "key": "modified"}, {"hash": "74562d71b087df9eabd0c21f99b132cc", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/nessus/87511", "id": "DEBIAN_DSA-3428.NASL", "lastseen": "2019-10-28T20:06:07", "modified": "2019-10-02T00:00:00", "naslFamily": "Debian Local Security Checks", "objectVersion": "1.3", "pluginID": "87511", "published": "2015-12-21T00:00:00", "references": ["https://packages.debian.org/source/jessie/tomcat8", "https://www.debian.org/security/2015/dsa-3428"], "reporter": "This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3428. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87511);\n script_version(\"2.7\");\n script_cvs_date(\"Date: 2018/11/10 11:49:37\");\n\n script_cve_id(\"CVE-2014-7810\");\n script_xref(name:\"DSA\", value:\"3428\");\n\n script_name(english:\"Debian DSA-3428-1 : tomcat8 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that malicious web applications could use the\nExpression Language to bypass protections of a Security Manager as\nexpressions were evaluated within a privileged code section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/tomcat8\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2015/dsa-3428\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the tomcat8 packages.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 8.0.14-1+deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libservlet3.1-java\", reference:\"8.0.14-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libservlet3.1-java-doc\", reference:\"8.0.14-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libtomcat8-java\", reference:\"8.0.14-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat8\", reference:\"8.0.14-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat8-admin\", reference:\"8.0.14-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat8-common\", reference:\"8.0.14-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat8-docs\", reference:\"8.0.14-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat8-examples\", reference:\"8.0.14-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat8-user\", reference:\"8.0.14-1+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Debian DSA-3428-1 : tomcat8 - security update", "type": "nessus", "viewCount": 0}, "differentElements": ["modified"], "edition": 9, "lastseen": "2019-10-28T20:06:07"}], "edition": 16, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "0c26cbe1df6ba78f5a148d30d2c8b039"}, {"key": "cvelist", "hash": "622d8025e3b28396cdac8d7bca94bbf2"}, {"key": "cvss", "hash": "b5bbdd851ff7634dd01c09e00d03be1e"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "85d97e1adf3c67c62823ca04b4f9293a"}, {"key": "href", "hash": "4a3e3323784614458fe3dc74d29db3e5"}, {"key": "modified", "hash": "e4757e4aab0a377bb88b128421c866e9"}, {"key": "naslFamily", "hash": "74562d71b087df9eabd0c21f99b132cc"}, {"key": "pluginID", "hash": "1a3e991f1270d1299d7f25f2519bac72"}, {"key": "published", "hash": "9cbb53f4166931607d769bd0f59fdae8"}, {"key": "references", "hash": "e4319f8044a9a9b140fe234980033da9"}, {"key": "reporter", "hash": "0c55f6f2d91bfca6a2d650fcae122dc4"}, {"key": "sourceData", "hash": "daf42bf61d859c088405e086f799d4ce"}, {"key": "title", "hash": "042bae3a06ddca216b6ffa156921831d"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "1c9689a0012600b4b73ba9d74ee50b3c9eee0377e0ad7328f01888bdf54c0e23", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-7810"]}, {"type": "f5", "idList": ["SOL38110373", "F5:K38110373"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:32123", "SECURITYVULNS:VULN:14462"]}, {"type": "redhat", "idList": ["RHSA-2016:0492", "RHSA-2016:22545", "RHSA-2015:1622", "RHSA-2016:2046"]}, {"type": "oraclelinux", "idList": ["ELSA-2017-2247", "ELSA-2016-0492", "ELSA-2016-2046", "ELSA-2016-2599"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2016-0492.NASL", "REDHAT-RHSA-2016-0492.NASL", "ALA_ALAS-2016-657.NASL", "TOMCAT_8_0_17.NASL", "ORACLELINUX_ELSA-2016-0492.NASL", "REDHAT-RHSA-2015-1622.NASL", "FREEBSD_PKG_25E0593D13C011E59AFB3C970E169BC2.NASL", "ALA_ALAS-2016-656.NASL", "SL_20160323_TOMCAT6_ON_SL6_X.NASL", "TOMCAT_7_0_59.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310805702", "OPENVAS:1361412562310882434", "OPENVAS:1361412562310805701", "OPENVAS:1361412562310120648", "OPENVAS:1361412562310871581", "OPENVAS:1361412562310120646", "OPENVAS:703428", "OPENVAS:1361412562310120647", "OPENVAS:1361412562310703428", "OPENVAS:1361412562310122909"]}, {"type": "debian", "idList": ["DEBIAN:DLA-232-1:8CB78", "DEBIAN:DSA-3428-1:EC79D", "DEBIAN:DSA-3530-1:6A530", "DEBIAN:DSA-3447-1:CE269"]}, {"type": "centos", "idList": ["CESA-2016:2046", "CESA-2016:0492"]}, {"type": "amazon", "idList": ["ALAS-2016-656", "ALAS-2016-658", "ALAS-2016-657"]}, {"type": "freebsd", "idList": ["25E0593D-13C0-11E5-9AFB-3C970E169BC2"]}, {"type": "ubuntu", "idList": ["USN-2654-1", "USN-2655-1"]}, {"type": "oracle", "idList": ["ORACLE:CPUJUL2018-4258247"]}], "modified": "2020-05-03T02:01:28", "rev": 2}, "score": {"value": 5.9, "vector": "NONE", "modified": "2020-05-03T02:01:28", "rev": 2}, "vulnersScore": 5.9}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3428. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87511);\n script_version(\"2.7\");\n script_cvs_date(\"Date: 2018/11/10 11:49:37\");\n\n script_cve_id(\"CVE-2014-7810\");\n script_xref(name:\"DSA\", value:\"3428\");\n\n script_name(english:\"Debian DSA-3428-1 : tomcat8 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that malicious web applications could use the\nExpression Language to bypass protections of a Security Manager as\nexpressions were evaluated within a privileged code section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/tomcat8\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2015/dsa-3428\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the tomcat8 packages.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 8.0.14-1+deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libservlet3.1-java\", reference:\"8.0.14-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libservlet3.1-java-doc\", reference:\"8.0.14-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libtomcat8-java\", reference:\"8.0.14-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat8\", reference:\"8.0.14-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat8-admin\", reference:\"8.0.14-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat8-common\", reference:\"8.0.14-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat8-docs\", reference:\"8.0.14-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat8-examples\", reference:\"8.0.14-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat8-user\", reference:\"8.0.14-1+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "pluginID": "87511", "cpe": ["cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:tomcat8"], "scheme": null}

{"cve": [{"lastseen": "2020-02-14T14:30:38", "bulletinFamily": "NVD", "description": "The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.", "modified": "2019-04-15T16:30:00", "id": "CVE-2014-7810", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7810", "published": "2015-06-07T23:59:00", "title": "CVE-2014-7810", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "f5": [{"lastseen": "2017-06-08T00:16:06", "bulletinFamily": "software", "description": "\nF5 Product Development has assigned ID 466436 (ARX), and INSTALLER-2786 (Traffix) to this vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP AAM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP AFM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP Analytics| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP APM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP ASM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP DNS| None| 12.0.0 - 12.1.1| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP GTM| None| 11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP Link Controller| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP PEM| None| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP PSM| None| 11.4.0 - 11.4.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP WOM| None| 11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP WebSafe| None| 12.0.0 - 12.1.0 \n11.6.0 - 11.6.1| Not vulnerable \n\n| None \nARX| 6.2.0 - 6.4.0| None| Low| Apache Tomcat / WebUI \nEnterprise Manager| None| 3.1.1| Not vulnerable| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 5.0.0 - 5.1.0 \n4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nF5 iWorkflow| None| 2.0.0 - 2.0.1| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nTraffix SDC| 4.0.0 - 4.4.0| 5.0.0| Low| WebUI\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nTo determine the necessary upgrade path for your BIG-IQ system, you should understand the BIG-IQ product offering name changes. For more information, refer to [K21232150: Considerations for upgrading BIG-IQ or F5 iWorkflow systems](<https://support.f5.com/csp/article/K21232150>).\n\nMitigation\n\nTo mitigate this vulnerability for affected F5 products, you should permit management access to F5 products only over a secure network and limit shell access to only trusted users.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "modified": "2016-10-23T20:28:00", "published": "2016-10-23T20:28:00", "id": "F5:K38110373", "href": "https://support.f5.com/csp/article/K38110373", "title": "Apache Tomcat vulnerability CVE-2014-7810", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2016-10-23T21:23:55", "bulletinFamily": "software", "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nTo determine the necessary upgrade path for your BIG-IQ system, you should understand the BIG-IQ product offering name changes. For more information, refer to SOL21232150: Considerations for upgrading BIG-IQ or F5 iWorkflow systems.\n\nMitigation\n\nTo mitigate this vulnerability for affected F5 products, you should permit management access to F5 products only over a secure network and limit shell access to only trusted users.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "modified": "2016-10-23T00:00:00", "published": "2016-10-23T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/k/38/sol38110373.html", "id": "SOL38110373", "type": "f5", "title": "SOL38110373 - Apache Tomcat vulnerability CVE-2014-7810", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:59", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA256\r\n\r\nCVE-2014-7810 Security Manager Bypass\r\n\r\nSeverity: Moderate\r\n\r\nVendor: The Apache Software Foundation\r\n\r\nVersions Affected:\r\n- - Apache Tomcat 8.0.0-RC1 to 8.0.15\r\n- - Apache Tomcat 7.0.0 to 7.0.57\r\n- - Apache Tomcat 6.0.0 to 6.0.43\r\n\r\nDescription:\r\nMalicious web applications could use expression language to bypass the\r\nprotections of a Security Manager as expressions were evaluated within\r\na privileged code section.\r\nThis issue only affects installations that run web applications from\r\nuntrusted sources.\r\n\r\nMitigation:\r\nUsers of affected versions should apply one of the following mitigations\r\n- - Upgrade to Apache Tomcat 8.0.17 or later\r\n (8.0.16 has the fix but was not released)\r\n- - Upgrade to Apache Tomcat 7.0.59 or later\r\n (7.0.58 has the fix but was not released)\r\n- - Upgrade to Apache Tomcat 6.0.44 or later\r\n\r\n\r\nCredit:\r\nThis issue was discovered by the Apache Tomcat security team.\r\n\r\nReferences:\r\n[1] http://tomcat.apache.org/security-8.html\r\n[2] http://tomcat.apache.org/security-7.html\r\n[3] http://tomcat.apache.org/security-6.html\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v2\r\n\r\niQIcBAEBCAAGBQJVVKsbAAoJEBDAHFovYFnnTkYQAMos6+1kaJ+d+h0oGeiG7CDV\r\nPxcQ/AS0LdqXZuC92dXYNv+eQTB+pD0N9ePIyIMwsyEzeS2KGyOw5R8Klsro6lcq\r\neYKH8Tv7egIzKO9dRCqhyWTytl73KPf0h6z4nnVHr/rTJ2/7pJX6x+7fjey5jcO+\r\nG7kCQErj6bnNzgeMM/mLLVlM7YYrbA5hbQgplCdgRO5NpxaL+3raaJ19/gFZKjP3\r\nMqgwg/6uopkgxTFRh8Fprj6tdoPBXZ6Vxy3qJmcuOCt0yktaypqFPLTH+JM6pnme\r\n6/Mdk4u6PhKyGPPlmvrub0priFl32tEyJNBkghHJd2QkYkZrM6t3wcOsgUawPJxZ\r\nhJrq+nJ7CJ3FUzcj9o05M4Q/TJ7seOurhPXF8YMIPn7ibrSb1Eq2Y0yZe/NGij/k\r\ndOZX5m3I62HeS1zjCIcIhKx9i6ZFTvfoe8/bF6/LPgAqfy2AB8+HBrRGVfqUh/QB\r\nw3AdDX7BxDWJKVgz9YknJG9keuR0tLV+MOI0M0LS9LHj9wAiunmq/+x03ZUX+coc\r\nbtTrKnSuZq5sjmX5Xj7rilrSlq1GftGMnQyxOHiIzjCR9b59yS/BX/OkprrFXIAM\r\nNd42B7vxWubKuOhXlyMlDt4QpnM3RsAFaD3irNc3LAQ3kpdtvsinExr3VaCvIcJ1\r\nIETAzUe85oPF2HojrJDu\r\n=2DTj\r\n-----END PGP SIGNATURE-----\r\n\r\n", "modified": "2015-05-17T00:00:00", "published": "2015-05-17T00:00:00", "id": "SECURITYVULNS:DOC:32123", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32123", "title": "[SECURITY] CVE-2014-7810: Apache Tomcat Security Manager Bypass", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:00", "bulletinFamily": "software", "description": "Resources exhaustion, restrictions bypass.", "modified": "2015-05-17T00:00:00", "published": "2015-05-17T00:00:00", "id": "SECURITYVULNS:VULN:14462", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14462", "title": "Apache Tomcat security vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "debian": [{"lastseen": "2019-08-22T02:28:05", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3428-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nDecember 18, 2015 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : tomcat8\nCVE ID : CVE-2014-7810\n\nIt was discovered that malicious web applications could use the\nExpression Language to bypass protections of a Security Manager as\nexpressions were evaluated within a privileged code section.\n \nFor the stable distribution (jessie), this problem has been fixed in\nversion 8.0.14-1+deb8u1.\n\nFor the testing distribution (stretch), this problem has been fixed\nin version 8.0.21-2.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 8.0.21-2.\n\nWe recommend that you upgrade your tomcat8 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2015-12-18T21:14:12", "published": "2015-12-18T21:14:12", "id": "DEBIAN:DSA-3428-1:EC79D", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00335.html", "title": "[SECURITY] [DSA 3428-1] tomcat8 security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-30T02:22:21", "bulletinFamily": "unix", "description": "Package : tomcat6\nVersion : 6.0.41-2+squeeze7\nCVE ID : CVE-2014-0227 CVE-2014-0230 CVE-2014-7810\nDebian Bug : 787010 785312 785316\n\nThe following vulnerabilities were found in Apache Tomcat 6:\n\nCVE-2014-0227\n\n The Tomcat security team identified that it was possible to conduct HTTP\n request smuggling attacks or cause a DoS by streaming malformed data.\n\nCVE-2014-0230\n\n AntBean@secdig, from the Baidu Security Team, disclosed that it was\n possible to cause a limited DoS attack by feeding data by aborting an\n upload.\n\nCVE-2014-7810\n\n The Tomcat security team identified that malicious web applications could\n bypass the Security Manager by the use of expression language.\n\nFor Debian 6 "Squeeze", these issues have been fixed in tomcat6 version\n6.0.41-2+squeeze7.\n", "modified": "2015-05-28T19:26:14", "published": "2015-05-28T19:26:14", "id": "DEBIAN:DLA-232-1:8CB78", "href": "https://lists.debian.org/debian-lts-announce/2015/debian-lts-announce-201505/msg00016.html", "title": "[SECURITY] [DLA 232-1] tomcat6 security update", "type": "debian", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-30T02:22:55", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3447-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nJanuary 17, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : tomcat7\nCVE ID : CVE-2014-7810\n\nIt was discovered that malicious web applications could use the\nExpression Language to bypass protections of a Security Manager as\nexpressions were evaluated within a privileged code section.\n\nFor the oldstable distribution (wheezy), this problem has been fixed\nin version 7.0.28-4+deb7u3. This update also provides fixes for\nCVE-2013-4444, CVE-2014-0075, CVE-2014-0099, CVE-2014-0227 and\nCVE-2014-0230, which were all fixed for the stable distribution (jessie)\nalready.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 7.0.56-3+deb8u1.\n\nFor the testing distribution (stretch), this problem has been fixed\nin version 7.0.61-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 7.0.61-1.\n\nWe recommend that you upgrade your tomcat7 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2016-01-17T15:47:29", "published": "2016-01-17T15:47:29", "id": "DEBIAN:DSA-3447-1:CE269", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2016/msg00017.html", "title": "[SECURITY] [DSA 3447-1] tomcat7 security update", "type": "debian", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-30T02:21:22", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3530-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nMarch 25, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : tomcat6\nCVE ID : CVE-2013-4286 CVE-2013-4322 CVE-2013-4590 CVE-2014-0033 \n CVE-2014-0075 CVE-2014-0096 CVE-2014-0099 CVE-2014-0119\n CVE-2014-0227 CVE-2014-0230 CVE-2014-7810 CVE-2015-5174\n CVE-2015-5345 CVE-2015-5346 CVE-2015-5351 CVE-2016-0706\n CVE-2016-0714 CVE-2016-0763\n\nMultiple security vulnerabilities have been fixed in the Tomcat servlet\nand JSP engine, which may result on bypass of security manager\nrestrictions, information disclosure, denial of service or session\nfixation.\n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 6.0.45+dfsg-1~deb7u1.\n\nWe recommend that you upgrade your tomcat6 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2016-03-25T18:48:21", "published": "2016-03-25T18:48:21", "id": "DEBIAN:DSA-3530-1:6A530", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2016/msg00104.html", "title": "[SECURITY] [DSA 3530-1] tomcat6 security update", "type": "debian", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "centos": [{"lastseen": "2019-12-20T18:27:23", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2016:0492\n\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nIt was found that the expression language resolver evaluated expressions\nwithin a privileged code section. A malicious web application could use\nthis flaw to bypass security manager protections. (CVE-2014-7810)\n\nThis update also fixes the following bug:\n\n* Previously, using a New I/O (NIO) connector in the Apache Tomcat 6 \nservlet resulted in a large memory leak. An upstream patch has been applied\nto fix this bug, and the memory leak no longer occurs. (BZ#1301646)\n\nAll Tomcat 6 users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. Tomcat must be\nrestarted for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2016-March/033804.html\n\n**Affected packages:**\ntomcat6\ntomcat6-admin-webapps\ntomcat6-docs-webapp\ntomcat6-el-2.1-api\ntomcat6-javadoc\ntomcat6-jsp-2.1-api\ntomcat6-lib\ntomcat6-servlet-2.5-api\ntomcat6-webapps\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2016-0492.html", "modified": "2016-03-23T13:09:57", "published": "2016-03-23T13:09:57", "href": "http://lists.centos.org/pipermail/centos-announce/2016-March/033804.html", "id": "CESA-2016:0492", "title": "tomcat6 security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-12-20T18:28:59", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2016:2046\n\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n* It was discovered that the Tomcat packages installed configuration file /usr/lib/tmpfiles.d/tomcat.conf writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. (CVE-2016-5425)\n\n* It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. (CVE-2016-6325)\n\n* It was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could use this flaw to bypass security manager protections. (CVE-2014-7810)\n\n* It was discovered that tomcat used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-5388)\n\n* A session fixation flaw was found in the way Tomcat recycled the requestedSessionSSL field. If at least one web application was configured to use the SSL session ID as the HTTP session ID, an attacker could reuse a previously used session ID for further requests. (CVE-2015-5346)\n\nRed Hat would like to thank Dawid Golunski (http://legalhackers.com) for reporting CVE-2016-5425 and Scott Geary (VendHQ) for reporting CVE-2016-5388. The CVE-2016-6325 issue was discovered by Red Hat Product Security.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2016-October/034159.html\n\n**Affected packages:**\ntomcat\ntomcat-admin-webapps\ntomcat-docs-webapp\ntomcat-el-2.2-api\ntomcat-javadoc\ntomcat-jsp-2.2-api\ntomcat-jsvc\ntomcat-lib\ntomcat-servlet-3.0-api\ntomcat-webapps\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2016-2046.html", "modified": "2016-10-11T18:36:52", "published": "2016-10-11T18:36:52", "href": "http://lists.centos.org/pipermail/centos-announce/2016-October/034159.html", "id": "CESA-2016:2046", "title": "tomcat security update", "type": "centos", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:36:18", "bulletinFamily": "scanner", "description": "This host is installed with Apache Tomcat\n and is prone to security bypass vulnerability.", "modified": "2019-05-10T00:00:00", "published": "2015-06-16T00:00:00", "id": "OPENVAS:1361412562310805702", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805702", "title": "Apache Tomcat SecurityManager Security Bypass Vulnerability - Jun15 (Windows)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_tomcat_securitymanager_sec_bypass_vuln_june15_win.nasl 2015-06-16 15:04:10 +0530 Jun$\n#\n# Apache Tomcat SecurityManager Security Bypass Vulnerability - Jun15 (Windows)\n#\n# Authors:\n# Deependra Bapna <bdeependra@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:tomcat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805702\");\n script_version(\"2019-05-10T11:41:35+0000\");\n script_cve_id(\"CVE-2014-7810\");\n script_bugtraq_id(74665);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-05-10 11:41:35 +0000 (Fri, 10 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2015-06-16 15:04:10 +0530 (Tue, 16 Jun 2015)\");\n script_name(\"Apache Tomcat SecurityManager Security Bypass Vulnerability - Jun15 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apache Tomcat\n and is prone to security bypass vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to the Expression Language\n does not properly consider the possibility of an accessible interface\n implemented by an inaccessible class.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to bypass certain authentication and obtain sensitive information.\");\n\n script_tag(name:\"affected\", value:\"Apache Tomcat 6.x before 6.0.44,\n 7.x before 7.0.58, and 8.x before 8.0.16 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to version 6.0.44 or 7.0.58 or\n 8.0.16 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-6.html\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-7.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Web Servers\");\n script_dependencies(\"gb_apache_tomcat_consolidation.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"apache/tomcat/detected\", \"Host/runs_windows\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(isnull(appPort = get_app_port(cpe:CPE)))\n exit(0);\n\nif(!infos = get_app_version_and_location(cpe:CPE, port:appPort, exit_no_version:TRUE))\n exit(0);\n\nappVer = infos[\"version\"];\npath = infos[\"location\"];\n\nif(appVer =~ \"^6\\.0\")\n{\n if(version_in_range(version:appVer, test_version:\"6.0\", test_version2:\"6.0.43\"))\n {\n fix = \"6.0.44\";\n VULN = TRUE;\n }\n}\n\nif(appVer =~ \"^7\\.0\")\n{\n if(version_in_range(version:appVer, test_version:\"7.0\", test_version2:\"7.0.57\"))\n {\n fix = \"7.0.58\";\n VULN = TRUE;\n }\n}\n\nif(appVer =~ \"^8\\.0\")\n{\n if(version_in_range(version:appVer, test_version:\"8.0\", test_version2:\"8.0.15\"))\n {\n fix = \"8.0.16\";\n VULN = TRUE;\n }\n}\n\nif(VULN)\n{\n report = report_fixed_ver(installed_version:appVer, fixed_version:fix, install_path:path);\n security_message(data:report, port:appPort);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-03-14T18:55:51", "bulletinFamily": "scanner", "description": "Check the version of tomcat6", "modified": "2020-03-13T00:00:00", "published": "2016-03-24T00:00:00", "id": "OPENVAS:1361412562310882434", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882434", "title": "CentOS Update for tomcat6 CESA-2016:0492 centos6", "type": "openvas", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882434\");\n script_version(\"2020-03-13T10:06:41+0000\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 10:06:41 +0000 (Fri, 13 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-03-24 06:15:02 +0100 (Thu, 24 Mar 2016)\");\n script_cve_id(\"CVE-2014-7810\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for tomcat6 CESA-2016:0492 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of tomcat6\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Apache Tomcat is a servlet container for\nthe Java Servlet and JavaServer Pages (JSP) technologies.\n\nIt was found that the expression language resolver evaluated expressions\nwithin a privileged code section. A malicious web application could use\nthis flaw to bypass security manager protections. (CVE-2014-7810)\n\nThis update also fixes the following bug:\n\n * Previously, using a New I/O (NIO) connector in the Apache Tomcat 6\nservlet resulted in a large memory leak. An upstream patch has been applied\nto fix this bug, and the memory leak no longer occurs. (BZ#1301646)\n\nAll Tomcat 6 users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. Tomcat must be\nrestarted for this update to take effect.\");\n script_tag(name:\"affected\", value:\"tomcat6 on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:0492\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-March/021766.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.24~94.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-admin-webapps\", rpm:\"tomcat6-admin-webapps~6.0.24~94.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-docs-webapp\", rpm:\"tomcat6-docs-webapp~6.0.24~94.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-el-2.1-api\", rpm:\"tomcat6-el-2.1-api~6.0.24~94.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-javadoc\", rpm:\"tomcat6-javadoc~6.0.24~94.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-jsp-2.1-api\", rpm:\"tomcat6-jsp-2.1-api~6.0.24~94.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-lib\", rpm:\"tomcat6-lib~6.0.24~94.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-servlet-2.5-api\", rpm:\"tomcat6-servlet-2.5-api~6.0.24~94.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-webapps\", rpm:\"tomcat6-webapps~6.0.24~94.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:36:59", "bulletinFamily": "scanner", "description": "It was discovered that malicious web\napplications could use the Expression Language to bypass protections of a Security\nManager as expressions were evaluated within a privileged code section.", "modified": "2019-03-18T00:00:00", "published": "2015-12-18T00:00:00", "id": "OPENVAS:1361412562310703428", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703428", "title": "Debian Security Advisory DSA 3428-1 (tomcat8 - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3428.nasl 14278 2019-03-18 14:47:26Z cfischer $\n# Auto-generated from advisory DSA 3428-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703428\");\n script_version(\"$Revision: 14278 $\");\n script_cve_id(\"CVE-2014-7810\");\n script_name(\"Debian Security Advisory DSA 3428-1 (tomcat8 - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:47:26 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-12-18 00:00:00 +0100 (Fri, 18 Dec 2015)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2015/dsa-3428.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(9|8)\");\n script_tag(name:\"affected\", value:\"tomcat8 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie),\nthis problem has been fixed in version 8.0.14-1+deb8u1.\n\nFor the testing distribution (stretch), this problem has been fixed\nin version 8.0.21-2.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 8.0.21-2.\n\nWe recommend that you upgrade your tomcat8 packages.\");\n script_tag(name:\"summary\", value:\"It was discovered that malicious web\napplications could use the Expression Language to bypass protections of a Security\nManager as expressions were evaluated within a privileged code section.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libservlet3.1-java\", ver:\"8.0.21-2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libservlet3.1-java-doc\", ver:\"8.0.21-2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtomcat8-java\", ver:\"8.0.21-2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8\", ver:\"8.0.21-2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8-admin\", ver:\"8.0.21-2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8-common\", ver:\"8.0.21-2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8-docs\", ver:\"8.0.21-2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8-examples\", ver:\"8.0.21-2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8-user\", ver:\"8.0.21-2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libservlet3.1-java\", ver:\"8.0.14-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libservlet3.1-java-doc\", ver:\"8.0.14-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtomcat8-java\", ver:\"8.0.14-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8\", ver:\"8.0.14-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8-admin\", ver:\"8.0.14-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8-common\", ver:\"8.0.14-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8-docs\", ver:\"8.0.14-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8-examples\", ver:\"8.0.14-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8-user\", ver:\"8.0.14-1+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-03-14T18:57:23", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2016-0492", "modified": "2020-03-13T00:00:00", "published": "2016-03-23T00:00:00", "id": "OPENVAS:1361412562310122909", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122909", "title": "Oracle Linux Local Check: ELSA-2016-0492", "type": "openvas", "sourceData": "# Copyright (C) 2016 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122909\");\n script_version(\"2020-03-13T10:37:51+0000\");\n script_tag(name:\"creation_date\", value:\"2016-03-23 07:08:56 +0200 (Wed, 23 Mar 2016)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 10:37:51 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Oracle Linux Local Check: ELSA-2016-0492\");\n script_tag(name:\"insight\", value:\"ELSA-2016-0492 - tomcat6 security and bug fix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2016-0492\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2016-0492.html\");\n script_cve_id(\"CVE-2014-7810\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.24~94.el6_7\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat6-admin-webapps\", rpm:\"tomcat6-admin-webapps~6.0.24~94.el6_7\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat6-docs-webapp\", rpm:\"tomcat6-docs-webapp~6.0.24~94.el6_7\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat6-el-2.1-api\", rpm:\"tomcat6-el-2.1-api~6.0.24~94.el6_7\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat6-javadoc\", rpm:\"tomcat6-javadoc~6.0.24~94.el6_7\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat6-jsp-2.1-api\", rpm:\"tomcat6-jsp-2.1-api~6.0.24~94.el6_7\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat6-lib\", rpm:\"tomcat6-lib~6.0.24~94.el6_7\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat6-servlet-2.5-api\", rpm:\"tomcat6-servlet-2.5-api~6.0.24~94.el6_7\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat6-webapps\", rpm:\"tomcat6-webapps~6.0.24~94.el6_7\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-03-14T18:56:47", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2020-03-13T00:00:00", "published": "2016-03-23T00:00:00", "id": "OPENVAS:1361412562310871581", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871581", "title": "RedHat Update for tomcat6 RHSA-2016:0492-01", "type": "openvas", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871581\");\n script_version(\"2020-03-13T10:06:41+0000\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 10:06:41 +0000 (Fri, 13 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-03-23 06:16:59 +0100 (Wed, 23 Mar 2016)\");\n script_cve_id(\"CVE-2014-7810\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for tomcat6 RHSA-2016:0492-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat6'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Apache Tomcat is a servlet container for\nthe Java Servlet and JavaServer Pages (JSP) technologies.\n\nIt was found that the expression language resolver evaluated expressions\nwithin a privileged code section. A malicious web application could use\nthis flaw to bypass security manager protections. (CVE-2014-7810)\n\nThis update also fixes the following bug:\n\n * Previously, using a New I/O (NIO) connector in the Apache Tomcat 6\nservlet resulted in a large memory leak. An upstream patch has been applied\nto fix this bug, and the memory leak no longer occurs. (BZ#1301646)\n\nAll Tomcat 6 users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. Tomcat must be\nrestarted for this update to take effect.\");\n script_tag(name:\"affected\", value:\"tomcat6 on Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2016:0492-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2016-March/msg00057.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.24~94.el6_7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-debuginfo\", rpm:\"tomcat6-debuginfo~6.0.24~94.el6_7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-el-2.1-api\", rpm:\"tomcat6-el-2.1-api~6.0.24~94.el6_7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-jsp-2.1-api\", rpm:\"tomcat6-jsp-2.1-api~6.0.24~94.el6_7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-lib\", rpm:\"tomcat6-lib~6.0.24~94.el6_7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-servlet-2.5-api\", rpm:\"tomcat6-servlet-2.5-api~6.0.24~94.el6_7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:37:02", "bulletinFamily": "scanner", "description": "This host is installed with Apache Tomcat\n and is prone to security bypass vulnerability.", "modified": "2019-05-10T00:00:00", "published": "2015-06-16T00:00:00", "id": "OPENVAS:1361412562310805701", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805701", "title": "Apache Tomcat SecurityManager Security Bypass Vulnerability - Jun15 (Linux)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_tomcat_securitymanager_sec_bypass_vuln_june15_lin.nasl 2015-06-16 15:04:10 +0530 Jun$\n#\n# Apache Tomcat SecurityManager Security Bypass Vulnerability - Jun15 (Linux)\n#\n# Authors:\n# Deependra Bapna <bdeependra@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:tomcat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805701\");\n script_version(\"2019-05-10T11:41:35+0000\");\n script_cve_id(\"CVE-2014-7810\");\n script_bugtraq_id(74665);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-05-10 11:41:35 +0000 (Fri, 10 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2015-06-16 15:04:10 +0530 (Tue, 16 Jun 2015)\");\n script_name(\"Apache Tomcat SecurityManager Security Bypass Vulnerability - Jun15 (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apache Tomcat\n and is prone to security bypass vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to the Expression Language\n does not properly consider the possibility of an accessible interface\n implemented by an inaccessible class.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to bypass certain authentication and obtain sensitive information.\");\n\n script_tag(name:\"affected\", value:\"Apache Tomcat 6.x before 6.0.44,\n 7.x before 7.0.58, and 8.x before 8.0.16 on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to version 6.0.44 or 7.0.58 or\n 8.0.16 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-6.html\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-7.html\");\n script_xref(name:\"URL\", value:\"http://openwall.com/lists/oss-security/2015/04/10/1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Web Servers\");\n script_dependencies(\"gb_apache_tomcat_consolidation.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"apache/tomcat/detected\", \"Host/runs_unixoide\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(isnull(appPort = get_app_port(cpe:CPE)))\n exit(0);\n\nif(!infos = get_app_version_and_location(cpe:CPE, port:appPort, exit_no_version:TRUE))\n exit(0);\n\nappVer = infos[\"version\"];\npath = infos[\"location\"];\n\nif(appVer =~ \"^6\\.0\")\n{\n if(version_in_range(version:appVer, test_version:\"6.0\", test_version2:\"6.0.43\"))\n {\n fix = \"6.0.44\";\n VULN = TRUE;\n }\n}\n\nif(appVer =~ \"^7\\.0\")\n{\n if(version_in_range(version:appVer, test_version:\"7.0\", test_version2:\"7.0.57\"))\n {\n fix = \"7.0.58\";\n VULN = TRUE;\n }\n}\n\nif(appVer =~ \"^8\\.0\")\n{\n if(version_in_range(version:appVer, test_version:\"8.0\", test_version2:\"8.0.15\"))\n {\n fix = \"8.0.16\";\n VULN = TRUE;\n }\n}\n\nif(VULN)\n{\n report = report_fixed_ver(installed_version:appVer, fixed_version:fix, install_path:path);\n security_message(data:report, port:appPort);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2017-07-24T12:53:34", "bulletinFamily": "scanner", "description": "It was discovered that malicious web\napplications could use the Expression Language to bypass protections of a Security\nManager as expressions were evaluated within a privileged code section.", "modified": "2017-07-07T00:00:00", "published": "2015-12-18T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=703428", "id": "OPENVAS:703428", "title": "Debian Security Advisory DSA 3428-1 (tomcat8 - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3428.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3428-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703428);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2014-7810\");\n script_name(\"Debian Security Advisory DSA 3428-1 (tomcat8 - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-12-18 00:00:00 +0100 (Fri, 18 Dec 2015)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3428.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"tomcat8 on Debian Linux\");\n script_tag(name: \"insight\", value: \"Apache Tomcat implements the Java\nServlet and the JavaServer Pages (JSP) specifications from Oracle, and provides\na 'pure Java' HTTP web server environment for Java code to run.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie),\nthis problem has been fixed in version 8.0.14-1+deb8u1.\n\nFor the testing distribution (stretch), this problem has been fixed\nin version 8.0.21-2.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 8.0.21-2.\n\nWe recommend that you upgrade your tomcat8 packages.\");\n script_tag(name: \"summary\", value: \"It was discovered that malicious web\napplications could use the Expression Language to bypass protections of a Security\nManager as expressions were evaluated within a privileged code section.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libservlet3.1-java\", ver:\"8.0.21-2\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libservlet3.1-java-doc\", ver:\"8.0.21-2\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtomcat8-java\", ver:\"8.0.21-2\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8\", ver:\"8.0.21-2\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8-admin\", ver:\"8.0.21-2\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8-common\", ver:\"8.0.21-2\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8-docs\", ver:\"8.0.21-2\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8-examples\", ver:\"8.0.21-2\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8-user\", ver:\"8.0.21-2\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libservlet3.1-java\", ver:\"8.0.14-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libservlet3.1-java-doc\", ver:\"8.0.14-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtomcat8-java\", ver:\"8.0.14-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8\", ver:\"8.0.14-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8-admin\", ver:\"8.0.14-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8-common\", ver:\"8.0.14-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8-docs\", ver:\"8.0.14-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8-examples\", ver:\"8.0.14-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8-user\", ver:\"8.0.14-1+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2020-03-17T22:57:35", "bulletinFamily": "scanner", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "modified": "2020-03-13T00:00:00", "published": "2016-03-11T00:00:00", "id": "OPENVAS:1361412562310120646", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120646", "title": "Amazon Linux: Security Advisory (ALAS-2016-656)", "type": "openvas", "sourceData": "# Copyright (C) 2016 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120646\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2016-03-11 07:09:10 +0200 (Fri, 11 Mar 2016)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2016-656)\");\n script_tag(name:\"insight\", value:\"It was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could use this flaw to bypass security manager protections. (CVE-2014-7810 )It was found that Tomcat would keep connections open after processing requests with a large enough request body. A remote attacker could potentially use this flaw to exhaust the pool of available connections and preventing further, legitimate connections to the Tomcat server to be made. (CVE-2014-0230 )\");\n script_tag(name:\"solution\", value:\"Run yum update tomcat6 to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2016-656.html\");\n script_cve_id(\"CVE-2014-7810\", \"CVE-2014-0230\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2016 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"tomcat6-el-2.1-api\", rpm:\"tomcat6-el-2.1-api~6.0.44~1.3.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.44~1.3.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat6-lib\", rpm:\"tomcat6-lib~6.0.44~1.3.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat6-servlet-2.5-api\", rpm:\"tomcat6-servlet-2.5-api~6.0.44~1.3.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat6-admin-webapps\", rpm:\"tomcat6-admin-webapps~6.0.44~1.3.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat6-javadoc\", rpm:\"tomcat6-javadoc~6.0.44~1.3.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat6-jsp-2.1-api\", rpm:\"tomcat6-jsp-2.1-api~6.0.44~1.3.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat6-webapps\", rpm:\"tomcat6-webapps~6.0.44~1.3.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat6-docs-webapp\", rpm:\"tomcat6-docs-webapp~6.0.44~1.3.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-03-17T22:55:09", "bulletinFamily": "scanner", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "modified": "2020-03-13T00:00:00", "published": "2016-03-11T00:00:00", "id": "OPENVAS:1361412562310120648", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120648", "title": "Amazon Linux: Security Advisory (ALAS-2016-658)", "type": "openvas", "sourceData": "# Copyright (C) 2016 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120648\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2016-03-11 07:09:12 +0200 (Fri, 11 Mar 2016)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2016-658)\");\n script_tag(name:\"insight\", value:\"A directory traversal vulnerability in RequestUtil.java was discovered which allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call. (CVE-2015-5174 )The Mapper component processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character. (CVE-2015-5345 )It was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could use this flaw to bypass security manager protections. (CVE-2014-7810 )\");\n script_tag(name:\"solution\", value:\"Run yum update tomcat8 to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2016-658.html\");\n script_cve_id(\"CVE-2015-5174\", \"CVE-2015-5345\", \"CVE-2014-7810\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2016 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"tomcat8\", rpm:\"tomcat8~8.0.30~1.57.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat8-log4j\", rpm:\"tomcat8-log4j~8.0.30~1.57.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat8-lib\", rpm:\"tomcat8-lib~8.0.30~1.57.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat8-admin-webapps\", rpm:\"tomcat8-admin-webapps~8.0.30~1.57.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat8-javadoc\", rpm:\"tomcat8-javadoc~8.0.30~1.57.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat8-servlet-3.1-api\", rpm:\"tomcat8-servlet-3.1-api~8.0.30~1.57.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat8-el-3.0-api\", rpm:\"tomcat8-el-3.0-api~8.0.30~1.57.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat8-docs-webapp\", rpm:\"tomcat8-docs-webapp~8.0.30~1.57.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat8-jsp-2.3-api\", rpm:\"tomcat8-jsp-2.3-api~8.0.30~1.57.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat8-webapps\", rpm:\"tomcat8-webapps~8.0.30~1.57.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:36:41", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2015-06-26T00:00:00", "id": "OPENVAS:1361412562310842262", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842262", "title": "Ubuntu Update for tomcat6 USN-2655-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for tomcat6 USN-2655-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842262\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-06-26 06:25:12 +0200 (Fri, 26 Jun 2015)\");\n script_cve_id(\"CVE-2014-0227\", \"CVE-2014-0230\", \"CVE-2014-7810\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for tomcat6 USN-2655-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat6'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that Tomcat incorrectly\nhandled data with malformed chunked transfer coding. A remote attacker could\npossibly use this issue to conduct HTTP request smuggling attacks, or cause\nTomcat to consume resources, resulting in a denial of service. (CVE-2014-0227)\n\nIt was discovered that Tomcat incorrectly handled HTTP responses occurring\nbefore the entire request body was finished being read. A remote attacker\ncould possibly use this issue to cause memory consumption, resulting in a\ndenial of service. (CVE-2014-0230)\n\nIt was discovered that the Tomcat Expression Language (EL) implementation\nincorrectly handled accessible interfaces implemented by inaccessible\nclasses. An attacker could possibly use this issue to bypass a\nSecurityManager protection mechanism. (CVE-2014-7810)\");\n script_tag(name:\"affected\", value:\"tomcat6 on Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2655-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2655-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU12\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.35-1ubuntu3.6\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "nessus": [{"lastseen": "2020-03-18T02:47:24", "bulletinFamily": "scanner", "description": "It was found that the expression language resolver evaluated\nexpressions within a privileged code section. A malicious web\napplication could use this flaw to bypass security manager\nprotections. (CVE-2014-7810)\n\nThis update also fixes the following bug :\n\n - Previously, using a New I/O (NIO) connector in the\n Apache Tomcat 6 servlet resulted in a large memory leak.\n An upstream patch has been applied to fix this bug, and\n the memory leak no longer occurs.\n\nTomcat must be restarted for this update to take effect.", "modified": "2016-03-24T00:00:00", "id": "SL_20160323_TOMCAT6_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/90146", "published": "2016-03-24T00:00:00", "title": "Scientific Linux Security Update : tomcat6 on SL6.x i386/x86_64 (20160323)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90146);\n script_version(\"2.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/25\");\n\n script_cve_id(\"CVE-2014-7810\");\n\n script_name(english:\"Scientific Linux Security Update : tomcat6 on SL6.x i386/x86_64 (20160323)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was found that the expression language resolver evaluated\nexpressions within a privileged code section. A malicious web\napplication could use this flaw to bypass security manager\nprotections. (CVE-2014-7810)\n\nThis update also fixes the following bug :\n\n - Previously, using a New I/O (NIO) connector in the\n Apache Tomcat 6 servlet resulted in a large memory leak.\n An upstream patch has been applied to fix this bug, and\n the memory leak no longer occurs.\n\nTomcat must be restarted for this update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1603&L=scientific-linux-errata&F=&S=&P=13333\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3f15523e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-6.0.24-94.el6_7\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-admin-webapps-6.0.24-94.el6_7\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-debuginfo-6.0.24-94.el6_7\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-docs-webapp-6.0.24-94.el6_7\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-el-2.1-api-6.0.24-94.el6_7\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-javadoc-6.0.24-94.el6_7\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-jsp-2.1-api-6.0.24-94.el6_7\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-lib-6.0.24-94.el6_7\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-servlet-2.5-api-6.0.24-94.el6_7\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-webapps-6.0.24-94.el6_7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-debuginfo / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-03-18T03:17:31", "bulletinFamily": "scanner", "description": "According to its self-reported version number, the Apache Tomcat\nserver listening on the remote host is 8.0.x prior to 8.0.17. It is,\ntherefore, affected by a security bypass vulnerability due to a flaw\nthat occurs when handling expression language. A remote attacker can\nexploit this, via a crafted web application, to bypass the security\nmanager protection and execute arbitrary code.\n\nNote that Nessus has not attempted to exploit this issue but has\ninstead relied only on the application", "modified": "2015-05-21T00:00:00", "id": "TOMCAT_8_0_17.NASL", "href": "https://www.tenable.com/plugins/nessus/83765", "published": "2015-05-21T00:00:00", "title": "Apache Tomcat 8.0.x < 8.0.17 Security Manager Bypass", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83765);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/11\");\n\n script_cve_id(\"CVE-2014-7810\");\n script_bugtraq_id(74665);\n\n script_name(english:\"Apache Tomcat 8.0.x < 8.0.17 Security Manager Bypass\");\n script_summary(english:\"Checks the Apache Tomcat Version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apache Tomcat server is affected by a security bypass\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the Apache Tomcat\nserver listening on the remote host is 8.0.x prior to 8.0.17. It is,\ntherefore, affected by a security bypass vulnerability due to a flaw\nthat occurs when handling expression language. A remote attacker can\nexploit this, via a crafted web application, to bypass the security\nmanager protection and execute arbitrary code.\n\nNote that Nessus has not attempted to exploit this issue but has\ninstead relied only on the application's self-reported version number.\");\n # http://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.16_(markt)\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?20b9636e\");\n script_set_attribute(attribute:\"see_also\", value:\"http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.17\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/bugtraq/2015/May/94\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Tomcat version 8.0.17 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-7810\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/05/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n\n\n exit(0);\n}\n\ninclude(\"tomcat_version.inc\");\n\ntomcat_check_version(fixed:\"8.0.16\", min:\"8.0.0\", severity:SECURITY_WARNING, granularity_regex:\"^8(\\.0)?$\");\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-05-01T02:08:53", "bulletinFamily": "scanner", "description": "Updated tomcat6 packages that fix one security issue and one bug are\nnow available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nIt was found that the expression language resolver evaluated\nexpressions within a privileged code section. A malicious web\napplication could use this flaw to bypass security manager\nprotections. (CVE-2014-7810)\n\nThis update also fixes the following bug :\n\n* Previously, using a New I/O (NIO) connector in the Apache Tomcat 6\nservlet resulted in a large memory leak. An upstream patch has been\napplied to fix this bug, and the memory leak no longer occurs.\n(BZ#1301646)\n\nAll Tomcat 6 users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. Tomcat must\nbe restarted for this update to take effect.", "modified": "2020-05-02T00:00:00", "id": "REDHAT-RHSA-2016-0492.NASL", "href": "https://www.tenable.com/plugins/nessus/90115", "published": "2016-03-23T00:00:00", "title": "RHEL 6 : tomcat6 (RHSA-2016:0492)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0492. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90115);\n script_version(\"2.9\");\n script_cvs_date(\"Date: 2019/10/24 15:35:41\");\n\n script_cve_id(\"CVE-2014-7810\");\n script_xref(name:\"RHSA\", value:\"2016:0492\");\n\n script_name(english:\"RHEL 6 : tomcat6 (RHSA-2016:0492)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated tomcat6 packages that fix one security issue and one bug are\nnow available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nIt was found that the expression language resolver evaluated\nexpressions within a privileged code section. A malicious web\napplication could use this flaw to bypass security manager\nprotections. (CVE-2014-7810)\n\nThis update also fixes the following bug :\n\n* Previously, using a New I/O (NIO) connector in the Apache Tomcat 6\nservlet resulted in a large memory leak. An upstream patch has been\napplied to fix this bug, and the memory leak no longer occurs.\n(BZ#1301646)\n\nAll Tomcat 6 users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. Tomcat must\nbe restarted for this update to take effect.\"\n );\n # https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.44\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fc7e8cfb\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:0492\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-7810\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:0492\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"tomcat6-6.0.24-94.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"tomcat6-6.0.24-94.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"tomcat6-6.0.24-94.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"tomcat6-admin-webapps-6.0.24-94.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"tomcat6-admin-webapps-6.0.24-94.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"tomcat6-admin-webapps-6.0.24-94.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"tomcat6-debuginfo-6.0.24-94.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"tomcat6-debuginfo-6.0.24-94.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"tomcat6-debuginfo-6.0.24-94.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"tomcat6-docs-webapp-6.0.24-94.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"tomcat6-docs-webapp-6.0.24-94.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"tomcat6-docs-webapp-6.0.24-94.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"tomcat6-el-2.1-api-6.0.24-94.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"tomcat6-el-2.1-api-6.0.24-94.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"tomcat6-el-2.1-api-6.0.24-94.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"tomcat6-javadoc-6.0.24-94.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"tomcat6-javadoc-6.0.24-94.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"tomcat6-javadoc-6.0.24-94.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"tomcat6-jsp-2.1-api-6.0.24-94.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"tomcat6-jsp-2.1-api-6.0.24-94.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"tomcat6-jsp-2.1-api-6.0.24-94.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"tomcat6-lib-6.0.24-94.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"tomcat6-lib-6.0.24-94.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"tomcat6-lib-6.0.24-94.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"tomcat6-servlet-2.5-api-6.0.24-94.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"tomcat6-servlet-2.5-api-6.0.24-94.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"tomcat6-servlet-2.5-api-6.0.24-94.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"tomcat6-webapps-6.0.24-94.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"tomcat6-webapps-6.0.24-94.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"tomcat6-webapps-6.0.24-94.el6_7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-03-18T03:17:30", "bulletinFamily": "scanner", "description": "According to its self-reported version number, the Apache Tomcat\nserver listening on the remote host is 7.0.x prior to 7.0.59. It is,\ntherefore, affected by a security bypass vulnerability due to a flaw\nthat occurs when handling expression language. A remote attacker can\nexploit this, via a crafted web application, to bypass the security\nmanager protection and execute arbitrary code.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application", "modified": "2015-05-21T00:00:00", "id": "TOMCAT_7_0_59.NASL", "href": "https://www.tenable.com/plugins/nessus/83764", "published": "2015-05-21T00:00:00", "title": "Apache Tomcat 7.0.x < 7.0.59 Security Manager Bypass", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83764);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/11\");\n\n script_cve_id(\"CVE-2014-7810\");\n script_bugtraq_id(74665);\n\n script_name(english:\"Apache Tomcat 7.0.x < 7.0.59 Security Manager Bypass\");\n script_summary(english:\"Checks the Apache Tomcat Version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apache Tomcat server is affected by a security bypass\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the Apache Tomcat\nserver listening on the remote host is 7.0.x prior to 7.0.59. It is,\ntherefore, affected by a security bypass vulnerability due to a flaw\nthat occurs when handling expression language. A remote attacker can\nexploit this, via a crafted web application, to bypass the security\nmanager protection and execute arbitrary code.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n # http://tomcat.apache.org/tomcat-7.0-doc/changelog.html#Tomcat_7.0.58_(violetagg)\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?edd653ec\");\n script_set_attribute(attribute:\"see_also\", value:\"http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.59\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/bugtraq/2015/May/94\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Tomcat version 7.0.59 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-7810\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n\n\n exit(0);\n}\n\ninclude(\"tomcat_version.inc\");\n\ntomcat_check_version(fixed:\"7.0.58\", min:\"7.0.0\", severity:SECURITY_WARNING, granularity_regex:\"^7(\\.0)?$\");\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-05-01T01:58:58", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2016:0492 :\n\nUpdated tomcat6 packages that fix one security issue and one bug are\nnow available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nIt was found that the expression language resolver evaluated\nexpressions within a privileged code section. A malicious web\napplication could use this flaw to bypass security manager\nprotections. (CVE-2014-7810)\n\nThis update also fixes the following bug :\n\n* Previously, using a New I/O (NIO) connector in the Apache Tomcat 6\nservlet resulted in a large memory leak. An upstream patch has been\napplied to fix this bug, and the memory leak no longer occurs.\n(BZ#1301646)\n\nAll Tomcat 6 users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. Tomcat must\nbe restarted for this update to take effect.", "modified": "2020-05-02T00:00:00", "id": "ORACLELINUX_ELSA-2016-0492.NASL", "href": "https://www.tenable.com/plugins/nessus/90111", "published": "2016-03-23T00:00:00", "title": "Oracle Linux 6 : tomcat6 (ELSA-2016-0492)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2016:0492 and \n# Oracle Linux Security Advisory ELSA-2016-0492 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90111);\n script_version(\"2.4\");\n script_cvs_date(\"Date: 2019/09/27 13:00:37\");\n\n script_cve_id(\"CVE-2014-7810\");\n script_xref(name:\"RHSA\", value:\"2016:0492\");\n\n script_name(english:\"Oracle Linux 6 : tomcat6 (ELSA-2016-0492)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2016:0492 :\n\nUpdated tomcat6 packages that fix one security issue and one bug are\nnow available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nIt was found that the expression language resolver evaluated\nexpressions within a privileged code section. A malicious web\napplication could use this flaw to bypass security manager\nprotections. (CVE-2014-7810)\n\nThis update also fixes the following bug :\n\n* Previously, using a New I/O (NIO) connector in the Apache Tomcat 6\nservlet resulted in a large memory leak. An upstream patch has been\napplied to fix this bug, and the memory leak no longer occurs.\n(BZ#1301646)\n\nAll Tomcat 6 users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. Tomcat must\nbe restarted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-March/005893.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat6 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"tomcat6-6.0.24-94.el6_7\")) flag++;\nif (rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"tomcat6-admin-webapps-6.0.24-94.el6_7\")) flag++;\nif (rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"tomcat6-docs-webapp-6.0.24-94.el6_7\")) flag++;\nif (rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"tomcat6-el-2.1-api-6.0.24-94.el6_7\")) flag++;\nif (rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"tomcat6-javadoc-6.0.24-94.el6_7\")) flag++;\nif (rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"tomcat6-jsp-2.1-api-6.0.24-94.el6_7\")) flag++;\nif (rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"tomcat6-lib-6.0.24-94.el6_7\")) flag++;\nif (rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"tomcat6-servlet-2.5-api-6.0.24-94.el6_7\")) flag++;\nif (rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"tomcat6-webapps-6.0.24-94.el6_7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-05-03T01:52:16", "bulletinFamily": "scanner", "description": "Updated tomcat6 packages that fix one security issue and one bug are\nnow available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nIt was found that the expression language resolver evaluated\nexpressions within a privileged code section. A malicious web\napplication could use this flaw to bypass security manager\nprotections. (CVE-2014-7810)\n\nThis update also fixes the following bug :\n\n* Previously, using a New I/O (NIO) connector in the Apache Tomcat 6\nservlet resulted in a large memory leak. An upstream patch has been\napplied to fix this bug, and the memory leak no longer occurs.\n(BZ#1301646)\n\nAll Tomcat 6 users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. Tomcat must\nbe restarted for this update to take effect.", "modified": "2020-05-02T00:00:00", "id": "CENTOS_RHSA-2016-0492.NASL", "href": "https://www.tenable.com/plugins/nessus/90121", "published": "2016-03-24T00:00:00", "title": "CentOS 6 : tomcat6 (CESA-2016:0492)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0492 and \n# CentOS Errata and Security Advisory 2016:0492 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90121);\n script_version(\"2.6\");\n script_cvs_date(\"Date: 2020/01/02\");\n\n script_cve_id(\"CVE-2014-7810\");\n script_xref(name:\"RHSA\", value:\"2016:0492\");\n\n script_name(english:\"CentOS 6 : tomcat6 (CESA-2016:0492)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated tomcat6 packages that fix one security issue and one bug are\nnow available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nIt was found that the expression language resolver evaluated\nexpressions within a privileged code section. A malicious web\napplication could use this flaw to bypass security manager\nprotections. (CVE-2014-7810)\n\nThis update also fixes the following bug :\n\n* Previously, using a New I/O (NIO) connector in the Apache Tomcat 6\nservlet resulted in a large memory leak. An upstream patch has been\napplied to fix this bug, and the memory leak no longer occurs.\n(BZ#1301646)\n\nAll Tomcat 6 users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. Tomcat must\nbe restarted for this update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-March/021766.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f10d8721\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat6 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-7810\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-6.0.24-94.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-admin-webapps-6.0.24-94.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-docs-webapp-6.0.24-94.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-el-2.1-api-6.0.24-94.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-javadoc-6.0.24-94.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-jsp-2.1-api-6.0.24-94.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-lib-6.0.24-94.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-servlet-2.5-api-6.0.24-94.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-webapps-6.0.24-94.el6_7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-05-01T00:17:56", "bulletinFamily": "scanner", "description": "Apache Software Foundation reports :\n\nLow: Denial of Service CVE-2014-0230\n\nWhen a response for a request with a request body is returned to the\nuser agent before the request body is fully read, by default Tomcat\nswallows the remaining request body so that the next request on the\nconnection may be processed. There was no limit to the size of request\nbody that Tomcat would swallow. This permitted a limited Denial of\nService as Tomcat would never close the connection and a processing\nthread would remain allocated to the connection.\n\nModerate: Security Manager bypass CVE-2014-7810\n\nMalicious web applications could use expression language to bypass the\nprotections of a Security Manager as expressions were evaluated within\na privileged code section.", "modified": "2020-05-02T00:00:00", "id": "FREEBSD_PKG_25E0593D13C011E59AFB3C970E169BC2.NASL", "href": "https://www.tenable.com/plugins/nessus/84201", "published": "2015-06-16T00:00:00", "title": "FreeBSD : tomcat -- multiple vulnerabilities (25e0593d-13c0-11e5-9afb-3c970e169bc2)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84201);\n script_version(\"2.8\");\n script_cvs_date(\"Date: 2018/11/10 11:49:44\");\n\n script_cve_id(\"CVE-2014-0230\", \"CVE-2014-7810\");\n\n script_name(english:\"FreeBSD : tomcat -- multiple vulnerabilities (25e0593d-13c0-11e5-9afb-3c970e169bc2)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Apache Software Foundation reports :\n\nLow: Denial of Service CVE-2014-0230\n\nWhen a response for a request with a request body is returned to the\nuser agent before the request body is fully read, by default Tomcat\nswallows the remaining request body so that the next request on the\nconnection may be processed. There was no limit to the size of request\nbody that Tomcat would swallow. This permitted a limited Denial of\nService as Tomcat would never close the connection and a processing\nthread would remain allocated to the connection.\n\nModerate: Security Manager bypass CVE-2014-7810\n\nMalicious web applications could use expression language to bypass the\nprotections of a Security Manager as expressions were evaluated within\na privileged code section.\"\n );\n # https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.44\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fc7e8cfb\"\n );\n # https://vuxml.freebsd.org/freebsd/25e0593d-13c0-11e5-9afb-3c970e169bc2.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9a2c54fd\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:hadoop2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:oozie\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tomcat8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"tomcat<6.0.44\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"tomcat7<7.0.55\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"tomcat8<8.0.9\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"hadoop2<=2.6.0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"oozie<=4.1.0\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-05-03T01:49:59", "bulletinFamily": "scanner", "description": "It was found that the expression language resolver evaluated\nexpressions within a privileged code section. A malicious web\napplication could use this flaw to bypass security manager\nprotections. (CVE-2014-7810)\n\nIt was found that Tomcat would keep connections open after processing\nrequests with a large enough request body. A remote attacker could\npotentially use this flaw to exhaust the pool of available connections\nand preventing further, legitimate connections to the Tomcat server to\nbe made. (CVE-2014-0230)", "modified": "2020-05-02T00:00:00", "id": "ALA_ALAS-2016-656.NASL", "href": "https://www.tenable.com/plugins/nessus/89837", "published": "2016-03-11T00:00:00", "title": "Amazon Linux AMI : tomcat6 (ALAS-2016-656)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2016-656.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(89837);\n script_version(\"2.2\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2014-0230\", \"CVE-2014-7810\");\n script_xref(name:\"ALAS\", value:\"2016-656\");\n\n script_name(english:\"Amazon Linux AMI : tomcat6 (ALAS-2016-656)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was found that the expression language resolver evaluated\nexpressions within a privileged code section. A malicious web\napplication could use this flaw to bypass security manager\nprotections. (CVE-2014-7810)\n\nIt was found that Tomcat would keep connections open after processing\nrequests with a large enough request body. A remote attacker could\npotentially use this flaw to exhaust the pool of available connections\nand preventing further, legitimate connections to the Tomcat server to\nbe made. (CVE-2014-0230)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2016-656.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update tomcat6' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-6.0.44-1.3.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-admin-webapps-6.0.44-1.3.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-docs-webapp-6.0.44-1.3.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-el-2.1-api-6.0.44-1.3.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-javadoc-6.0.44-1.3.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-jsp-2.1-api-6.0.44-1.3.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-lib-6.0.44-1.3.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-servlet-2.5-api-6.0.44-1.3.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-webapps-6.0.44-1.3.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-05-01T02:08:48", "bulletinFamily": "scanner", "description": "Updated tomcat6 and tomcat7 packages that fix two security issues are\nnow available for Red Hat JBoss Web Server 2.1.0 on Red Hat Enterprise\nLinux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the\nApache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat\nConnector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and\nthe Tomcat Native library.\n\nIt was found that the expression language resolver evaluated\nexpressions within a privileged code section. A malicious web\napplication could use this flaw to bypass security manager\nprotections. (CVE-2014-7810)\n\nIt was found that Tomcat would keep connections open after processing\nrequests with a large enough request body. A remote attacker could\npotentially use this flaw to exhaust the pool of available connections\nand preventing further, legitimate connections to the Tomcat server to\nbe made. (CVE-2014-0230)\n\nAll users of Red Hat JBoss Web Server 2.1.0 as provided from the Red\nHat Customer Portal are advised to apply this update. The Red Hat\nJBoss Web Server process must be restarted for the update to take\neffect.", "modified": "2020-05-02T00:00:00", "id": "REDHAT-RHSA-2015-1622.NASL", "href": "https://www.tenable.com/plugins/nessus/85441", "published": "2015-08-17T00:00:00", "title": "RHEL 5 / 6 / 7 : JBoss Web Server (RHSA-2015:1622)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1622. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85441);\n script_version(\"2.17\");\n script_cvs_date(\"Date: 2019/10/24 15:35:40\");\n\n script_cve_id(\"CVE-2014-0230\", \"CVE-2014-7810\");\n script_xref(name:\"RHSA\", value:\"2015:1622\");\n\n script_name(english:\"RHEL 5 / 6 / 7 : JBoss Web Server (RHSA-2015:1622)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated tomcat6 and tomcat7 packages that fix two security issues are\nnow available for Red Hat JBoss Web Server 2.1.0 on Red Hat Enterprise\nLinux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the\nApache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat\nConnector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and\nthe Tomcat Native library.\n\nIt was found that the expression language resolver evaluated\nexpressions within a privileged code section. A malicious web\napplication could use this flaw to bypass security manager\nprotections. (CVE-2014-7810)\n\nIt was found that Tomcat would keep connections open after processing\nrequests with a large enough request body. A remote attacker could\npotentially use this flaw to exhaust the pool of available connections\nand preventing further, legitimate connections to the Tomcat server to\nbe made. (CVE-2014-0230)\n\nAll users of Red Hat JBoss Web Server 2.1.0 as provided from the Red\nHat Customer Portal are advised to apply this update. The Red Hat\nJBoss Web Server process must be restarted for the update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:1622\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0230\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-7810\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-maven-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-maven-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:1622\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL5\", rpm:\"jws-2\") || rpm_exists(release:\"RHEL6\", rpm:\"jws-2\") || rpm_exists(release:\"RHEL7\", rpm:\"jws-2\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"JBoss Web Server\");\n\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-6.0.41-15_patch_04.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-admin-webapps-6.0.41-15_patch_04.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-docs-webapp-6.0.41-15_patch_04.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-el-2.1-api-6.0.41-15_patch_04.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-javadoc-6.0.41-15_patch_04.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-jsp-2.1-api-6.0.41-15_patch_04.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-lib-6.0.41-15_patch_04.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-log4j-6.0.41-15_patch_04.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-maven-devel-6.0.41-15_patch_04.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-servlet-2.5-api-6.0.41-15_patch_04.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-webapps-6.0.41-15_patch_04.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat7-7.0.54-19_patch_04.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat7-admin-webapps-7.0.54-19_patch_04.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat7-docs-webapp-7.0.54-19_patch_04.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat7-el-2.2-api-7.0.54-19_patch_04.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat7-javadoc-7.0.54-19_patch_04.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat7-jsp-2.2-api-7.0.54-19_patch_04.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat7-lib-7.0.54-19_patch_04.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat7-log4j-7.0.54-19_patch_04.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat7-maven-devel-7.0.54-19_patch_04.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat7-servlet-3.0-api-7.0.54-19_patch_04.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat7-webapps-7.0.54-19_patch_04.ep6.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-6.0.41-15_patch_04.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-admin-webapps-6.0.41-15_patch_04.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-docs-webapp-6.0.41-15_patch_04.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-el-2.1-api-6.0.41-15_patch_04.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-javadoc-6.0.41-15_patch_04.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-jsp-2.1-api-6.0.41-15_patch_04.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-lib-6.0.41-15_patch_04.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-log4j-6.0.41-15_patch_04.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-maven-devel-6.0.41-15_patch_04.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-servlet-2.5-api-6.0.41-15_patch_04.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-webapps-6.0.41-15_patch_04.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-7.0.54-19_patch_04.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-admin-webapps-7.0.54-19_patch_04.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-docs-webapp-7.0.54-19_patch_04.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-el-2.2-api-7.0.54-19_patch_04.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-javadoc-7.0.54-19_patch_04.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-jsp-2.2-api-7.0.54-19_patch_04.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-lib-7.0.54-19_patch_04.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-log4j-7.0.54-19_patch_04.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-maven-devel-7.0.54-19_patch_04.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-servlet-3.0-api-7.0.54-19_patch_04.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-webapps-7.0.54-19_patch_04.ep6.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat6-6.0.41-15_patch_04.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat6-admin-webapps-6.0.41-15_patch_04.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat6-docs-webapp-6.0.41-15_patch_04.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat6-el-2.1-api-6.0.41-15_patch_04.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat6-javadoc-6.0.41-15_patch_04.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat6-jsp-2.1-api-6.0.41-15_patch_04.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat6-lib-6.0.41-15_patch_04.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat6-log4j-6.0.41-15_patch_04.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat6-maven-devel-6.0.41-15_patch_04.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat6-servlet-2.5-api-6.0.41-15_patch_04.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat6-webapps-6.0.41-15_patch_04.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-7.0.54-20_patch_04.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-admin-webapps-7.0.54-20_patch_04.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-docs-webapp-7.0.54-20_patch_04.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-el-2.2-api-7.0.54-20_patch_04.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-javadoc-7.0.54-20_patch_04.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-jsp-2.2-api-7.0.54-20_patch_04.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-lib-7.0.54-20_patch_04.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-log4j-7.0.54-20_patch_04.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-maven-devel-7.0.54-20_patch_04.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-servlet-3.0-api-7.0.54-20_patch_04.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-webapps-7.0.54-20_patch_04.ep6.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n }\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-05-03T01:49:59", "bulletinFamily": "scanner", "description": "A directory traversal vulnerability in RequestUtil.java was discovered\nwhich allows remote authenticated users to bypass intended\nSecurityManager restrictions and list a parent directory via a /..\n(slash dot dot) in a pathname used by a web application in a\ngetResource, getResourceAsStream, or getResourcePaths call.\n(CVE-2015-5174)\n\nThe Mapper component processes redirects before considering security\nconstraints and Filters, which allows remote attackers to determine\nthe existence of a directory via a URL that lacks a trailing / (slash)\ncharacter. (CVE-2015-5345)\n\nIt was found that the expression language resolver evaluated\nexpressions within a privileged code section. A malicious web\napplication could use this flaw to bypass security manager\nprotections. (CVE-2014-7810)", "modified": "2020-05-02T00:00:00", "id": "ALA_ALAS-2016-658.NASL", "href": "https://www.tenable.com/plugins/nessus/89839", "published": "2016-03-11T00:00:00", "title": "Amazon Linux AMI : tomcat8 (ALAS-2016-658)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2016-658.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(89839);\n script_version(\"2.6\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2014-7810\", \"CVE-2015-5174\", \"CVE-2015-5345\");\n script_xref(name:\"ALAS\", value:\"2016-658\");\n\n script_name(english:\"Amazon Linux AMI : tomcat8 (ALAS-2016-658)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A directory traversal vulnerability in RequestUtil.java was discovered\nwhich allows remote authenticated users to bypass intended\nSecurityManager restrictions and list a parent directory via a /..\n(slash dot dot) in a pathname used by a web application in a\ngetResource, getResourceAsStream, or getResourcePaths call.\n(CVE-2015-5174)\n\nThe Mapper component processes redirects before considering security\nconstraints and Filters, which allows remote attackers to determine\nthe existence of a directory via a URL that lacks a trailing / (slash)\ncharacter. (CVE-2015-5345)\n\nIt was found that the expression language resolver evaluated\nexpressions within a privileged code section. A malicious web\napplication could use this flaw to bypass security manager\nprotections. (CVE-2014-7810)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2016-658.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update tomcat8' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-el-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-jsp-2.3-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-servlet-3.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-8.0.30-1.57.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-admin-webapps-8.0.30-1.57.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-docs-webapp-8.0.30-1.57.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-el-3.0-api-8.0.30-1.57.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-javadoc-8.0.30-1.57.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-jsp-2.3-api-8.0.30-1.57.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-lib-8.0.30-1.57.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-log4j-8.0.30-1.57.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-servlet-3.1-api-8.0.30-1.57.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-webapps-8.0.30-1.57.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat8 / tomcat8-admin-webapps / tomcat8-docs-webapp / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "redhat": [{"lastseen": "2019-08-13T18:47:06", "bulletinFamily": "unix", "description": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nIt was found that the expression language resolver evaluated expressions\nwithin a privileged code section. A malicious web application could use\nthis flaw to bypass security manager protections. (CVE-2014-7810)\n\nThis update also fixes the following bug:\n\n* Previously, using a New I/O (NIO) connector in the Apache Tomcat 6 \nservlet resulted in a large memory leak. An upstream patch has been applied\nto fix this bug, and the memory leak no longer occurs. (BZ#1301646)\n\nAll Tomcat 6 users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. Tomcat must be\nrestarted for this update to take effect.\n", "modified": "2018-06-06T20:24:23", "published": "2016-03-22T04:00:00", "id": "RHSA-2016:0492", "href": "https://access.redhat.com/errata/RHSA-2016:0492", "type": "redhat", "title": "(RHSA-2016:0492) Moderate: tomcat6 security and bug fix update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2016-03-17T18:30:27", "bulletinFamily": "unix", "description": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nIt was found that the expression language resolver evaluated expressions\nwithin a privileged code section. A malicious web application could use\nthis flaw to bypass security manager protections. (CVE-2014-7810)\n\nThis update also fixes the following bug:\n\n* Previously, using a New I/O (NIO) connector in the Apache Tomcat 6 \nservlet resulted in a large memory leak. An upstream patch has been applied\nto fix this bug, and the memory leak no longer occurs. (BZ#1301646)\n\nAll Tomcat 6 users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. Tomcat must be\nrestarted for this update to take effect.\n", "modified": "2016-03-17T22:07:18", "published": "2016-01-25T05:00:00", "id": "RHSA-2016:22545", "href": "https://access.redhat.com/errata/RHSA-2016:22545", "type": "redhat", "title": "(RHSA-2016:22545) Moderate: tomcat6 security and bug fix update", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-08-13T18:44:52", "bulletinFamily": "unix", "description": "Red Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library.\n\nIt was found that the expression language resolver evaluated expressions\nwithin a privileged code section. A malicious web application could use\nthis flaw to bypass security manager protections. (CVE-2014-7810)\n\nIt was found that Tomcat would keep connections open after processing\nrequests with a large enough request body. A remote attacker could\npotentially use this flaw to exhaust the pool of available connections and\npreventing further, legitimate connections to the Tomcat server to be made.\n(CVE-2014-0230)\n\nAll users of Red Hat JBoss Web Server 2.1.0 as provided from the Red Hat\nCustomer Portal are advised to apply this update. The Red Hat JBoss Web\nServer process must be restarted for the update to take effect.", "modified": "2018-08-09T19:46:59", "published": "2015-08-13T19:24:28", "id": "RHSA-2015:1622", "href": "https://access.redhat.com/errata/RHSA-2015:1622", "type": "redhat", "title": "(RHSA-2015:1622) Moderate: Red Hat JBoss Web Server 2.1.0 tomcat security update", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-08-13T18:46:51", "bulletinFamily": "unix", "description": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n* It was discovered that the Tomcat packages installed configuration file /usr/lib/tmpfiles.d/tomcat.conf writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. (CVE-2016-5425)\n\n* It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. (CVE-2016-6325)\n\n* It was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could use this flaw to bypass security manager protections. (CVE-2014-7810)\n\n* It was discovered that tomcat used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-5388)\n\n* A session fixation flaw was found in the way Tomcat recycled the requestedSessionSSL field. If at least one web application was configured to use the SSL session ID as the HTTP session ID, an attacker could reuse a previously used session ID for further requests. (CVE-2015-5346)\n\nRed Hat would like to thank Dawid Golunski (http://legalhackers.com) for reporting CVE-2016-5425 and Scott Geary (VendHQ) for reporting CVE-2016-5388. The CVE-2016-6325 issue was discovered by Red Hat Product Security.", "modified": "2018-04-12T03:32:47", "published": "2016-10-10T22:29:51", "id": "RHSA-2016:2046", "href": "https://access.redhat.com/errata/RHSA-2016:2046", "type": "redhat", "title": "(RHSA-2016:2046) Important: tomcat security update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:37:46", "bulletinFamily": "unix", "description": "[0:6.0.24-94]\n- Resolves: rhbz#1293289 CVE-2014-7810 tomcat6 security manager bypass via EL expressions\n[0:6.0.24-93]\n- Resolves: rhbz#1301646 Resolving NIO connector memory leak", "modified": "2016-03-22T00:00:00", "published": "2016-03-22T00:00:00", "id": "ELSA-2016-0492", "href": "http://linux.oracle.com/errata/ELSA-2016-0492.html", "title": "tomcat6 security and bug fix update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:37:54", "bulletinFamily": "unix", "description": "[0:7.0.54-8]\n- Resolves: rhbz#1368121\n[0:7.0.54-7]\n- Resolves: rhbz#1362212 Tomcat: CGI sets environmental variable based on user supplied Proxy request header\n- Resolves: rhbz#1368121\n[0:7.0.54-5]\n- Resolves: rhbz#1362567\n[0:7.0.54-4]\n- Resolves: CVE-2015-5346\n[0:7.0.54-3]\n- Resolves: CVE-2014-7810", "modified": "2016-10-10T00:00:00", "published": "2016-10-10T00:00:00", "id": "ELSA-2016-2046", "href": "http://linux.oracle.com/errata/ELSA-2016-2046.html", "title": "tomcat security update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:51", "bulletinFamily": "unix", "description": "[0:7.0.69-10]\n- Related: rhbz#1368122\n[0:7.0.69-9]\n- Resolves: rhbz#1362213 Tomcat: CGI sets environmental variable based on user supplied Proxy request header\n- Resolves: rhbz#1368122\n[0:7.0.69-7]\n- Resolves: rhbz#1362545\n[0:7.0.69-6]\n- Related: rhbz#1201409 Added /etc/sysconfig/tomcat to the systemd unit for tomcat-jsvc.service\n[0:7.0.69-5]\n- Resolves: rhbz#1347860 The systemd service unit does not allow tomcat to shut down gracefully\n[0:7.0.69-4]\n- Resolves: rhbz#1350438 CVE-2016-3092 tomcat: Usage of vulnerable FileUpload package can result in denial of service\n[0:7.0.69-3]\n- Resolves: rhbz#1347774 The security manager doesn't work correctly (JSPs cannot be compiled)\n[0:7.0.69-2]\n- Rebase Resolves: rhbz#1311622 Getting NoSuchElementException while handling attributes with empty string value in tomcat\n- Rebase Resolves: rhbz#1320853 Add HSTS support\n- Rebase Resolves: rhbz#1293292 CVE-2014-7810 tomcat: Tomcat/JBossWeb: security manager bypass via EL expressions\n- Rebase Resolves: rhbz#1347144 CVE-2016-0706 tomcat: security manager bypass via StatusManagerServlet\n- Rebase Resolves: rhbz#1347139 CVE-2015-5346 tomcat: Session fixation\n- Rebase Resolves: rhbz#1347136 CVE-2015-5345 tomcat: directory disclosure\n- Rebase Resolves: rhbz#1347129 CVE-2015-5174 tomcat: URL Normalization issue\n- Rebase Resolves: rhbz#1347146 CVE-2016-0763 tomcat: security manager bypass via setGlobalContext()\n- Rebase Resolves: rhbz#1347142 CVE-2016-0714 tomcat: Security Manager bypass via persistence mechanisms\n- Rebase Resolves: rhbz#1347133 CVE-2015-5351 tomcat: CSRF token leak\n[0:7.0.69-1]\n- Resolves: rhbz#1287928 Rebase to tomcat 7.0.69\n- Resolves: rhbz#1327326 rpm -V tomcat fails on /var/log/tomcat/catalina.out\n- Resolves: rhbz#1277197 tomcat user has non-existing default shell set\n- Resolves: rhbz#1240279 The command tomcat-digest doesn't work with RHEL 7\n- Resolves: rhbz#1229476 Tomcat startup ONLY options\n- Resolves: rhbz#1133070 Need to include full implementation of tomcat-juli.jar and tomcat-juli-adapters.jar\n- Resolves: rhbz#1201409 Fix the broken tomcat-jsvc service unit\n- Resolves: rhbz#1221896 tomcat.service loads /etc/sysconfig/tomcat without shell expansion\n- Resolves: rhbz#1208402 Mark web.xml in tomcat-admin-webapps as config file", "modified": "2016-11-09T00:00:00", "published": "2016-11-09T00:00:00", "id": "ELSA-2016-2599", "href": "http://linux.oracle.com/errata/ELSA-2016-2599.html", "title": "tomcat security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:35:45", "bulletinFamily": "unix", "description": "[0:7.0.76-2]\n- Resolves: rhbz#1459747 CVE-2017-5664 tomcat: Security constrained bypass in error page mechanism\n- Resolves: rhbz#1441481 CVE-2017-5647 tomcat: Incorrect handling of pipelined requests when send file was used\n[0:7.0.76-1]\n- Resolves: rhbz#1414895 Rebase tomcat to the current release\n[0:7.0.69-10]\n- Related: rhbz#1368122\n[0:7.0.69-9]\n- Resolves: rhbz#1362213 Tomcat: CGI sets environmental variable based on user supplied Proxy request header\n- Resolves: rhbz#1368122\n[0:7.0.69-7]\n- Resolves: rhbz#1362545\n[0:7.0.69-6]\n- Related: rhbz#1201409 Added /etc/sysconfig/tomcat to the systemd unit for tomcat-jsvc.service\n[0:7.0.69-5]\n- Resolves: rhbz#1347860 The systemd service unit does not allow tomcat to shut down gracefully\n[0:7.0.69-4]\n- Resolves: rhbz#1350438 CVE-2016-3092 tomcat: Usage of vulnerable FileUpload package can result in denial of service\n[0:7.0.69-3]\n- Resolves: rhbz#1347774 The security manager doesn't work correctly (JSPs cannot be compiled)\n[0:7.0.69-2]\n- Rebase Resolves: rhbz#1311622 Getting NoSuchElementException while handling attributes with empty string value in tomcat\n- Rebase Resolves: rhbz#1320853 Add HSTS support\n- Rebase Resolves: rhbz#1293292 CVE-2014-7810 tomcat: Tomcat/JBossWeb: security manager bypass via EL expressions\n- Rebase Resolves: rhbz#1347144 CVE-2016-0706 tomcat: security manager bypass via StatusManagerServlet\n- Rebase Resolves: rhbz#1347139 CVE-2015-5346 tomcat: Session fixation\n- Rebase Resolves: rhbz#1347136 CVE-2015-5345 tomcat: directory disclosure\n- Rebase Resolves: rhbz#1347129 CVE-2015-5174 tomcat: URL Normalization issue\n- Rebase Resolves: rhbz#1347146 CVE-2016-0763 tomcat: security manager bypass via setGlobalContext()\n- Rebase Resolves: rhbz#1347142 CVE-2016-0714 tomcat: Security Manager bypass via persistence mechanisms\n- Rebase Resolves: rhbz#1347133 CVE-2015-5351 tomcat: CSRF token leak\n[0:7.0.69-1]\n- Resolves: rhbz#1287928 Rebase to tomcat 7.0.69\n- Resolves: rhbz#1327326 rpm -V tomcat fails on /var/log/tomcat/catalina.out\n- Resolves: rhbz#1277197 tomcat user has non-existing default shell set\n- Resolves: rhbz#1240279 The command tomcat-digest doesn't work with RHEL 7\n- Resolves: rhbz#1229476 Tomcat startup ONLY options\n- Resolves: rhbz#1133070 Need to include full implementation of tomcat-juli.jar and tomcat-juli-adapters.jar\n- Resolves: rhbz#1201409 Fix the broken tomcat-jsvc service unit\n- Resolves: rhbz#1221896 tomcat.service loads /etc/sysconfig/tomcat without shell expansion\n- Resolves: rhbz#1208402 Mark web.xml in tomcat-admin-webapps as config file\n[0:7.0.54-2]\n- Resolves: CVE-2014-0227\n[0:7.0.54-1]\n- Resolves: rhbz#1141372 - Remove systemv artifacts. Add new systemd\n- artifacts. Rebase on 7.0.54.\n[0:7.0.43-6]\n- Resolves: CVE-2014-0099\n- Resolves: CVE-2014-0096\n- Resolves: CVE-2014-0075\n[0:7.0.42-5]\n- Related: CVE-2013-4286\n- Related: CVE-2013-4322\n- Related: CVE-2014-0050\n- revisit patches for above.\n[0:7.0.42-4]\n- Related: rhbz#1056696 correct packaging for sbin tomcat\n[0:7.0.42-3]\n- Related: CVE-2013-4286. increment build number. missed doing\n- it.\n- Resolves: rhbz#1038183 remove BR for ant-nodeps. it's\n- no long used.\n[0:7.0.42-2]\n- Resolves: rhbz#1056673 Invocation of useradd with shell\n- other than sbin nologin\n- Resolves: rhbz#1056677 preun systemv scriptlet unconditionally\n- stops service\n- Resolves: rhbz#1056696 init.d tomcat does not conform to RHEL7\n- systemd rules. systemv subpackage is removed.\n- Resolves: CVE-2013-4286\n- Resolves: CVE-2013-4322\n- Resolves: CVE-2014-0050\n- Built for rhel-7 RC\n[0:7.0.42-1]\n- Resolves: rhbz#1051657 update to 7.0.42. Ant-nodeps is\n- deprecated.\n[07.0.40-3]\n- Mass rebuild 2013-12-27\n[0:7.0.40-1]\n- Updated to 7.0.40\n- Resolves: rhbz 956569 added missing commons-pool link\n[0:7.0.37-2]\n- Add depmaps for org.eclipse.jetty.orbit\n- Resolves: rhbz#917626\n[0:7.0.39-1]\n- Updated to 7.0.39\n[0:7.0.37-1]\n- Updated to 7.0.37\n[0:7.0.35-1]\n- Updated to 7.0.35\n- systemd SuccessExitStatus=143 for proper stop exit code processing\n[0:7.0.34-1]\n- Updated to 7.0.34\n- ecj >= 4.2.1 now required\n- Resolves: rhbz 889395 concat classpath correctly; chdir to \n[0:7.0.33-2]\n- Resolves: rhbz 883806 refix logdir ownership\n[0:7.0.33-1]\n- Updated to 7.0.33\n- Resolves: rhbz 873620 need chkconfig for update-alternatives\n[0:7.0.32-1]\n- Updated to 7.0.32\n- Resolves: rhbz 842620 symlinks to taglibs\n[0:7.0.29-1]\n- Updated to 7.0.29\n- Add pidfile as tmpfile\n- Use systemd for running as unprivileged user\n- Resolves: rhbz 847751 upgrade path was broken\n- Resolves: rhbz 850343 use new systemd-rpm macros\n[0:7.0.28-2]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild\n[0:7.0.28-1]\n- Updated to 7.0.28\n- Resolves: rhbz 820119 Remove bundled apache-commons-dbcp\n- Resolves: rhbz 814900 Added tomcat-coyote POM\n- Resolves: rhbz 810775 Remove systemv stuff from %post scriptlet\n- Remove redhat-lsb R\n[0:7.0.27-2]\n- Fixed native download hack\n[0:7.0.27-1]\n- Updated to 7.0.27\n- Fixed jakarta-taglibs-standard BR and R\n[0:7.0.26-2]\n- Add more depmaps to J2EE apis to help jetty/glassfish updates\n[0:7.0.26-2]\n- Added the POM files for tomcat-api and tomcat-util (#803495)\n[0:7.0.26-1]\n- Updated to 7.0.26\n- Bug 790334: Change ownership of logdir for logrotate\n[0:7.0.25-4]\n- Bug 790694: Priorities of jsp, servlet and el packages updated.\n[0:7.0.25-3]\n- Dropped indirect dependecy to tomcat 5\n[0:7.0.25-2]\n- Added hack for maven depmap of tomcat-juli absolute link [ -f ] pass correctly\n[0:7.0.25-1]\n- Updated to 7.0.25\n- Removed EntityResolver patch (changes already in upstream sources)\n- Place poms and depmaps in the same package as jars\n- Added javax.servlet.descriptor to export-package of servlet-api\n- Move several chkconfig actions and reqs to systemv subpackage\n- New maven depmaps generation method\n- Add patch to support java7. (patch sent upstream).\n- Require java >= 1:1.6.0\n[0:7.0.23-5]\n- Exported javax.servlet.* packages in version 3.0 as 2.6 to make\n servlet-api compatible with Eclipse.\n[0:7.0.23-4]\n- Move jsvc support to subpackage\n[0:7.0.23-2]\n- Add EntityResolver setter patch to jasper for jetty's need. (patch sent upstream).\n[0:7.0.23-3]\n- Added support to /usr/sbin/tomcat-sysd and /usr/sbin/tomcat for\n starting tomcat with jsvc, which allows tomcat to perform some\n privileged operations (e.g. bind to a port < 1024) and then switch\n identity to a non-privileged user. Must add USE_JSVC='true' to\n /etc/tomcat/tomcat.conf or /etc/sysconfig/tomcat.\n[0:7.0.23-1]\n- Updated to 7.0.23\n[0:7.0.22-2]\n- Move tomcat-juli.jar to lib package\n- Drop %update_maven_depmap as in tomcat6\n- Provide native systemd unit file ported from tomcat6\n[0:7.0.22-1]\n- Updated to 7.0.22\n[0:7.0.21-3.1]\n- rebuild (java), rel-eng#4932\n[0:7.0.21-3]\n- Fix basedir mode\n[0:7.0.21-2]\n- Add manifests for el-api, jasper-el, jasper, tomcat, and tomcat-juli.\n[0:7.0.21-1]\n- Updated to 7.0.21\n[0:7.0.20-3]\n- Require java = 1:1.6.0\n[0:7.0.20-2]\n- Require java < 1.7.0\n[0:7.0.20-1]\n- Updated to 7.0.20\n[0:7.0.19-1]\n- Updated to 7.0.19\n[0:7.0.16-1]\n- Updated to 7.0.16\n[0:7.0.14-3]\n- Added initial systemd service\n- Fix some paths\n[0:7.0.14-2]\n- Fixed http source link\n- Securify some permissions\n- Added licenses for el-api and servlet-api\n- Added dependency on jpackage-utils for the javadoc subpackage\n[0:7.0.14-1]\n- Updated to 7.0.14\n[0:7.0.12-4]\n- Provided local paths for libs\n- Fixed dependencies\n- Fixed update temp/work cleanup\n[0:7.0.12-3]\n- Fixed package groups\n- Fixed some permissions\n- Fixed some links\n- Removed old tomcat6 crap\n[0:7.0.12-2]\n- Package now named just tomcat instead of tomcat7\n- Removed Provides: tomcat-log4j\n- Switched to apache-commons-* names instead of jakarta-commons-* .\n- Remove the old changelog\n- BR/R java >= 1:1.6.0 , same for java-devel\n- Removed old tomcat6 crap\n[0:7.0.12-1]\n- Tomcat7", "modified": "2017-08-07T00:00:00", "published": "2017-08-07T00:00:00", "id": "ELSA-2017-2247", "href": "http://linux.oracle.com/errata/ELSA-2017-2247.html", "title": "tomcat security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "amazon": [{"lastseen": "2019-05-29T17:22:32", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nIt was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could use this flaw to bypass security manager protections. ([CVE-2014-7810 __](<https://access.redhat.com/security/cve/CVE-2014-7810>))\n\nIt was found that Tomcat would keep connections open after processing requests with a large enough request body. A remote attacker could potentially use this flaw to exhaust the pool of available connections and preventing further, legitimate connections to the Tomcat server to be made. ([CVE-2014-0230 __](<https://access.redhat.com/security/cve/CVE-2014-0230>))\n\n \n**Affected Packages:** \n\n\ntomcat6\n\n \n**Issue Correction:** \nRun _yum update tomcat6_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n noarch: \n tomcat6-el-2.1-api-6.0.44-1.3.amzn1.noarch \n tomcat6-6.0.44-1.3.amzn1.noarch \n tomcat6-lib-6.0.44-1.3.amzn1.noarch \n tomcat6-servlet-2.5-api-6.0.44-1.3.amzn1.noarch \n tomcat6-admin-webapps-6.0.44-1.3.amzn1.noarch \n tomcat6-javadoc-6.0.44-1.3.amzn1.noarch \n tomcat6-jsp-2.1-api-6.0.44-1.3.amzn1.noarch \n tomcat6-webapps-6.0.44-1.3.amzn1.noarch \n tomcat6-docs-webapp-6.0.44-1.3.amzn1.noarch \n \n src: \n tomcat6-6.0.44-1.3.amzn1.src \n \n \n", "modified": "2016-03-10T16:30:00", "published": "2016-03-10T16:30:00", "id": "ALAS-2016-656", "href": "https://alas.aws.amazon.com/ALAS-2016-656.html", "title": "Medium: tomcat6", "type": "amazon", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T17:22:52", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nA directory traversal vulnerability in RequestUtil.java was discovered which allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call. ([CVE-2015-5174 __](<https://access.redhat.com/security/cve/CVE-2015-5174>))\n\nThe Mapper component processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character. ([CVE-2015-5345 __](<https://access.redhat.com/security/cve/CVE-2015-5345>))\n\nIt was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could use this flaw to bypass security manager protections. ([CVE-2014-7810 __](<https://access.redhat.com/security/cve/CVE-2014-7810>))\n\n \n**Affected Packages:** \n\n\ntomcat8\n\n \n**Issue Correction:** \nRun _yum update tomcat8_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n noarch: \n tomcat8-8.0.30-1.57.amzn1.noarch \n tomcat8-log4j-8.0.30-1.57.amzn1.noarch \n tomcat8-lib-8.0.30-1.57.amzn1.noarch \n tomcat8-admin-webapps-8.0.30-1.57.amzn1.noarch \n tomcat8-javadoc-8.0.30-1.57.amzn1.noarch \n tomcat8-servlet-3.1-api-8.0.30-1.57.amzn1.noarch \n tomcat8-el-3.0-api-8.0.30-1.57.amzn1.noarch \n tomcat8-docs-webapp-8.0.30-1.57.amzn1.noarch \n tomcat8-jsp-2.3-api-8.0.30-1.57.amzn1.noarch \n tomcat8-webapps-8.0.30-1.57.amzn1.noarch \n \n src: \n tomcat8-8.0.30-1.57.amzn1.src \n \n \n", "modified": "2016-03-10T16:30:00", "published": "2016-03-10T16:30:00", "id": "ALAS-2016-658", "href": "https://alas.aws.amazon.com/ALAS-2016-658.html", "title": "Medium: tomcat8", "type": "amazon", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T19:20:31", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nA directory traversal vulnerability in RequestUtil.java was discovered which allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call. ([CVE-2015-5174 __](<https://access.redhat.com/security/cve/CVE-2015-5174>))\n\nA session fixation vulnerability was discovered that might allow remote attackers to hijack web sessions by leveraging use of a requestedSessionSSL field for an unintended request when different session settings are used for deployments of multiple versions of the same web application. ([CVE-2015-5346 __](<https://access.redhat.com/security/cve/CVE-2015-5346>))\n\nIt was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could use this flaw to bypass security manager protections. ([CVE-2014-7810 __](<https://access.redhat.com/security/cve/CVE-2014-7810>))\n\n \n**Affected Packages:** \n\n\ntomcat7\n\n \n**Issue Correction:** \nRun _yum update tomcat7_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n noarch: \n tomcat7-el-2.2-api-7.0.67-1.13.amzn1.noarch \n tomcat7-log4j-7.0.67-1.13.amzn1.noarch \n tomcat7-7.0.67-1.13.amzn1.noarch \n tomcat7-docs-webapp-7.0.67-1.13.amzn1.noarch \n tomcat7-webapps-7.0.67-1.13.amzn1.noarch \n tomcat7-admin-webapps-7.0.67-1.13.amzn1.noarch \n tomcat7-lib-7.0.67-1.13.amzn1.noarch \n tomcat7-jsp-2.2-api-7.0.67-1.13.amzn1.noarch \n tomcat7-servlet-3.0-api-7.0.67-1.13.amzn1.noarch \n tomcat7-javadoc-7.0.67-1.13.amzn1.noarch \n \n src: \n tomcat7-7.0.67-1.13.amzn1.src \n \n \n", "modified": "2016-03-10T16:30:00", "published": "2016-03-10T16:30:00", "id": "ALAS-2016-657", "href": "https://alas.aws.amazon.com/ALAS-2016-657.html", "title": "Medium: tomcat7", "type": "amazon", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:13", "bulletinFamily": "unix", "description": "\nApache Software Foundation reports:\n\nLow: Denial of Service CVE-2014-0230\nWhen a response for a request with a request body is\n\t returned to the user agent before the request body is\n\t fully read, by default Tomcat swallows the remaining\n\t request body so that the next request on the connection\n\t may be processed. There was no limit to the size of\n\t request body that Tomcat would swallow. This permitted\n\t a limited Denial of Service as Tomcat would never close\n\t the connection and a processing thread would remain\n\t allocated to the connection.\nModerate: Security Manager bypass CVE-2014-7810\nMalicious web applications could use expression\n\t language to bypass the protections of a Security\n\t Manager as expressions were evaluated within a\n\t privileged code section.\n\n", "modified": "2017-03-18T00:00:00", "published": "2015-05-12T00:00:00", "id": "25E0593D-13C0-11E5-9AFB-3C970E169BC2", "href": "https://vuxml.freebsd.org/freebsd/25e0593d-13c0-11e5-9afb-3c970e169bc2.html", "title": "tomcat -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "ubuntu": [{"lastseen": "2019-05-29T17:22:31", "bulletinFamily": "unix", "description": "It was discovered that Tomcat incorrectly handled data with malformed chunked transfer coding. A remote attacker could possibly use this issue to conduct HTTP request smuggling attacks, or cause Tomcat to consume resources, resulting in a denial of service. (CVE-2014-0227)\n\nIt was discovered that Tomcat incorrectly handled HTTP responses occurring before the entire request body was finished being read. A remote attacker could possibly use this issue to cause a limited denial of service. (CVE-2014-0230)\n\nIt was discovered that the Tomcat Expression Language (EL) implementation incorrectly handled accessible interfaces implemented by inaccessible classes. An attacker could possibly use this issue to bypass a SecurityManager protection mechanism. (CVE-2014-7810)", "modified": "2015-06-25T00:00:00", "published": "2015-06-25T00:00:00", "id": "USN-2655-1", "href": "https://usn.ubuntu.com/2655-1/", "title": "Tomcat vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T17:23:08", "bulletinFamily": "unix", "description": "It was discovered that the Tomcat XML parser incorrectly handled XML External Entities (XXE). A remote attacker could possibly use this issue to read arbitrary files. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-0119)\n\nIt was discovered that Tomcat incorrectly handled data with malformed chunked transfer coding. A remote attacker could possibly use this issue to conduct HTTP request smuggling attacks, or cause Tomcat to consume resources, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-0227)\n\nIt was discovered that Tomcat incorrectly handled HTTP responses occurring before the entire request body was finished being read. A remote attacker could possibly use this issue to cause a limited denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-0230)\n\nIt was discovered that the Tomcat Expression Language (EL) implementation incorrectly handled accessible interfaces implemented by inaccessible classes. An attacker could possibly use this issue to bypass a SecurityManager protection mechanism. (CVE-2014-7810)", "modified": "2015-06-25T00:00:00", "published": "2015-06-25T00:00:00", "id": "USN-2654-1", "href": "https://usn.ubuntu.com/2654-1/", "title": "Tomcat vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "oracle": [{"lastseen": "2019-05-29T18:20:50", "bulletinFamily": "software", "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to: \n\n * [Critical Patch Updates, Security Alerts and Bulletins](<http://www.oracle.com/securityalerts>) for information about Oracle Security Advisories. \n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay.**\n\nThis Critical Patch Update contains 334 new security fixes across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ July 2018 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/rs?type=doc&id=2420273.1>).\n\nMany industry experts anticipate that exploits leveraging known flaws in modern processor designs will continue to be disclosed for the foreseeable future (i.e., \"Spectre\" variants). For information related to these issues, please refer to:\n\n * the January 2018 Critical Patch Update (and later) Advisories,\n * the \"Addendum to the January 2018 Critical Patch Update Advisory for Spectre (CVE-2017-5715, CVE-2017-5753) and Meltdown (CVE-2017-5754)\" ([Doc ID 2347948.1](<https://support.oracle.com/rs?type=doc&id=2347948.1>)), and\n * \"Information about processor vulnerabilities CVE-2018-3640 (\"Spectre v3a\") and CVE-2018-3639 (\"Spectre v4\")\" ([Doc ID 2399123.1](<https://support.oracle.com/rs?type=doc&id=2399123.1>)).\n\n \n", "modified": "2018-10-12T00:00:00", "published": "2018-07-17T00:00:00", "id": "ORACLE:CPUJUL2018-4258247", "href": "", "title": "CPU July 2018", "type": "oracle", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}