ID F5_BIGIP_SOL15429.NASL Type nessus Reporter Tenable Modified 2014-10-20T00:00:00
Description
Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application.
# @DEPRECATED@
#
# This script has been deprecated as the associated patch is not
# currently a security fix.
#
# Disabled on 2014/10/20.
#
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from F5 Networks BIG-IP Solution SOL15429.
#
# The text description of this plugin is (C) F5 Networks.
#
include("compat.inc");
if (description)
{
script_id(78186);
script_version("$Revision: 1.2 $");
script_cvs_date("$Date: 2014/10/20 13:46:20 $");
script_cve_id("CVE-2014-0119");
script_bugtraq_id(67669);
script_name(english:"F5 Networks BIG-IP : Apache Tomcat vulnerability (SOL15429)");
script_summary(english:"Checks the BIG-IP version.");
script_set_attribute(
attribute:"synopsis",
value:"The remote device is missing a vendor-supplied security patch."
);
script_set_attribute(
attribute:"description",
value:
"Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6
does not properly constrain the class loader that accesses the XML
parser used with an XSLT stylesheet, which allows remote attackers to
(1) read arbitrary files via a crafted web application that provides
an XML external entity declaration in conjunction with an entity
reference, related to an XML External Entity (XXE) issue, or (2) read
files associated with different web applications on a single Tomcat
instance via a crafted web application."
);
# http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15429.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?703212ca"
);
script_set_attribute(
attribute:"solution",
value:
"Upgrade to one of the non-vulnerable versions listed in the F5
Solution SOL15429."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip:acceleration_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip:access_policy_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip:advanced_firewall_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip:application_security_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip:application_visibility_and_reporting");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip:global_traffic_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip:link_controller");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip:local_traffic_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip:policy_enforcement_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip:protocol_security_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip:wan_optimization_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip:web_accelerator_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip");
script_set_attribute(attribute:"patch_publication_date", value:"2014/07/17");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/10");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2014 Tenable Network Security, Inc.");
script_family(english:"F5 Networks Local Security Checks");
script_dependencies("f5_bigip_detect.nbin");
script_require_keys("Host/local_checks_enabled", "Host/BIG-IP/hotfix", "Host/BIG-IP/modules", "Host/BIG-IP/version");
exit(0);
}
# Deprecated.
exit(0, "The associated patch is not currently a security fix.");
include("f5_func.inc");
if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
version = get_kb_item("Host/BIG-IP/version");
if ( ! version ) audit(AUDIT_OS_NOT, "F5 Networks BIG-IP");
if ( isnull(get_kb_item("Host/BIG-IP/hotfix")) ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/hotfix");
if ( ! get_kb_item("Host/BIG-IP/modules") ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/modules");
sol = "SOL15429";
vmatrix = make_array();
# AFM
vmatrix["AFM"] = make_array();
vmatrix["AFM"]["affected" ] = make_list("11.3.0-11.5.1");
vmatrix["AFM"]["unaffected"] = make_list("11.6.0");
# AVR
vmatrix["AVR"] = make_array();
vmatrix["AVR"]["affected" ] = make_list("11.0.0-11.5.1");
vmatrix["AVR"]["unaffected"] = make_list("11.6.0");
# LC
vmatrix["LC"] = make_array();
vmatrix["LC"]["affected" ] = make_list("11.0.0-11.5.1","10.0.0-10.2.4");
vmatrix["LC"]["unaffected"] = make_list("11.6.0");
# APM
vmatrix["APM"] = make_array();
vmatrix["APM"]["affected" ] = make_list("11.0.0-11.5.1","10.1.0-10.2.4");
vmatrix["APM"]["unaffected"] = make_list("11.6.0");
# GTM
vmatrix["GTM"] = make_array();
vmatrix["GTM"]["affected" ] = make_list("11.0.0-11.5.1","10.0.0-10.2.4");
vmatrix["GTM"]["unaffected"] = make_list("11.6.0");
# LTM
vmatrix["LTM"] = make_array();
vmatrix["LTM"]["affected" ] = make_list("11.0.0-11.5.1","10.0.0-10.2.4");
vmatrix["LTM"]["unaffected"] = make_list("11.6.0");
# PEM
vmatrix["PEM"] = make_array();
vmatrix["PEM"]["affected" ] = make_list("11.3.0-11.5.1");
vmatrix["PEM"]["unaffected"] = make_list("11.6.0");
# ASM
vmatrix["ASM"] = make_array();
vmatrix["ASM"]["affected" ] = make_list("11.0.0-11.5.1","10.0.0-10.2.4");
vmatrix["ASM"]["unaffected"] = make_list("11.6.0");
# AM
vmatrix["AM"] = make_array();
vmatrix["AM"]["affected" ] = make_list("11.4.0-11.5.1");
vmatrix["AM"]["unaffected"] = make_list("11.6.0");
if (bigip_is_affected(vmatrix:vmatrix, sol:sol))
{
if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = bigip_get_tested_modules();
audit_extra = "For BIG-IP module(s) " + tested + ",";
if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);
else audit(AUDIT_HOST_NOT, "running any of the affected modules");
}
{"published": "2014-10-10T00:00:00", "id": "F5_BIGIP_SOL15429.NASL", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "description": "Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application.", "enchantments": {"score": {"value": 6.0, "vector": "NONE", "modified": "2017-10-29T13:33:15", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-0119"]}, {"type": "f5", "idList": ["SOL15429"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:30756", "SECURITYVULNS:VULN:13783", "SECURITYVULNS:VULN:14031"]}, {"type": "kaspersky", "idList": ["KLA10070"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2014-1038.NASL", "CENTOS_RHSA-2014-1038.NASL", "TOMCAT_8_0_8.NASL", "ORACLELINUX_ELSA-2014-1038.NASL", "SL_20140811_TOMCAT6_ON_SL6_X.NASL", "CENTOS_RHSA-2014-1034.NASL", "ORACLELINUX_ELSA-2014-1034.NASL", "REDHAT-RHSA-2014-1034.NASL", "TOMCAT_7_0_54.NASL", "ORACLE_EDQ_OCT_2014_CPU.NASL"]}, {"type": "centos", "idList": ["CESA-2014:1038", "CESA-2014:1034"]}, {"type": "redhat", "idList": ["RHSA-2015:0765", "RHSA-2014:0843", "RHSA-2014:1087", "RHSA-2015:0234", "RHSA-2014:1088", "RHSA-2015:0720", "RHSA-2014:1038", "RHSA-2014:1034", "RHSA-2014:0895", "RHSA-2014:0842"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310882020", "OPENVAS:1361412562310881986", "OPENVAS:1361412562310842260", "OPENVAS:1361412562310703552", "OPENVAS:703552", "OPENVAS:1361412562310871223", "OPENVAS:1361412562310871225", "OPENVAS:1361412562310123334", "OPENVAS:1361412562310805019", "OPENVAS:1361412562310123338"]}, {"type": "oraclelinux", "idList": ["ELSA-2014-1034", "ELSA-2014-1038"]}, {"type": "threatpost", "idList": ["THREATPOST:2CC2BD1F67B44EC21DA3B6C9FFFE676C"]}, {"type": "ubuntu", "idList": ["USN-2654-1"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3530-1:6A530", "DEBIAN:DSA-3552-1:E23CF"]}, {"type": "symantec", "idList": ["SMNTC-1329"]}, {"type": "gentoo", "idList": ["GLSA-201412-29"]}, {"type": "oracle", "idList": ["ORACLE:CPUJUL2014-1972956", "ORACLE:CPUOCT2016-2881722", "ORACLE:CPUOCT2016", "ORACLE:CPUOCT2014-1972960"]}], "modified": "2017-10-29T13:33:15", "rev": 2}, "vulnersScore": 6.0}, "type": "nessus", "pluginID": "78186", "lastseen": "2017-10-29T13:33:15", "edition": 2, "cpe": ["cpe:/a:f5:big-ip:application_security_manager", "cpe:/a:f5:big-ip:advanced_firewall_manager", "cpe:/a:f5:big-ip:link_controller", "cpe:/a:f5:big-ip:web_accelerator_manager", "cpe:/a:f5:big-ip:local_traffic_manager", "cpe:/a:f5:big-ip:access_policy_manager", "cpe:/a:f5:big-ip:protocol_security_manager", "cpe:/a:f5:big-ip:global_traffic_manager", "cpe:/a:f5:big-ip:application_visibility_and_reporting", "cpe:/h:f5:big-ip", "cpe:/a:f5:big-ip:policy_enforcement_manager", "cpe:/a:f5:big-ip:wan_optimization_manager", "cpe:/a:f5:big-ip:acceleration_manager"], "title": "F5 Networks BIG-IP : Apache Tomcat vulnerability (SOL15429)", "href": "https://www.tenable.com/plugins/index.php?view=single&id=78186", "modified": "2014-10-20T00:00:00", "bulletinFamily": "scanner", "viewCount": 14, "cvelist": ["CVE-2014-0119"], "references": ["http://www.nessus.org/u?703212ca"], "naslFamily": "F5 Networks Local Security Checks", "reporter": "Tenable", "sourceData": "# @DEPRECATED@\n#\n# This script has been deprecated as the associated patch is not\n# currently a security fix.\n#\n# Disabled on 2014/10/20.\n#\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution SOL15429.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78186);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2014/10/20 13:46:20 $\");\n\n script_cve_id(\"CVE-2014-0119\");\n script_bugtraq_id(67669);\n\n script_name(english:\"F5 Networks BIG-IP : Apache Tomcat vulnerability (SOL15429)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6\ndoes not properly constrain the class loader that accesses the XML\nparser used with an XSLT stylesheet, which allows remote attackers to\n(1) read arbitrary files via a crafted web application that provides\nan XML external entity declaration in conjunction with an entity\nreference, related to an XML External Entity (XXE) issue, or (2) read\nfiles associated with different web applications on a single Tomcat\ninstance via a crafted web application.\"\n );\n # http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15429.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?703212ca\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution SOL15429.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip:acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip:access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip:advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip:application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip:application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip:global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip:link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip:local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip:policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip:protocol_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip:wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip:web_accelerator_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\");\n\n exit(0);\n}\n\n# Deprecated.\nexit(0, \"The associated patch is not currently a security fix.\");\n\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"SOL15429\";\nvmatrix = make_array();\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"11.3.0-11.5.1\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"11.6.0\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"11.0.0-11.5.1\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"11.6.0\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"11.0.0-11.5.1\",\"10.0.0-10.2.4\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"11.6.0\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"11.0.0-11.5.1\",\"10.1.0-10.2.4\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"11.6.0\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"11.0.0-11.5.1\",\"10.0.0-10.2.4\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"11.6.0\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"11.0.0-11.5.1\",\"10.0.0-10.2.4\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"11.6.0\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"11.3.0-11.5.1\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"11.6.0\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"11.0.0-11.5.1\",\"10.0.0-10.2.4\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"11.6.0\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"11.4.0-11.5.1\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"11.6.0\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n"}
{"cve": [{"lastseen": "2020-12-09T19:58:19", "description": "Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application.", "edition": 7, "cvss3": {}, "published": "2014-05-31T11:17:00", "title": "CVE-2014-0119", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0119"], "modified": "2019-04-15T16:29:00", "cpe": ["cpe:/a:apache:tomcat:6.0.16", "cpe:/a:apache:tomcat:7.0.11", "cpe:/a:apache:tomcat:7.0.50", "cpe:/a:apache:tomcat:6.0.32", "cpe:/a:apache:tomcat:6.0.7", "cpe:/a:apache:tomcat:6.0.33", "cpe:/a:apache:tomcat:7.0.40", "cpe:/a:apache:tomcat:6.0.0", "cpe:/a:apache:tomcat:6.0.4", "cpe:/a:apache:tomcat:7.0.35", "cpe:/a:apache:tomcat:6.0.10", "cpe:/a:apache:tomcat:7.0.29", "cpe:/a:apache:tomcat:6.0.5", "cpe:/a:apache:tomcat:7.0.52", "cpe:/a:apache:tomcat:6.0.20", "cpe:/a:apache:tomcat:6.0.6", "cpe:/a:apache:tomcat:7.0.42", "cpe:/a:apache:tomcat:7.0.16", "cpe:/a:apache:tomcat:7.0.32", "cpe:/a:apache:tomcat:7.0.41", "cpe:/a:apache:tomcat:7.0.49", "cpe:/a:apache:tomcat:6.0.28", "cpe:/a:apache:tomcat:7.0.4", "cpe:/a:apache:tomcat:7.0.36", "cpe:/a:apache:tomcat:8.0.3", "cpe:/a:apache:tomcat:8.0.0", "cpe:/a:apache:tomcat:6.0.13", "cpe:/a:apache:tomcat:7.0.23", "cpe:/a:apache:tomcat:6.0.14", "cpe:/a:apache:tomcat:7.0.37", "cpe:/a:apache:tomcat:7.0.46", "cpe:/a:apache:tomcat:7.0.20", "cpe:/a:apache:tomcat:7.0.3", "cpe:/a:apache:tomcat:7.0.48", "cpe:/a:apache:tomcat:7.0.7", "cpe:/a:apache:tomcat:6.0.29", "cpe:/a:apache:tomcat:7.0.24", "cpe:/a:apache:tomcat:7.0.28", "cpe:/a:apache:tomcat:7.0.44", "cpe:/a:apache:tomcat:7.0.27", "cpe:/a:apache:tomcat:6.0.19", "cpe:/a:apache:tomcat:6.0.12", "cpe:/a:apache:tomcat:7.0.45", "cpe:/a:apache:tomcat:7.0.13", "cpe:/a:apache:tomcat:7.0.0", "cpe:/a:apache:tomcat:6.0.11", "cpe:/a:apache:tomcat:6.0.37", "cpe:/a:apache:tomcat:7.0.15", "cpe:/a:apache:tomcat:7.0.2", "cpe:/a:apache:tomcat:7.0.25", "cpe:/a:apache:tomcat:8.0.5", "cpe:/a:apache:tomcat:7.0.12", "cpe:/a:apache:tomcat:6.0.8", "cpe:/a:apache:tomcat:7.0.38", "cpe:/a:apache:tomcat:7.0.18", "cpe:/a:apache:tomcat:6.0.26", "cpe:/a:apache:tomcat:7.0.30", "cpe:/a:apache:tomcat:7.0.22", "cpe:/a:apache:tomcat:7.0.26", "cpe:/a:apache:tomcat:6.0.2", "cpe:/a:apache:tomcat:6.0.1", "cpe:/a:apache:tomcat:7.0.19", "cpe:/a:apache:tomcat:7.0.33", "cpe:/a:apache:tomcat:7.0.17", "cpe:/a:apache:tomcat:7.0.5", "cpe:/a:apache:tomcat:7.0.53", "cpe:/a:apache:tomcat:7.0.39", "cpe:/a:apache:tomcat:7.0.9", "cpe:/a:apache:tomcat:6.0.31", "cpe:/a:apache:tomcat:6.0", "cpe:/a:apache:tomcat:7.0.1", "cpe:/a:apache:tomcat:6.0.24", "cpe:/a:apache:tomcat:6.0.39", "cpe:/a:apache:tomcat:7.0.8", "cpe:/a:apache:tomcat:7.0.47", "cpe:/a:apache:tomcat:7.0.34", "cpe:/a:apache:tomcat:6.0.36", "cpe:/a:apache:tomcat:7.0.6", "cpe:/a:apache:tomcat:7.0.14", "cpe:/a:apache:tomcat:6.0.35", "cpe:/a:apache:tomcat:6", "cpe:/a:apache:tomcat:6.0.17", "cpe:/a:apache:tomcat:6.0.27", "cpe:/a:apache:tomcat:7.0.21", "cpe:/a:apache:tomcat:6.0.3", "cpe:/a:apache:tomcat:6.0.15", "cpe:/a:apache:tomcat:6.0.18", "cpe:/a:apache:tomcat:7.0.10", "cpe:/a:apache:tomcat:7.0.31", "cpe:/a:apache:tomcat:8.0.1", "cpe:/a:apache:tomcat:6.0.30", "cpe:/a:apache:tomcat:6.0.9", "cpe:/a:apache:tomcat:7.0.43"], "id": "CVE-2014-0119", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0119", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.50:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.2:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.44:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.34:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.38:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.35:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.43:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.53:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.33:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.33:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.49:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.48:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.39:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.31:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.27:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.42:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.6:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.35:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.37:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.36:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.0:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.7:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.31:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.46:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.36:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.52:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.45:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.0:rc5:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.2:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.37:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.9:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.7:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.8:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.47:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.39:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.41:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.4:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.0:rc10:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.32:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.40:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*"]}], "f5": [{"lastseen": "2016-09-26T17:23:02", "bulletinFamily": "software", "cvelist": ["CVE-2014-0119"], "edition": 1, "description": "Recommended Action\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, or does not list a version that is higher than the version you are running, then no upgrade candidate currently exists.\n\nTo mitigate this vulnerability, you should permit access to the ARX GUI only over a secure network.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "modified": "2014-10-14T00:00:00", "published": "2014-07-17T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15429.html", "id": "SOL15429", "title": "SOL15429 - Apache Tomcat vulnerability CVE-2014-0119", "type": "f5", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:52", "bulletinFamily": "software", "cvelist": ["CVE-2014-0119"], "description": "\r\n\r\nCVE-2014-0119 Information Disclosure\r\n\r\nSeverity: Important\r\n\r\nVendor: The Apache Software Foundation\r\n\r\nVersions Affected:\r\n- Apache Tomcat 8.0.0-RC1 to 8.0.5\r\n- Apache Tomcat 7.0.0 to 7.0.53\r\n- Apache Tomcat 6.0.0 to 6.0.39\r\n\r\nDescription:\r\nIn limited circumstances it was possible for a malicious web application\r\nto replace the XML parsers used by Tomcat to process XSLTs for the\r\ndefault servlet, JSP documents, tag library descriptors (TLDs) and tag\r\nplugin configuration files. The injected XMl parser(s) could then bypass\r\nthe limits imposed on XML external entities and/or have visibility of\r\nthe XML files processed for other web applications deployed on the same\r\nTomcat instance.\r\n\r\nMitigation:\r\nUsers of affected versions should apply one of the following mitigations\r\n- Upgrade to Apache Tomcat 8.0.8 or later\r\n (8.0.6 and 8.0.7 contain the fix but were not released)\r\n- Upgrade to Apache Tomcat 7.0.54 or later\r\n- Upgrade to Apache Tomcat 6.0.41 or later\r\n (6.0.40 contains the fix but was not released)\r\n\r\nCredit:\r\nThis issue was identified by the Tomcat security team.\r\n\r\nReferences:\r\n[1] http://tomcat.apache.org/security-8.html\r\n[2] http://tomcat.apache.org/security-7.html\r\n[3] http://tomcat.apache.org/security-6.html\r\n\r\n", "edition": 1, "modified": "2014-05-29T00:00:00", "published": "2014-05-29T00:00:00", "id": "SECURITYVULNS:DOC:30756", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30756", "title": "[SECURITY] CVE-2014-0119 Apache Tomcat information disclosure", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:09:55", "bulletinFamily": "software", "cvelist": ["CVE-2014-0099", "CVE-2014-0119", "CVE-2014-0096", "CVE-2014-0075", "CVE-2014-0095"], "description": "DoS, information leakage.", "edition": 1, "modified": "2014-05-29T00:00:00", "published": "2014-05-29T00:00:00", "id": "SECURITYVULNS:VULN:13783", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13783", "title": "Apache Tomcat multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:57", "bulletinFamily": "software", "cvelist": ["CVE-2014-6495", "CVE-2014-6506", "CVE-2014-6500", "CVE-2014-2478", "CVE-2014-6564", "CVE-2014-6482", "CVE-2014-6536", "CVE-2014-6544", "CVE-2014-6558", "CVE-2014-6516", "CVE-2014-6560", "CVE-2014-6530", "CVE-2014-6505", "CVE-2014-4301", "CVE-2014-6463", "CVE-2014-6515", "CVE-2014-6460", "CVE-2014-6554", "CVE-2014-6539", "CVE-2014-4292", "CVE-2014-6487", "CVE-2014-6538", "CVE-2014-6493", "CVE-2014-4280", "CVE-2014-6488", "CVE-2014-4282", "CVE-2014-6519", "CVE-2014-2472", "CVE-2014-6466", "CVE-2014-6517", "CVE-2014-6471", "CVE-2014-6501", "CVE-2014-6504", "CVE-2014-6534", "CVE-2014-6455", "CVE-2014-6459", "CVE-2014-6502", "CVE-2014-6472", "CVE-2014-0224", "CVE-2014-6492", "CVE-2014-6457", "CVE-2014-4284", "CVE-2014-6484", "CVE-2014-6476", "CVE-2014-6479", "CVE-2014-6535", "CVE-2014-6507", "CVE-2014-6503", "CVE-2014-6490", "CVE-2014-6557", "CVE-2014-6542", "CVE-2014-6454", "CVE-2014-4295", "CVE-2014-4291", "CVE-2014-6469", "CVE-2014-4278", "CVE-2014-6537", "CVE-2014-6486", "CVE-2014-6496", "CVE-2013-1741", "CVE-2014-6555", "CVE-2014-2476", "CVE-2014-6529", "CVE-2014-6562", "CVE-2014-4293", "CVE-2014-6511", "CVE-2014-6475", "CVE-2014-6485", "CVE-2014-6559", "CVE-2014-6470", "CVE-2014-4274", "CVE-2014-4294", "CVE-2014-6531", "CVE-2014-0119", "CVE-2014-6456", "CVE-2014-6547", "CVE-2014-2880", "CVE-2014-0114", "CVE-2014-4310", "CVE-2014-6543", "CVE-2014-6464", "CVE-2014-6468", "CVE-2014-4297", "CVE-2014-0050", "CVE-2014-6520", "CVE-2014-6551", "CVE-2014-6458", "CVE-2014-6532", "CVE-2014-6533", "CVE-2014-4276", "CVE-2014-4277", "CVE-2014-4288", "CVE-2014-6550", "CVE-2014-4296", "CVE-2014-4290", "CVE-2014-6478", "CVE-2014-6553", "CVE-2014-6483", "CVE-2014-6473", "CVE-2014-2475", "CVE-2014-4300", "CVE-2014-6546", "CVE-2014-6465", "CVE-2014-4299", "CVE-2014-6491", "CVE-2014-6508", "CVE-2014-4289", "CVE-2014-6453", "CVE-2014-2473", "CVE-2014-4285", "CVE-2014-6522", "CVE-2012-5615", "CVE-2014-6467", "CVE-2014-6523", "CVE-2014-6452", "CVE-2014-6513", "CVE-2014-6474", "CVE-2014-6489", "CVE-2014-2474", "CVE-2014-6563", "CVE-2014-6545", "CVE-2014-4281", "CVE-2014-4275", "CVE-2014-4287", "CVE-2014-6552", "CVE-2014-6540", "CVE-2014-6494", "CVE-2014-6461", "CVE-2014-4283", "CVE-2014-6527", "CVE-2014-6462", "CVE-2014-6561", "CVE-2014-4298", "CVE-2014-6499", "CVE-2014-6512", "CVE-2014-6498", "CVE-2014-6497"], "description": "Quarterly update covers 138 different vulnerabilities.", "edition": 1, "modified": "2014-11-03T00:00:00", "published": "2014-11-03T00:00:00", "id": "SECURITYVULNS:VULN:14031", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14031", "title": "Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2019-08-13T18:44:43", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0119"], "description": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nIt was found that, in certain circumstances, it was possible for a\nmalicious web application to replace the XML parsers used by Apache Tomcat\nto process XSLTs for the default servlet, JSP documents, tag library\ndescriptors (TLDs), and tag plug-in configuration files. The injected XML\nparser(s) could then bypass the limits imposed on XML external entities\nand/or gain access to the XML files processed for other web applications\ndeployed on the same Apache Tomcat instance. (CVE-2014-0119)\n\nAll Tomcat users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. Tomcat must be restarted\nfor this update to take effect.\n", "modified": "2018-04-12T03:33:25", "published": "2014-08-07T04:00:00", "id": "RHSA-2014:1034", "href": "https://access.redhat.com/errata/RHSA-2014:1034", "type": "redhat", "title": "(RHSA-2014:1034) Low: tomcat security update", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-08-13T18:44:38", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4590", "CVE-2014-0119"], "description": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nIt was found that several application-provided XML files, such as web.xml,\ncontent.xml, *.tld, *.tagx, and *.jspx, resolved external entities,\npermitting XML External Entity (XXE) attacks. An attacker able to deploy\nmalicious applications to Tomcat could use this flaw to circumvent security\nrestrictions set by the JSM, and gain access to sensitive information on\nthe system. Note that this flaw only affected deployments in which Tomcat\nis running applications from untrusted sources, such as in a shared hosting\nenvironment. (CVE-2013-4590)\n\nIt was found that, in certain circumstances, it was possible for a\nmalicious web application to replace the XML parsers used by Apache Tomcat\nto process XSLTs for the default servlet, JSP documents, tag library\ndescriptors (TLDs), and tag plug-in configuration files. The injected XML\nparser(s) could then bypass the limits imposed on XML external entities\nand/or gain access to the XML files processed for other web applications\ndeployed on the same Apache Tomcat instance. (CVE-2014-0119)\n\nAll Tomcat users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. Tomcat must be\nrestarted for this update to take effect.\n", "modified": "2018-06-06T20:24:16", "published": "2014-08-11T04:00:00", "id": "RHSA-2014:1038", "href": "https://access.redhat.com/errata/RHSA-2014:1038", "type": "redhat", "title": "(RHSA-2014:1038) Low: tomcat6 security update", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T14:34:31", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0075", "CVE-2014-0096", "CVE-2014-0099", "CVE-2014-0119"], "description": "Red Hat JBoss Enterprise Application Platform 6 is a platform for Java\napplications based on JBoss Application Server 7.\n\nIt was discovered that JBoss Web did not limit the length of chunk sizes\nwhen using chunked transfer encoding. A remote attacker could use this flaw\nto perform a denial of service attack against JBoss Web by streaming an\nunlimited quantity of data, leading to excessive consumption of server\nresources. (CVE-2014-0075)\n\nIt was found that JBoss Web did not check for overflowing values when\nparsing request content length headers. A remote attacker could use this\nflaw to perform an HTTP request smuggling attack on a JBoss Web server\nlocated behind a reverse proxy that processed the content length header\ncorrectly. (CVE-2014-0099)\n\nIt was found that the org.apache.catalina.servlets.DefaultServlet\nimplementation in JBoss Web allowed the definition of XML External Entities\n(XXEs) in provided XSLTs. A malicious application could use this to\ncircumvent intended security restrictions to disclose sensitive\ninformation. (CVE-2014-0096)\n\nIt was found that, in certain circumstances, it was possible for a\nmalicious web application to replace the XML parsers used by JBoss Web to\nprocess XSLTs for the default servlet, JSP documents, tag library\ndescriptors (TLDs), and tag plug-in configuration files. The injected XML\nparser(s) could then bypass the limits imposed on XML external entities\nand/or gain access to the XML files processed for other web applications\ndeployed on the same JBoss Web instance. (CVE-2014-0119)\n\nThe CVE-2014-0075 issue was discovered by David Jorm of Red Hat Product\nSecurity.\n\nAll users of Red Hat JBoss Enterprise Application Platform 6.2.4 as\nprovided from the Red Hat Customer Portal are advised to apply this update.\nThe JBoss server process must be restarted for the update to take effect.", "modified": "2019-02-20T17:16:53", "published": "2014-07-07T18:40:34", "id": "RHSA-2014:0842", "href": "https://access.redhat.com/errata/RHSA-2014:0842", "type": "redhat", "title": "(RHSA-2014:0842) Moderate: Red Hat JBoss Enterprise Application Platform 6.2.4 security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-08-13T18:44:53", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0075", "CVE-2014-0096", "CVE-2014-0099", "CVE-2014-0119"], "description": "Red Hat JBoss Enterprise Application Platform 6 is a platform for Java\napplications based on JBoss Application Server 7.\n\nIt was discovered that JBoss Web did not limit the length of chunk sizes\nwhen using chunked transfer encoding. A remote attacker could use this flaw\nto perform a denial of service attack against JBoss Web by streaming an\nunlimited quantity of data, leading to excessive consumption of server\nresources. (CVE-2014-0075)\n\nIt was found that JBoss Web did not check for overflowing values when\nparsing request content length headers. A remote attacker could use this\nflaw to perform an HTTP request smuggling attack on a JBoss Web server\nlocated behind a reverse proxy that processed the content length header\ncorrectly. (CVE-2014-0099)\n\nIt was found that the org.apache.catalina.servlets.DefaultServlet\nimplementation in JBoss Web allowed the definition of XML External Entities\n(XXEs) in provided XSLTs. A malicious application could use this to\ncircumvent intended security restrictions to disclose sensitive\ninformation. (CVE-2014-0096)\n\nIt was found that, in certain circumstances, it was possible for a\nmalicious web application to replace the XML parsers used by JBoss Web to\nprocess XSLTs for the default servlet, JSP documents, tag library\ndescriptors (TLDs), and tag plug-in configuration files. The injected XML\nparser(s) could then bypass the limits imposed on XML external entities\nand/or gain access to the XML files processed for other web applications\ndeployed on the same JBoss Web instance. (CVE-2014-0119)\n\nThe CVE-2014-0075 issue was discovered by David Jorm of Red Hat Product\nSecurity.\n\nAll users of Red Hat JBoss Enterprise Application Platform 6.2.4 on Red Hat\nEnterprise Linux 5 and 6 are advised to upgrade to these updated packages.\nThe JBoss server process must be restarted for the update to take effect.\n", "modified": "2018-06-07T02:39:06", "published": "2014-07-07T04:00:00", "id": "RHSA-2014:0843", "href": "https://access.redhat.com/errata/RHSA-2014:0843", "type": "redhat", "title": "(RHSA-2014:0843) Moderate: Red Hat JBoss Enterprise Application Platform 6.2.4 security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-08-13T18:46:46", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4590", "CVE-2014-0118", "CVE-2014-0119", "CVE-2014-0226", "CVE-2014-0231"], "description": "Red Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library.\n\nThis release serves as a replacement for Red Hat JBoss Web Server 2.0.1,\nand includes several bug fixes. Refer to the Red Hat JBoss Web Server 2.1.0\nRelease Notes, linked to in the References section, for information on the\nmost significant of these changes.\n\nThe following security issues are also fixed with this release:\n\nA race condition flaw, leading to heap-based buffer overflows, was found in\nthe mod_status httpd module. A remote attacker able to access a status page\nserved by mod_status on a server using a threaded Multi-Processing Module\n(MPM) could send a specially crafted request that would cause the httpd\nchild process to crash or, possibly, allow the attacker to execute\narbitrary code with the privileges of the \"apache\" user. (CVE-2014-0226)\n\nA denial of service flaw was found in the way httpd's mod_deflate module\nhandled request body decompression (configured via the \"DEFLATE\" input\nfilter). A remote attacker able to send a request whose body would be\ndecompressed could use this flaw to consume an excessive amount of system\nmemory and CPU on the target system. (CVE-2014-0118)\n\nA denial of service flaw was found in the way httpd's mod_cgid module\nexecuted CGI scripts that did not read data from the standard input.\nA remote attacker could submit a specially crafted request that would cause\nthe httpd child process to hang indefinitely. (CVE-2014-0231)\n\nIt was found that several application-provided XML files, such as web.xml,\ncontent.xml, *.tld, *.tagx, and *.jspx, resolved external entities,\npermitting XML External Entity (XXE) attacks. An attacker able to deploy\nmalicious applications to Tomcat could use this flaw to circumvent security\nrestrictions set by the JSM, and gain access to sensitive information on\nthe system. Note that this flaw only affected deployments in which Tomcat\nis running applications from untrusted sources, such as in a shared hosting\nenvironment. (CVE-2013-4590)\n\nIt was found that, in certain circumstances, it was possible for a\nmalicious web application to replace the XML parsers used by Tomcat to\nprocess XSLTs for the default servlet, JSP documents, tag library\ndescriptors (TLDs), and tag plug-in configuration files. The injected XML\nparser(s) could then bypass the limits imposed on XML external entities\nand/or gain access to the XML files processed for other web applications\ndeployed on the same Tomcat instance. (CVE-2014-0119)\n\nAll users of Red Hat JBoss Web Server 2.0.1 on Red Hat Enterprise Linux 5\nare advised to upgrade to Red Hat JBoss Web Server 2.1.0. The JBoss server\nprocess must be restarted for this update to take effect.\n", "modified": "2018-08-09T19:46:59", "published": "2014-08-21T04:00:00", "id": "RHSA-2014:1088", "href": "https://access.redhat.com/errata/RHSA-2014:1088", "type": "redhat", "title": "(RHSA-2014:1088) Important: Red Hat JBoss Web Server 2.1.0 update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-11T13:33:31", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4590", "CVE-2014-0118", "CVE-2014-0119", "CVE-2014-0226", "CVE-2014-0227", "CVE-2014-0231"], "description": "Red Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library.\n\nThis release serves as a replacement for Red Hat JBoss Web Server 2.0.1,\nand includes several bug fixes. Refer to the Red Hat JBoss Web Server 2.1.0\nRelease Notes, linked to in the References section, for information on the\nmost significant of these changes.\n\nThe following security issues are also fixed with this release:\n\nA race condition flaw, leading to heap-based buffer overflows, was found in\nthe mod_status httpd module. A remote attacker able to access a status page\nserved by mod_status on a server using a threaded Multi-Processing Module\n(MPM) could send a specially crafted request that would cause the httpd\nchild process to crash or, possibly, allow the attacker to execute\narbitrary code with the privileges of the \"apache\" user. (CVE-2014-0226)\n\nA denial of service flaw was found in the way httpd's mod_deflate module\nhandled request body decompression (configured via the \"DEFLATE\" input\nfilter). A remote attacker able to send a request whose body would be\ndecompressed could use this flaw to consume an excessive amount of system\nmemory and CPU on the target system. (CVE-2014-0118)\n\nA denial of service flaw was found in the way httpd's mod_cgid module\nexecuted CGI scripts that did not read data from the standard input.\nA remote attacker could submit a specially crafted request that would cause\nthe httpd child process to hang indefinitely. (CVE-2014-0231)\n\nIt was found that several application-provided XML files, such as web.xml,\ncontent.xml, *.tld, *.tagx, and *.jspx, resolved external entities,\npermitting XML External Entity (XXE) attacks. An attacker able to deploy\nmalicious applications to Tomcat could use this flaw to circumvent security\nrestrictions set by the JSM, and gain access to sensitive information on\nthe system. Note that this flaw only affected deployments in which Tomcat\nis running applications from untrusted sources, such as in a shared hosting\nenvironment. (CVE-2013-4590)\n\nIt was found that, in certain circumstances, it was possible for a\nmalicious web application to replace the XML parsers used by Tomcat to\nprocess XSLTs for the default servlet, JSP documents, tag library\ndescriptors (TLDs), and tag plug-in configuration files. The injected XML\nparser(s) could then bypass the limits imposed on XML external entities\nand/or gain access to the XML files processed for other web applications\ndeployed on the same Tomcat instance. (CVE-2014-0119)\n\nAll users of Red Hat JBoss Web Server 2.0.1 on Red Hat Enterprise Linux 6\nare advised to upgrade to Red Hat JBoss Web Server 2.1.0. The JBoss server\nprocess must be restarted for this update to take effect.", "modified": "2018-06-07T02:42:48", "published": "2014-08-21T19:24:12", "id": "RHSA-2014:1087", "href": "https://access.redhat.com/errata/RHSA-2014:1087", "type": "redhat", "title": "(RHSA-2014:1087) Important: Red Hat JBoss Web Server 2.1.0 update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-11T13:32:49", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0058", "CVE-2014-0059", "CVE-2014-0075", "CVE-2014-0096", "CVE-2014-0099", "CVE-2014-0119", "CVE-2014-3481"], "description": "Red Hat JBoss Data Grid is a distributed in-memory data grid, based on\nInfinispan.\n\nThis release of Red Hat JBoss Data Grid 6.3.0 serves as a replacement for\nRed Hat JBoss Data Grid 6.2.1. It includes various bug fixes and\nenhancements which are detailed in the Red Hat JBoss Data Grid 6.3.0\nRelease Notes. The Release Notes will be available shortly from\nhttps://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Data_Grid/\n\nThis update also fixes the following security issues:\n\nIt was discovered that JBoss Web did not limit the length of chunk sizes\nwhen using chunked transfer encoding. A remote attacker could use this flaw\nto perform a denial of service attack against JBoss Web by streaming an\nunlimited quantity of data, leading to excessive consumption of server\nresources. (CVE-2014-0075)\n\nIt was found that JBoss Web did not check for overflowing values when\nparsing request content length headers. A remote attacker could use this\nflaw to perform an HTTP request smuggling attack on a JBoss Web server\nlocated behind a reverse proxy that processed the content length header\ncorrectly. (CVE-2014-0099)\n\nIt was found that the security audit functionality, provided by Red Hat\nJBoss Data Grid, logged request parameters in plain text. This may have\ncaused passwords to be included in the audit log files when using BASIC or\nFORM-based authentication. A local attacker with access to audit log files\ncould possibly use this flaw to obtain application or server authentication\ncredentials. Refer to the Solution section of this advisory for additional\ninformation on the fix for this issue. (CVE-2014-0058)\n\nIt was found that the security auditing functionality provided by PicketBox\nand JBossSX, both security frameworks for Java applications, used a\nworld-readable audit.log file to record sensitive information. A local user\ncould possibly use this flaw to gain access to the sensitive information in\nthe audit.log file. (CVE-2014-0059)\n\nIt was found that the org.apache.catalina.servlets.DefaultServlet\nimplementation in JBoss Web allowed the definition of XML External Entities\n(XXEs) in provided XSLTs. A malicious application could use this to\ncircumvent intended security restrictions to disclose sensitive\ninformation. (CVE-2014-0096)\n\nIt was found that, in certain circumstances, it was possible for a\nmalicious web application to replace the XML parsers used by JBoss Web to\nprocess XSLTs for the default servlet, JSP documents, tag library\ndescriptors (TLDs), and tag plug-in configuration files. The injected XML\nparser(s) could then bypass the limits imposed on XML external entities\nand/or gain access to the XML files processed for other web applications\ndeployed on the same JBoss Web instance. (CVE-2014-0119)\n\nThe CVE-2014-0075 issue was discovered by David Jorm of Red Hat Product\nSecurity.\n\nAll users of Red Hat JBoss Data Grid 6.2.1 as provided from the Red Hat\nCustomer Portal are advised to upgrade to Red Hat JBoss Data Grid 6.3.0.", "modified": "2019-02-20T17:17:15", "published": "2014-07-16T21:02:12", "id": "RHSA-2014:0895", "href": "https://access.redhat.com/errata/RHSA-2014:0895", "type": "redhat", "title": "(RHSA-2014:0895) Moderate: Red Hat JBoss Data Grid 6.3.0 update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T14:34:01", "bulletinFamily": "unix", "cvelist": ["CVE-2012-5783", "CVE-2012-6153", "CVE-2013-4002", "CVE-2013-5855", "CVE-2014-0075", "CVE-2014-0096", "CVE-2014-0099", "CVE-2014-0119", "CVE-2014-0193", "CVE-2014-0227", "CVE-2014-3481", "CVE-2014-3490", "CVE-2014-3530", "CVE-2014-3577"], "description": "Red Hat JBoss Data Virtualization is a lean data integration solution that\nprovides easy, real-time, and unified data access across disparate sources\nto multiple applications and users. JBoss Data Virtualization makes data\nspread across physically distinct systems-such as multiple databases, XML\nfiles, and even Hadoop systems-appear as a set of tables in a local\ndatabase.\n\nThis roll up patch serves as a cumulative upgrade for Red Hat JBoss Data\nVirtualization 6.0.0. It includes various bug fixes, which are listed in\nthe README file included with the patch files.\n\nThe following security issues are also fixed with this release,\ndescriptions of which can be found on the respective CVE pages linked in\nthe References section.\n\nCVE-2012-6153 Apache HttpComponents client: SSL hostname verification\nbypass, incomplete CVE-2012-5783 fix\n\nCVE-2014-3577 Apache HttpComponents client: SSL hostname verification\nbypass, incomplete CVE-2012-6153 fix\n\nCVE-2014-3530 PicketLink: XXE via insecure DocumentBuilderFactory usage\n\nCVE-2013-4002 Xerces-J2 OpenJDK: XML parsing Denial of Service (JAXP,\n8017298)\n\nCVE-2013-5855 Mojarra JSF: XSS due to insufficient escaping of\nuser-supplied content in outputText tags and EL expressions\n\nCVE-2014-0075 Tomcat/JBossWeb: Limited DoS in chunked transfer encoding\ninput filter\n\nCVE-2014-0099 Tomcat/JBossWeb: Request smuggling via malicious content\nlength header\n\nCVE-2014-3481 JBoss AS JAX-RS: Information disclosure via XML eXternal\nEntity (XXE)\n\nCVE-2014-3490 RESTEasy: XXE via parameter entities\n\nCVE-2014-0096 Tomcat/JBossWeb: XXE vulnerability via user supplied XSLTs\n\nCVE-2014-0119 Tomcat/JBossWeb: XML parser hijack by malicious web\napplication\n\nCVE-2014-0193 netty: DoS via memory exhaustion during data aggregation\n\nCVE-2014-0227 Tomcat/JBossWeb: Limited DoS in chunked transfer encoding input filter \n\nRed Hat would like to thank James Roper of Typesafe for reporting\nCVE-2014-0193, and Alexander Papadakis for reporting CVE-2014-3530.\nThe CVE-2012-6153 issue was discovered by Florian Weimer of Red Hat Product\nSecurity, the CVE-2014-0075 and CVE-2014-3490 issues were discovered by\nDavid Jorm of Red Hat Product Security, and the CVE-2014-3481 issue was\ndiscovered by the Red Hat JBoss Enterprise Application Platform QE team.\n\nAll users of Red Hat JBoss Data Virtualization 6.0.0 as provided from the\nRed Hat Customer Portal are advised to apply this roll up patch.", "modified": "2019-02-20T17:21:42", "published": "2015-03-31T20:57:22", "id": "RHSA-2015:0765", "href": "https://access.redhat.com/errata/RHSA-2015:0765", "type": "redhat", "title": "(RHSA-2015:0765) Important: Red Hat JBoss Data Virtualization 6.0.0 security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T14:35:19", "bulletinFamily": "unix", "cvelist": ["CVE-2012-5783", "CVE-2012-6153", "CVE-2013-4002", "CVE-2013-5855", "CVE-2014-0005", "CVE-2014-0075", "CVE-2014-0096", "CVE-2014-0099", "CVE-2014-0119", "CVE-2014-0193", "CVE-2014-0227", "CVE-2014-3472", "CVE-2014-3481", "CVE-2014-3490", "CVE-2014-3530", "CVE-2014-3558", "CVE-2014-3577", "CVE-2014-3578", "CVE-2014-3625"], "description": "Red Hat JBoss Fuse Service Works is the next-generation ESB and business\nprocess automation infrastructure.\n\nThis roll up patch serves as a cumulative upgrade for Red Hat JBoss Fuse\nService Works 6.0.0. It includes various bug fixes, which are listed in the\nREADME file included with the patch files.\n\nThe following security issues are also fixed with this release,\ndescriptions of which can be found on the respective CVE pages linked in\nthe References section.\n\nCVE-2012-6153 Apache HttpComponents client: SSL hostname verification\nbypass, incomplete CVE-2012-5783 fix\n\nCVE-2014-3577 Apache HttpComponents client: SSL hostname verification\nbypass, incomplete CVE-2012-6153 fix\n\nCVE-2014-3625 spring: Spring Framework: directory traversal flaw\n\nCVE-2014-3578 spring: Spring Framework: Directory traversal\n\nCVE-2014-3558 hibernate-validator: Hibernate Validator: JSM bypass via\nReflectionHelper\n\nCVE-2014-3530 PicketLink: XXE via insecure DocumentBuilderFactory usage\n\nCVE-2014-3490 RESTEasy: XXE via parameter entities\n\nCVE-2014-3481 jboss-as-jaxrs: JBoss AS JAX-RS: Information disclosure via\nXML eXternal Entity (XXE)\n\nCVE-2014-3472 jboss-as-controller: JBoss AS Security: Invalid EJB caller\nrole check implementation\n\nCVE-2014-0227 Tomcat/JBossWeb: Limited DoS in chunked transfer encoding\ninput filter\n\nCVE-2014-0193 netty: DoS via memory exhaustion during data aggregation\n\nCVE-2014-0119 jbossweb: Apache Tomcat 6: XML parser hijack by malicious web\napplication\n\nCVE-2014-0099 jbossweb: Apache Tomcat: Request smuggling via malicious\ncontent length header\n\nCVE-2014-0096 jbossweb: Apache Tomcat: XXE vulnerability via user supplied\nXSLTs\n\nCVE-2014-0075 jbossweb: tomcat: Limited DoS in chunked transfer encoding\ninput filter\n\nCVE-2014-0005 security: PicketBox/JBossSX: Unauthorized access to and\nmodification of application server configuration and state by application\n\nCVE-2013-5855 Mojarra JSF: XSS due to insufficient escaping of\nuser-supplied content in outputText tags and EL expressions\n\nCVE-2013-4002 xerces-j2: Xerces-J2 OpenJDK: XML parsing Denial of Service\n(JAXP, 8017298)\n\nRed Hat would like to thank James Roper of Typesafe for reporting the\nCVE-2014-0193 issue; CA Technologies for reporting the CVE-2014-3472\nissue; and Alexander Papadakis for reporting the CVE-2014-3530 issue. The\nCVE-2012-6153 issue was discovered by Florian Weimer of Red Hat Product\nSecurity; the CVE-2014-0005 issue was discovered by Josef Cacek of the Red\nHat JBoss EAP Quality Engineering team; the CVE-2014-3481 issue was\ndiscovered by the Red Hat JBoss Enterprise Application Platform QE team;\nand the CVE-2014-0075 and CVE-2014-3490 issues were discovered by David\nJorm of Red Hat Product Security.\n\nAll users of Red Hat JBoss Fuse Service Works 6.0.0 as provided from the\nRed Hat Customer Portal are advised to apply this roll up patch.", "modified": "2019-02-20T17:23:57", "published": "2015-03-25T00:57:38", "id": "RHSA-2015:0720", "href": "https://access.redhat.com/errata/RHSA-2015:0720", "type": "redhat", "title": "(RHSA-2015:0720) Important: Red Hat JBoss Fuse Service Works 6.0.0 security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-11T13:32:18", "bulletinFamily": "unix", "cvelist": ["CVE-2012-5783", "CVE-2012-6153", "CVE-2013-4002", "CVE-2013-4517", "CVE-2013-5855", "CVE-2014-0059", "CVE-2014-0075", "CVE-2014-0096", "CVE-2014-0099", "CVE-2014-0119", "CVE-2014-0193", "CVE-2014-0227", "CVE-2014-3481", "CVE-2014-3490", "CVE-2014-3530", "CVE-2014-3577", "CVE-2014-3578", "CVE-2014-3623", "CVE-2014-7839", "CVE-2014-8122"], "description": "Red Hat JBoss Data Virtualization is a lean data integration solution that\nprovides easy, real-time, and unified data access across disparate sources\nto multiple applications and users. JBoss Data Virtualization makes data\nspread across physically distinct systems\u2014such as multiple databases, XML\nfiles, and even Hadoop systems\u2014appear as a set of tables in a local\ndatabase.\n\nThe release of Red Hat JBoss Data Virtualization 6.1.0 serves as a\nreplacement for Red Hat JBoss Data Virtualization 6.0.0. It includes\nvarious bug fixes, which are listed in the README file included with the\npatch files.\n\nThe following security issues are also fixed with this release,\ndescriptions of which can be found on the respective CVE pages linked in\nthe References section.\n\nCVE-2012-6153 Apache HttpComponents client / Apache CXF: SSL hostname\nverification bypass, incomplete CVE-2012-5783 fix\n\nCVE-2014-3577 Apache HttpComponents client / Apache CXF: SSL hostname\nverification bypass, incomplete CVE-2012-6153 fix\n\nCVE-2013-4002 Xerces-J2 OpenJDK: XML parsing Denial of Service (JAXP,\n8017298)\n\nCVE-2013-4517 Apache Santuario XML Security for Java: Java XML Signature\nDoS Attack\n\nCVE-2013-5855 Mojarra JSF: XSS due to insufficient escaping of\nuser-supplied content in outputText tags and EL expressions\n\nCVE-2014-0059 JBossSX/PicketBox: World readable audit.log file\n\nCVE-2014-0075 Tomcat/JBossWeb: Limited DoS in chunked transfer encoding\ninput filter\n\nCVE-2014-0096 Tomcat/JBossWeb: XXE vulnerability via user supplied XSLTs\n\nCVE-2014-0099 Tomcat/JBossWeb: Request smuggling via malicious content\nlength header\n\nCVE-2014-0119 Tomcat/JBossWeb: XML parser hijack by malicious web\napplication\n\nCVE-2014-0193 netty: DoS via memory exhaustion during data aggregation\n\nCVE-2014-0227 Tomcat/JBossWeb: Limited DoS in chunked transfer encoding\ninput filter\n\nCVE-2014-3481 JBoss AS JAX-RS: Information disclosure via XML eXternal\nEntity (XXE)\n\nCVE-2014-3490 RESTEasy: XXE via parameter entities\n\nCVE-2014-3530 PicketLink: XXE via insecure DocumentBuilderFactory usage\n\nCVE-2014-3623 Apache WSS4J / Apache CXF: Improper security semantics\nenforcement of SAML SubjectConfirmation methods\n\nCVE-2014-7839 RESTeasy: External entities expanded by DocumentProvider\n\nCVE-2014-8122 JBoss Weld: Limited information disclosure via stale thread\nstate\n\nRed Hat would like to thank James Roper of Typesafe for reporting\nCVE-2014-0193, Alexander Papadakis for reporting CVE-2014-3530, and Rune\nSteinseth of JProfessionals for reporting CVE-2014-8122. The CVE-2012-6153\nissue was discovered by Florian Weimer of Red Hat Product Security, the\nCVE-2014-0075 and CVE-2014-3490 issues were discovered by David Jorm of Red\nHat Product Security, and the CVE-2014-3481 issue was discovered by the Red\nHat JBoss Enterprise Application Platform QE team.\n\nAll users of Red Hat JBoss Data Virtualization 6.0.0 as provided from the\nRed Hat Customer Portal are advised to apply this roll up patch.", "modified": "2019-02-20T17:19:46", "published": "2015-03-11T20:43:55", "id": "RHSA-2015:0675", "href": "https://access.redhat.com/errata/RHSA-2015:0675", "type": "redhat", "title": "(RHSA-2015:0675) Important: Red Hat JBoss Data Virtualization 6.1.0 update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "kaspersky": [{"lastseen": "2020-09-02T11:42:16", "bulletinFamily": "info", "cvelist": ["CVE-2014-0119"], "description": "### *Detect date*:\n05/31/2014\n\n### *Severity*:\nWarning\n\n### *Description*:\nAn improper class constriction vulnerability was found in Apache Tomcat. By exploiting this vulnerability malicious users can read arbitrary files. This vulnerability can be exploited from the network at a point related to the XML parser via a specially designed web application.\n\n### *Affected products*:\nApache Tomcat versions 6.0.40 and earlier \nApache Tomcat 7 versions 7.0.53 and earlier \nApache Tomcat 8 versions 8.0.5 and earlier \n\n### *Solution*:\nUpdate to latest version\n\n### *Original advisories*:\n[Apache changelog](<http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.54>) \n\n\n### *Impacts*:\nRLF \n\n### *Related products*:\n[Apache Tomcat](<https://threats.kaspersky.com/en/product/Apache-Tomcat/>)\n\n### *CVE-IDS*:\n[CVE-2014-0119](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0119>)4.3Warning", "edition": 39, "modified": "2020-05-22T00:00:00", "published": "2014-05-31T00:00:00", "id": "KLA10070", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10070", "title": "\r KLA10070RLF vulnerability in Apache Tomcat ", "type": "kaspersky", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "nessus": [{"lastseen": "2020-09-25T08:56:10", "description": "From Red Hat Security Advisory 2014:1034 :\n\nUpdated tomcat packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Low security\nimpact. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available from the CVE link in\nthe References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nIt was found that, in certain circumstances, it was possible for a\nmalicious web application to replace the XML parsers used by Apache\nTomcat to process XSLTs for the default servlet, JSP documents, tag\nlibrary descriptors (TLDs), and tag plug-in configuration files. The\ninjected XML parser(s) could then bypass the limits imposed on XML\nexternal entities and/or gain access to the XML files processed for\nother web applications deployed on the same Apache Tomcat instance.\n(CVE-2014-0119)\n\nAll Tomcat users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. Tomcat must be\nrestarted for this update to take effect.", "edition": 19, "published": "2014-08-08T00:00:00", "title": "Oracle Linux 7 : tomcat (ELSA-2014-1034)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0119"], "modified": "2014-08-08T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:tomcat-javadoc", "p-cpe:/a:oracle:linux:tomcat-jsvc", "p-cpe:/a:oracle:linux:tomcat-el-2.2-api", "p-cpe:/a:oracle:linux:tomcat", "p-cpe:/a:oracle:linux:tomcat-docs-webapp", "p-cpe:/a:oracle:linux:tomcat-servlet-3.0-api", "p-cpe:/a:oracle:linux:tomcat-admin-webapps", "p-cpe:/a:oracle:linux:tomcat-jsp-2.2-api", "p-cpe:/a:oracle:linux:tomcat-lib", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:tomcat-webapps"], "id": "ORACLELINUX_ELSA-2014-1034.NASL", "href": "https://www.tenable.com/plugins/nessus/77077", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2014:1034 and \n# Oracle Linux Security Advisory ELSA-2014-1034 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(77077);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/24\");\n\n script_cve_id(\"CVE-2014-0119\");\n script_bugtraq_id(65768, 67667, 67668, 67669, 67671);\n script_xref(name:\"RHSA\", value:\"2014:1034\");\n\n script_name(english:\"Oracle Linux 7 : tomcat (ELSA-2014-1034)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2014:1034 :\n\nUpdated tomcat packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Low security\nimpact. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available from the CVE link in\nthe References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nIt was found that, in certain circumstances, it was possible for a\nmalicious web application to replace the XML parsers used by Apache\nTomcat to process XSLTs for the default servlet, JSP documents, tag\nlibrary descriptors (TLDs), and tag plug-in configuration files. The\ninjected XML parser(s) could then bypass the limits imposed on XML\nexternal entities and/or gain access to the XML files processed for\nother web applications deployed on the same Apache Tomcat instance.\n(CVE-2014-0119)\n\nAll Tomcat users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. Tomcat must be\nrestarted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2014-August/004343.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/05/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-7.0.42-8.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-admin-webapps-7.0.42-8.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-docs-webapp-7.0.42-8.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-el-2.2-api-7.0.42-8.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-javadoc-7.0.42-8.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-jsp-2.2-api-7.0.42-8.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-jsvc-7.0.42-8.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-lib-7.0.42-8.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-servlet-3.0-api-7.0.42-8.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-webapps-7.0.42-8.el7_0\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-09-14T19:09:30", "description": "According to its self-reported version number, the instance of Apache\nTomcat 7.0.x listening on the remote host is prior to 7.0.54. It is,\ntherefore, affected by an information disclosure vulnerability.\n\nAn error exists that allows undesired XML parsers to be injected into\nthe application by a malicious web application, allows the bypassing\nof security controls, and allows the processing of external XML\nentities.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.", "edition": 18, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}, "published": "2014-05-30T00:00:00", "title": "Apache Tomcat 7.0.x < 7.0.54 XML Parser Information Disclosure", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0119"], "modified": "2014-05-30T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_7_0_54.NASL", "href": "https://www.tenable.com/plugins/nessus/74247", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74247);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/11\");\n\n script_cve_id(\"CVE-2014-0119\");\n script_bugtraq_id(67669);\n\n script_name(english:\"Apache Tomcat 7.0.x < 7.0.54 XML Parser Information Disclosure\");\n script_summary(english:\"Checks the Apache Tomcat version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apache Tomcat server is affected by an information\ndisclosure vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the instance of Apache\nTomcat 7.0.x listening on the remote host is prior to 7.0.54. It is,\ntherefore, affected by an information disclosure vulnerability.\n\nAn error exists that allows undesired XML parsers to be injected into\nthe application by a malicious web application, allows the bypassing\nof security controls, and allows the processing of external XML\nentities.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.54\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Tomcat version 7.0.54 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0119\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/05/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/05/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n\n\n exit(0);\n}\n\ninclude(\"tomcat_version.inc\");\n\ntomcat_check_version(fixed:\"7.0.54\", min:\"7.0.0\", severity:SECURITY_WARNING, granularity_regex:\"^7(\\.0)?$\");\n\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-06T09:29:43", "description": "Updated tomcat packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Low security\nimpact. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available from the CVE link in\nthe References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nIt was found that, in certain circumstances, it was possible for a\nmalicious web application to replace the XML parsers used by Apache\nTomcat to process XSLTs for the default servlet, JSP documents, tag\nlibrary descriptors (TLDs), and tag plug-in configuration files. The\ninjected XML parser(s) could then bypass the limits imposed on XML\nexternal entities and/or gain access to the XML files processed for\nother web applications deployed on the same Apache Tomcat instance.\n(CVE-2014-0119)\n\nAll Tomcat users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. Tomcat must be\nrestarted for this update to take effect.", "edition": 23, "published": "2014-08-08T00:00:00", "title": "CentOS 7 : tomcat (CESA-2014:1034)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0119"], "modified": "2014-08-08T00:00:00", "cpe": ["cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:tomcat-jsvc", "p-cpe:/a:centos:centos:tomcat-lib", "p-cpe:/a:centos:centos:tomcat-javadoc", "p-cpe:/a:centos:centos:tomcat-el-2.2-api", "p-cpe:/a:centos:centos:tomcat-servlet-3.0-api", "p-cpe:/a:centos:centos:tomcat-docs-webapp", "p-cpe:/a:centos:centos:tomcat", "p-cpe:/a:centos:centos:tomcat-webapps", "p-cpe:/a:centos:centos:tomcat-jsp-2.2-api", "p-cpe:/a:centos:centos:tomcat-admin-webapps"], "id": "CENTOS_RHSA-2014-1034.NASL", "href": "https://www.tenable.com/plugins/nessus/77060", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:1034 and \n# CentOS Errata and Security Advisory 2014:1034 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77060);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2014-0119\");\n script_xref(name:\"RHSA\", value:\"2014:1034\");\n\n script_name(english:\"CentOS 7 : tomcat (CESA-2014:1034)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated tomcat packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Low security\nimpact. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available from the CVE link in\nthe References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nIt was found that, in certain circumstances, it was possible for a\nmalicious web application to replace the XML parsers used by Apache\nTomcat to process XSLTs for the default servlet, JSP documents, tag\nlibrary descriptors (TLDs), and tag plug-in configuration files. The\ninjected XML parser(s) could then bypass the limits imposed on XML\nexternal entities and/or gain access to the XML files processed for\nother web applications deployed on the same Apache Tomcat instance.\n(CVE-2014-0119)\n\nAll Tomcat users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. Tomcat must be\nrestarted for this update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2014-August/020478.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9fb9bc1b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0119\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/05/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-7.0.42-8.el7_0\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-admin-webapps-7.0.42-8.el7_0\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-docs-webapp-7.0.42-8.el7_0\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-el-2.2-api-7.0.42-8.el7_0\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-javadoc-7.0.42-8.el7_0\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-jsp-2.2-api-7.0.42-8.el7_0\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-jsvc-7.0.42-8.el7_0\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-lib-7.0.42-8.el7_0\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-servlet-3.0-api-7.0.42-8.el7_0\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-webapps-7.0.42-8.el7_0\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-09-14T19:09:32", "description": "According to its self-reported version number, the instance of Apache\nTomcat 8.0.x listening on the remote host is a version prior to 8.0.5.\nIt is, therefore, affected by an information disclosure vulnerability.\nAn error exists that allows undesired XML parsers to be injected into\nthe application by a malicious web application, the bypassing security\ncontrols, and the processing of external XML entities.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.", "edition": 18, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}, "published": "2014-05-30T00:00:00", "title": "Apache Tomcat 8.0.x < 8.0.6 XML Parser Information Disclosure", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0119"], "modified": "2014-05-30T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_8_0_8.NASL", "href": "https://www.tenable.com/plugins/nessus/74249", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74249);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/11\");\n\n script_cve_id(\"CVE-2014-0119\");\n script_bugtraq_id(67669);\n\n script_name(english:\"Apache Tomcat 8.0.x < 8.0.6 XML Parser Information Disclosure\");\n script_summary(english:\"Checks the Apache Tomcat version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apache Tomcat server is affected by an information\ndisclosure vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the instance of Apache\nTomcat 8.0.x listening on the remote host is a version prior to 8.0.5.\nIt is, therefore, affected by an information disclosure vulnerability.\nAn error exists that allows undesired XML parsers to be injected into\nthe application by a malicious web application, the bypassing security\ncontrols, and the processing of external XML entities.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.8\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Tomcat version 8.0.8 or later.\n\nNote that while version 8.0.6 fixes these issues, that version as well\nas 8.0.7 were not officially released, and the vendor recommends\nupgrading to 8.0.8 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0119\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/05/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/05/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n\n\n exit(0);\n}\n\ninclude(\"tomcat_version.inc\");\n\n# Note that 8.0.6 and 8.0.7\n# are not affected, but were not released\ntomcat_check_version(fixed:\"8.0.6\", min:\"8.0.0\", severity:SECURITY_WARNING, granularity_regex:\"^8(\\.0)?$\");\n\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-09-25T09:15:26", "description": "Updated tomcat packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Low security\nimpact. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available from the CVE link in\nthe References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nIt was found that, in certain circumstances, it was possible for a\nmalicious web application to replace the XML parsers used by Apache\nTomcat to process XSLTs for the default servlet, JSP documents, tag\nlibrary descriptors (TLDs), and tag plug-in configuration files. The\ninjected XML parser(s) could then bypass the limits imposed on XML\nexternal entities and/or gain access to the XML files processed for\nother web applications deployed on the same Apache Tomcat instance.\n(CVE-2014-0119)\n\nAll Tomcat users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. Tomcat must be\nrestarted for this update to take effect.", "edition": 23, "published": "2014-08-08T00:00:00", "title": "RHEL 7 : tomcat (RHSA-2014:1034)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0119"], "modified": "2014-08-08T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7.4", "p-cpe:/a:redhat:enterprise_linux:tomcat-servlet-3.0-api", "cpe:/o:redhat:enterprise_linux:7.7", "p-cpe:/a:redhat:enterprise_linux:tomcat-el-2.2-api", "cpe:/o:redhat:enterprise_linux:7.5", "p-cpe:/a:redhat:enterprise_linux:tomcat-docs-webapp", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:tomcat-jsvc", "p-cpe:/a:redhat:enterprise_linux:tomcat-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat-webapps", "cpe:/o:redhat:enterprise_linux:7.3", "p-cpe:/a:redhat:enterprise_linux:tomcat-jsp-2.2-api", "cpe:/o:redhat:enterprise_linux:7.6", "p-cpe:/a:redhat:enterprise_linux:tomcat-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat"], "id": "REDHAT-RHSA-2014-1034.NASL", "href": "https://www.tenable.com/plugins/nessus/77082", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:1034. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(77082);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/24\");\n\n script_cve_id(\"CVE-2014-0119\");\n script_xref(name:\"RHSA\", value:\"2014:1034\");\n\n script_name(english:\"RHEL 7 : tomcat (RHSA-2014:1034)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated tomcat packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Low security\nimpact. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available from the CVE link in\nthe References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nIt was found that, in certain circumstances, it was possible for a\nmalicious web application to replace the XML parsers used by Apache\nTomcat to process XSLTs for the default servlet, JSP documents, tag\nlibrary descriptors (TLDs), and tag plug-in configuration files. The\ninjected XML parser(s) could then bypass the limits imposed on XML\nexternal entities and/or gain access to the XML files processed for\nother web applications deployed on the same Apache Tomcat instance.\n(CVE-2014-0119)\n\nAll Tomcat users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. Tomcat must be\nrestarted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:1034\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0119\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/05/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:1034\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-7.0.42-8.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-admin-webapps-7.0.42-8.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-docs-webapp-7.0.42-8.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-el-2.2-api-7.0.42-8.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-javadoc-7.0.42-8.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-jsp-2.2-api-7.0.42-8.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-jsvc-7.0.42-8.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-lib-7.0.42-8.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-servlet-3.0-api-7.0.42-8.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-webapps-7.0.42-8.el7_0\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc\");\n }\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-01T04:33:46", "description": "The version of Oracle Enterprise Data Quality running on the remote\nhost is affected by multiple vulnerabilities :\n\n - A flaw in Apache Commons BeanUtils allows a remote\n attacker to execute arbitrary code by manipulating the\n ClassLoader. (CVE-2014-0114)\n\n - A flaw in Apache Tomcat allows a remote attacker to\n replace the XML parsers and thereby gain access to\n sensitive information. (CVE-2014-0119)", "edition": 26, "published": "2014-10-30T00:00:00", "title": "Oracle Enterprise Data Quality Multiple Vulnerabilities (October 2014 CPU)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0119", "CVE-2014-0114"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:oracle:fusion_middleware"], "id": "ORACLE_EDQ_OCT_2014_CPU.NASL", "href": "https://www.tenable.com/plugins/nessus/78749", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78749);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/11/25\");\n\n script_cve_id(\"CVE-2014-0114\", \"CVE-2014-0119\");\n script_bugtraq_id(67121, 67669);\n\n script_name(english:\"Oracle Enterprise Data Quality Multiple Vulnerabilities (October 2014 CPU)\");\n script_summary(english:\"Checks the versions.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle Enterprise Data Quality running on the remote\nhost is affected by multiple vulnerabilities :\n\n - A flaw in Apache Commons BeanUtils allows a remote\n attacker to execute arbitrary code by manipulating the\n ClassLoader. (CVE-2014-0114)\n\n - A flaw in Apache Tomcat allows a remote attacker to\n replace the XML parsers and thereby gain access to\n sensitive information. (CVE-2014-0119)\");\n # https://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1ada40cc\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the October 2014 Oracle\nCritical Patch Update advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apache Struts ClassLoader Manipulation Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:fusion_middleware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_edq_director_detect.nbin\");\n script_require_keys(\"installed_sw/Oracle Enterprise Data Quality Director\");\n script_require_ports(\"Services/www\", 9002);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:9002);\n\napp_name = \"Oracle Enterprise Data Quality Director\";\n\ninstall = get_single_install(app_name:app_name, exit_if_unknown_ver:TRUE, port:port);\nversion = install[\"version\"];\npath = install[\"path\"];\n\nitem = eregmatch(pattern:\"^([0-9.]+[0-9])\\.?([^0-9.]|$)\", string:version);\n# should never happen\nif (isnull(item) || isnull(item[1])) exit(1, \"Error parsing version string : \" + version);\nchk_ver = item[1];\n\nfix = \"\";\n\nif (\n chk_ver =~ \"^9\\.0\\.\" &&\n ver_compare(ver:chk_ver, fix:\"9.0.11\", strict:FALSE) == -1\n) fix = \"9.0.11\";\n\n# Looks like Oracle mis-published the patch for this\n# Leaving check out until the correct patch is published\n#if (version =~ \"^8\\.1\\.\" &&\n# ver_compare(ver:version, fix:\"8.1.12\", strict:FALSE) == -1)\n# fix = \"8.1.12\";\n\nif (fix != \"\")\n{\n if (report_verbosity > 0)\n {\n report += \n '\\n URL : ' + build_url(port:port, qs:path) +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, app_name, version);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-25T08:56:10", "description": "From Red Hat Security Advisory 2014:1038 :\n\nUpdated tomcat6 packages that fix two security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Low security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which\ngive detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nIt was found that several application-provided XML files, such as\nweb.xml, content.xml, *.tld, *.tagx, and *.jspx, resolved external\nentities, permitting XML External Entity (XXE) attacks. An attacker\nable to deploy malicious applications to Tomcat could use this flaw to\ncircumvent security restrictions set by the JSM, and gain access to\nsensitive information on the system. Note that this flaw only affected\ndeployments in which Tomcat is running applications from untrusted\nsources, such as in a shared hosting environment. (CVE-2013-4590)\n\nIt was found that, in certain circumstances, it was possible for a\nmalicious web application to replace the XML parsers used by Apache\nTomcat to process XSLTs for the default servlet, JSP documents, tag\nlibrary descriptors (TLDs), and tag plug-in configuration files. The\ninjected XML parser(s) could then bypass the limits imposed on XML\nexternal entities and/or gain access to the XML files processed for\nother web applications deployed on the same Apache Tomcat instance.\n(CVE-2014-0119)\n\nAll Tomcat users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. Tomcat must\nbe restarted for this update to take effect.", "edition": 19, "published": "2014-08-12T00:00:00", "title": "Oracle Linux 6 : tomcat6 (ELSA-2014-1038)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0119", "CVE-2013-4590"], "modified": "2014-08-12T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:tomcat6-servlet-2.5-api", "p-cpe:/a:oracle:linux:tomcat6-lib", "p-cpe:/a:oracle:linux:tomcat6-el-2.1-api", "p-cpe:/a:oracle:linux:tomcat6-webapps", "p-cpe:/a:oracle:linux:tomcat6-admin-webapps", "p-cpe:/a:oracle:linux:tomcat6-javadoc", "p-cpe:/a:oracle:linux:tomcat6", "p-cpe:/a:oracle:linux:tomcat6-docs-webapp", "p-cpe:/a:oracle:linux:tomcat6-jsp-2.1-api"], "id": "ORACLELINUX_ELSA-2014-1038.NASL", "href": "https://www.tenable.com/plugins/nessus/77137", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2014:1038 and \n# Oracle Linux Security Advisory ELSA-2014-1038 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(77137);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/24\");\n\n script_cve_id(\"CVE-2013-4590\", \"CVE-2014-0119\");\n script_bugtraq_id(65768, 67669);\n script_xref(name:\"RHSA\", value:\"2014:1038\");\n\n script_name(english:\"Oracle Linux 6 : tomcat6 (ELSA-2014-1038)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2014:1038 :\n\nUpdated tomcat6 packages that fix two security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Low security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which\ngive detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nIt was found that several application-provided XML files, such as\nweb.xml, content.xml, *.tld, *.tagx, and *.jspx, resolved external\nentities, permitting XML External Entity (XXE) attacks. An attacker\nable to deploy malicious applications to Tomcat could use this flaw to\ncircumvent security restrictions set by the JSM, and gain access to\nsensitive information on the system. Note that this flaw only affected\ndeployments in which Tomcat is running applications from untrusted\nsources, such as in a shared hosting environment. (CVE-2013-4590)\n\nIt was found that, in certain circumstances, it was possible for a\nmalicious web application to replace the XML parsers used by Apache\nTomcat to process XSLTs for the default servlet, JSP documents, tag\nlibrary descriptors (TLDs), and tag plug-in configuration files. The\ninjected XML parser(s) could then bypass the limits imposed on XML\nexternal entities and/or gain access to the XML files processed for\nother web applications deployed on the same Apache Tomcat instance.\n(CVE-2014-0119)\n\nAll Tomcat users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. Tomcat must\nbe restarted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2014-August/004353.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat6 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-6.0.24-78.el6_5\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-admin-webapps-6.0.24-78.el6_5\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-docs-webapp-6.0.24-78.el6_5\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-el-2.1-api-6.0.24-78.el6_5\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-javadoc-6.0.24-78.el6_5\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-jsp-2.1-api-6.0.24-78.el6_5\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-lib-6.0.24-78.el6_5\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-servlet-2.5-api-6.0.24-78.el6_5\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-webapps-6.0.24-78.el6_5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-09-25T09:15:26", "description": "Updated tomcat6 packages that fix two security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Low security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which\ngive detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nIt was found that several application-provided XML files, such as\nweb.xml, content.xml, *.tld, *.tagx, and *.jspx, resolved external\nentities, permitting XML External Entity (XXE) attacks. An attacker\nable to deploy malicious applications to Tomcat could use this flaw to\ncircumvent security restrictions set by the JSM, and gain access to\nsensitive information on the system. Note that this flaw only affected\ndeployments in which Tomcat is running applications from untrusted\nsources, such as in a shared hosting environment. (CVE-2013-4590)\n\nIt was found that, in certain circumstances, it was possible for a\nmalicious web application to replace the XML parsers used by Apache\nTomcat to process XSLTs for the default servlet, JSP documents, tag\nlibrary descriptors (TLDs), and tag plug-in configuration files. The\ninjected XML parser(s) could then bypass the limits imposed on XML\nexternal entities and/or gain access to the XML files processed for\nother web applications deployed on the same Apache Tomcat instance.\n(CVE-2014-0119)\n\nAll Tomcat users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. Tomcat must\nbe restarted for this update to take effect.", "edition": 22, "published": "2014-08-12T00:00:00", "title": "RHEL 6 : tomcat6 (RHSA-2014:1038)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0119", "CVE-2013-4590"], "modified": "2014-08-12T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:tomcat6", "p-cpe:/a:redhat:enterprise_linux:tomcat6-docs-webapp", "cpe:/o:redhat:enterprise_linux:6.5", "p-cpe:/a:redhat:enterprise_linux:tomcat6-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat6-servlet-2.5-api", "p-cpe:/a:redhat:enterprise_linux:tomcat6-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat6-el-2.1-api", "p-cpe:/a:redhat:enterprise_linux:tomcat6-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat6-lib", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:tomcat6-jsp-2.1-api"], "id": "REDHAT-RHSA-2014-1038.NASL", "href": "https://www.tenable.com/plugins/nessus/77141", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:1038. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(77141);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/24\");\n\n script_cve_id(\"CVE-2013-4590\", \"CVE-2014-0119\");\n script_bugtraq_id(65768, 67669);\n script_xref(name:\"RHSA\", value:\"2014:1038\");\n\n script_name(english:\"RHEL 6 : tomcat6 (RHSA-2014:1038)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated tomcat6 packages that fix two security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Low security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which\ngive detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nIt was found that several application-provided XML files, such as\nweb.xml, content.xml, *.tld, *.tagx, and *.jspx, resolved external\nentities, permitting XML External Entity (XXE) attacks. An attacker\nable to deploy malicious applications to Tomcat could use this flaw to\ncircumvent security restrictions set by the JSM, and gain access to\nsensitive information on the system. Note that this flaw only affected\ndeployments in which Tomcat is running applications from untrusted\nsources, such as in a shared hosting environment. (CVE-2013-4590)\n\nIt was found that, in certain circumstances, it was possible for a\nmalicious web application to replace the XML parsers used by Apache\nTomcat to process XSLTs for the default servlet, JSP documents, tag\nlibrary descriptors (TLDs), and tag plug-in configuration files. The\ninjected XML parser(s) could then bypass the limits imposed on XML\nexternal entities and/or gain access to the XML files processed for\nother web applications deployed on the same Apache Tomcat instance.\n(CVE-2014-0119)\n\nAll Tomcat users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. Tomcat must\nbe restarted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://tomcat.apache.org/security-6.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:1038\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0119\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-4590\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:1038\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-6.0.24-78.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-admin-webapps-6.0.24-78.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-docs-webapp-6.0.24-78.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-el-2.1-api-6.0.24-78.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-javadoc-6.0.24-78.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-jsp-2.1-api-6.0.24-78.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-lib-6.0.24-78.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-servlet-2.5-api-6.0.24-78.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-webapps-6.0.24-78.el6_5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n }\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-06T09:29:43", "description": "Updated tomcat6 packages that fix two security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Low security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which\ngive detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nIt was found that several application-provided XML files, such as\nweb.xml, content.xml, *.tld, *.tagx, and *.jspx, resolved external\nentities, permitting XML External Entity (XXE) attacks. An attacker\nable to deploy malicious applications to Tomcat could use this flaw to\ncircumvent security restrictions set by the JSM, and gain access to\nsensitive information on the system. Note that this flaw only affected\ndeployments in which Tomcat is running applications from untrusted\nsources, such as in a shared hosting environment. (CVE-2013-4590)\n\nIt was found that, in certain circumstances, it was possible for a\nmalicious web application to replace the XML parsers used by Apache\nTomcat to process XSLTs for the default servlet, JSP documents, tag\nlibrary descriptors (TLDs), and tag plug-in configuration files. The\ninjected XML parser(s) could then bypass the limits imposed on XML\nexternal entities and/or gain access to the XML files processed for\nother web applications deployed on the same Apache Tomcat instance.\n(CVE-2014-0119)\n\nAll Tomcat users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. Tomcat must\nbe restarted for this update to take effect.", "edition": 23, "published": "2014-08-12T00:00:00", "title": "CentOS 6 : tomcat6 (CESA-2014:1038)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0119", "CVE-2013-4590"], "modified": "2014-08-12T00:00:00", "cpe": ["cpe:/o:centos:centos:6", "p-cpe:/a:centos:centos:tomcat6-servlet-2.5-api", "p-cpe:/a:centos:centos:tomcat6-el-2.1-api", "p-cpe:/a:centos:centos:tomcat6-lib", "p-cpe:/a:centos:centos:tomcat6-docs-webapp", "p-cpe:/a:centos:centos:tomcat6-webapps", "p-cpe:/a:centos:centos:tomcat6-admin-webapps", "p-cpe:/a:centos:centos:tomcat6-jsp-2.1-api", "p-cpe:/a:centos:centos:tomcat6-javadoc", "p-cpe:/a:centos:centos:tomcat6"], "id": "CENTOS_RHSA-2014-1038.NASL", "href": "https://www.tenable.com/plugins/nessus/77121", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:1038 and \n# CentOS Errata and Security Advisory 2014:1038 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77121);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2013-4590\", \"CVE-2014-0119\");\n script_bugtraq_id(65768, 67669);\n script_xref(name:\"RHSA\", value:\"2014:1038\");\n\n script_name(english:\"CentOS 6 : tomcat6 (CESA-2014:1038)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated tomcat6 packages that fix two security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Low security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which\ngive detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nIt was found that several application-provided XML files, such as\nweb.xml, content.xml, *.tld, *.tagx, and *.jspx, resolved external\nentities, permitting XML External Entity (XXE) attacks. An attacker\nable to deploy malicious applications to Tomcat could use this flaw to\ncircumvent security restrictions set by the JSM, and gain access to\nsensitive information on the system. Note that this flaw only affected\ndeployments in which Tomcat is running applications from untrusted\nsources, such as in a shared hosting environment. (CVE-2013-4590)\n\nIt was found that, in certain circumstances, it was possible for a\nmalicious web application to replace the XML parsers used by Apache\nTomcat to process XSLTs for the default servlet, JSP documents, tag\nlibrary descriptors (TLDs), and tag plug-in configuration files. The\ninjected XML parser(s) could then bypass the limits imposed on XML\nexternal entities and/or gain access to the XML files processed for\nother web applications deployed on the same Apache Tomcat instance.\n(CVE-2014-0119)\n\nAll Tomcat users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. Tomcat must\nbe restarted for this update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2014-August/020481.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e531a872\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat6 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-4590\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-6.0.24-78.el6_5\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-admin-webapps-6.0.24-78.el6_5\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-docs-webapp-6.0.24-78.el6_5\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-el-2.1-api-6.0.24-78.el6_5\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-javadoc-6.0.24-78.el6_5\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-jsp-2.1-api-6.0.24-78.el6_5\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-lib-6.0.24-78.el6_5\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-servlet-2.5-api-6.0.24-78.el6_5\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-webapps-6.0.24-78.el6_5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-09-25T09:50:17", "description": "It was found that several application-provided XML files, such as\nweb.xml, content.xml, *.tld, *.tagx, and *.jspx, resolved external\nentities, permitting XML External Entity (XXE) attacks. An attacker\nable to deploy malicious applications to Tomcat could use this flaw to\ncircumvent security restrictions set by the JSM, and gain access to\nsensitive information on the system. Note that this flaw only affected\ndeployments in which Tomcat is running applications from untrusted\nsources, such as in a shared hosting environment. (CVE-2013-4590)\n\nIt was found that, in certain circumstances, it was possible for a\nmalicious web application to replace the XML parsers used by Apache\nTomcat to process XSLTs for the default servlet, JSP documents, tag\nlibrary descriptors (TLDs), and tag plug-in configuration files. The\ninjected XML parser(s) could then bypass the limits imposed on XML\nexternal entities and/or gain access to the XML files processed for\nother web applications deployed on the same Apache Tomcat instance.\n(CVE-2014-0119)\n\nTomcat must be restarted for this update to take effect.", "edition": 14, "published": "2014-08-12T00:00:00", "title": "Scientific Linux Security Update : tomcat6 on SL6.x (noarch) (20140811)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0119", "CVE-2013-4590"], "modified": "2014-08-12T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:tomcat6", "p-cpe:/a:fermilab:scientific_linux:tomcat6-lib", "p-cpe:/a:fermilab:scientific_linux:tomcat6-webapps", "p-cpe:/a:fermilab:scientific_linux:tomcat6-admin-webapps", "p-cpe:/a:fermilab:scientific_linux:tomcat6-el-2.1-api", "p-cpe:/a:fermilab:scientific_linux:tomcat6-docs-webapp", "p-cpe:/a:fermilab:scientific_linux:tomcat6-javadoc", "p-cpe:/a:fermilab:scientific_linux:tomcat6-jsp-2.1-api", "x-cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:tomcat6-servlet-2.5-api"], "id": "SL_20140811_TOMCAT6_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/77144", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(77144);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/24\");\n\n script_cve_id(\"CVE-2013-4590\", \"CVE-2014-0119\");\n\n script_name(english:\"Scientific Linux Security Update : tomcat6 on SL6.x (noarch) (20140811)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was found that several application-provided XML files, such as\nweb.xml, content.xml, *.tld, *.tagx, and *.jspx, resolved external\nentities, permitting XML External Entity (XXE) attacks. An attacker\nable to deploy malicious applications to Tomcat could use this flaw to\ncircumvent security restrictions set by the JSM, and gain access to\nsensitive information on the system. Note that this flaw only affected\ndeployments in which Tomcat is running applications from untrusted\nsources, such as in a shared hosting environment. (CVE-2013-4590)\n\nIt was found that, in certain circumstances, it was possible for a\nmalicious web application to replace the XML parsers used by Apache\nTomcat to process XSLTs for the default servlet, JSP documents, tag\nlibrary descriptors (TLDs), and tag plug-in configuration files. The\ninjected XML parser(s) could then bypass the limits imposed on XML\nexternal entities and/or gain access to the XML files processed for\nother web applications deployed on the same Apache Tomcat instance.\n(CVE-2014-0119)\n\nTomcat must be restarted for this update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1408&L=scientific-linux-errata&T=0&P=709\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?67152a53\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-6.0.24-78.el6_5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-admin-webapps-6.0.24-78.el6_5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-docs-webapp-6.0.24-78.el6_5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-el-2.1-api-6.0.24-78.el6_5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-javadoc-6.0.24-78.el6_5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-jsp-2.1-api-6.0.24-78.el6_5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-lib-6.0.24-78.el6_5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-servlet-2.5-api-6.0.24-78.el6_5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-webapps-6.0.24-78.el6_5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "centos": [{"lastseen": "2019-12-20T18:27:35", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0119"], "description": "**CentOS Errata and Security Advisory** CESA-2014:1034\n\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nIt was found that, in certain circumstances, it was possible for a\nmalicious web application to replace the XML parsers used by Apache Tomcat\nto process XSLTs for the default servlet, JSP documents, tag library\ndescriptors (TLDs), and tag plug-in configuration files. The injected XML\nparser(s) could then bypass the limits imposed on XML external entities\nand/or gain access to the XML files processed for other web applications\ndeployed on the same Apache Tomcat instance. (CVE-2014-0119)\n\nAll Tomcat users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. Tomcat must be restarted\nfor this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-August/032516.html\n\n**Affected packages:**\ntomcat\ntomcat-admin-webapps\ntomcat-docs-webapp\ntomcat-el-2.2-api\ntomcat-javadoc\ntomcat-jsp-2.2-api\ntomcat-jsvc\ntomcat-lib\ntomcat-servlet-3.0-api\ntomcat-webapps\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-1034.html", "edition": 3, "modified": "2014-08-07T18:48:52", "published": "2014-08-07T18:48:52", "href": "http://lists.centos.org/pipermail/centos-announce/2014-August/032516.html", "id": "CESA-2014:1034", "title": "tomcat security update", "type": "centos", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-12-20T18:29:21", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0119", "CVE-2013-4590"], "description": "**CentOS Errata and Security Advisory** CESA-2014:1038\n\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nIt was found that several application-provided XML files, such as web.xml,\ncontent.xml, *.tld, *.tagx, and *.jspx, resolved external entities,\npermitting XML External Entity (XXE) attacks. An attacker able to deploy\nmalicious applications to Tomcat could use this flaw to circumvent security\nrestrictions set by the JSM, and gain access to sensitive information on\nthe system. Note that this flaw only affected deployments in which Tomcat\nis running applications from untrusted sources, such as in a shared hosting\nenvironment. (CVE-2013-4590)\n\nIt was found that, in certain circumstances, it was possible for a\nmalicious web application to replace the XML parsers used by Apache Tomcat\nto process XSLTs for the default servlet, JSP documents, tag library\ndescriptors (TLDs), and tag plug-in configuration files. The injected XML\nparser(s) could then bypass the limits imposed on XML external entities\nand/or gain access to the XML files processed for other web applications\ndeployed on the same Apache Tomcat instance. (CVE-2014-0119)\n\nAll Tomcat users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. Tomcat must be\nrestarted for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-August/032519.html\n\n**Affected packages:**\ntomcat6\ntomcat6-admin-webapps\ntomcat6-docs-webapp\ntomcat6-el-2.1-api\ntomcat6-javadoc\ntomcat6-jsp-2.1-api\ntomcat6-lib\ntomcat6-servlet-2.5-api\ntomcat6-webapps\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-1038.html", "edition": 3, "modified": "2014-08-11T18:04:13", "published": "2014-08-11T18:04:13", "href": "http://lists.centos.org/pipermail/centos-announce/2014-August/032519.html", "id": "CESA-2014:1038", "title": "tomcat6 security update", "type": "centos", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "openvas": [{"lastseen": "2019-05-29T18:37:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0119"], "description": "This host is running Apache Tomcat and is\n prone to information disclosure vulnerability.", "modified": "2019-05-10T00:00:00", "published": "2014-11-28T00:00:00", "id": "OPENVAS:1361412562310805019", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805019", "type": "openvas", "title": "Apache Tomcat XML External Entity Information Disclosure Vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apache Tomcat XML External Entity Information Disclosure Vulnerability\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:tomcat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805019\");\n script_version(\"2019-05-10T11:41:35+0000\");\n script_cve_id(\"CVE-2014-0119\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-05-10 11:41:35 +0000 (Fri, 10 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-11-28 19:52:03 +0530 (Fri, 28 Nov 2014)\");\n script_name(\"Apache Tomcat XML External Entity Information Disclosure Vulnerability\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Web Servers\");\n script_dependencies(\"gb_apache_tomcat_consolidation.nasl\");\n script_mandatory_keys(\"apache/tomcat/detected\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/59732\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-7.html\");\n\n script_tag(name:\"summary\", value:\"This host is running Apache Tomcat and is\n prone to information disclosure vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to an application does\n not properly constrain the class loader that accesses the XML parser used\n with an XSLT stylesheet\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to read arbitrary files via a crafted web application that provides\n an XML external entity declaration in conjunction with an entity reference.\");\n\n script_tag(name:\"affected\", value:\"Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6\");\n\n script_tag(name:\"solution\", value:\"Upgrade to version 6.0.40, 7.0.54, 8.0.6 or later.\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( isnull( port = get_app_port( cpe:CPE ) ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_location( cpe:CPE, port:port, exit_no_version:TRUE ) )\n exit( 0 );\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif( version_in_range( version:vers, test_version:\"6.0.0\", test_version2:\"6.0.39\" ) ||\n version_in_range( version:vers, test_version:\"7.0.0\", test_version2:\"7.0.53\" ) ||\n version_in_range( version:vers, test_version:\"8.0.0.RC1\", test_version2:\"8.0.5\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"6.0.40/7.0.53/8.0.5\", install_path:path );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-03-14T18:58:45", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0119"], "description": "Oracle Linux Local Security Checks ELSA-2014-1034", "modified": "2020-03-13T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123338", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123338", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2014-1034", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123338\");\n script_version(\"2020-03-13T10:06:41+0000\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:02:27 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 10:06:41 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Oracle Linux Local Check: ELSA-2014-1034\");\n script_tag(name:\"insight\", value:\"ELSA-2014-1034 - tomcat security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2014-1034\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2014-1034.html\");\n script_cve_id(\"CVE-2014-0119\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux7\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~7.0.42~8.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat-admin-webapps\", rpm:\"tomcat-admin-webapps~7.0.42~8.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat-docs-webapp\", rpm:\"tomcat-docs-webapp~7.0.42~8.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat-el-2.2-api\", rpm:\"tomcat-el-2.2-api~7.0.42~8.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat-javadoc\", rpm:\"tomcat-javadoc~7.0.42~8.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat-jsp-2.2-api\", rpm:\"tomcat-jsp-2.2-api~7.0.42~8.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat-jsvc\", rpm:\"tomcat-jsvc~7.0.42~8.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat-lib\", rpm:\"tomcat-lib~7.0.42~8.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat-servlet-3.0-api\", rpm:\"tomcat-servlet-3.0-api~7.0.42~8.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat-webapps\", rpm:\"tomcat-webapps~7.0.42~8.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-03-14T19:01:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0119"], "description": "The remote host is missing an update for the ", "modified": "2020-03-13T00:00:00", "published": "2014-09-10T00:00:00", "id": "OPENVAS:1361412562310882020", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882020", "type": "openvas", "title": "CentOS Update for tomcat CESA-2014:1034 centos7", "sourceData": "# Copyright (C) 2014 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882020\");\n script_version(\"2020-03-13T10:06:41+0000\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 10:06:41 +0000 (Fri, 13 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-09-10 06:20:46 +0200 (Wed, 10 Sep 2014)\");\n script_cve_id(\"CVE-2014-0119\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_name(\"CentOS Update for tomcat CESA-2014:1034 centos7\");\n script_tag(name:\"insight\", value:\"Apache Tomcat is a servlet container for\nthe Java Servlet and JavaServer Pages (JSP) technologies.\n\nIt was found that, in certain circumstances, it was possible for a\nmalicious web application to replace the XML parsers used by Apache Tomcat\nto process XSLTs for the default servlet, JSP documents, tag library\ndescriptors (TLDs), and tag plug-in configuration files. The injected XML\nparser(s) could then bypass the limits imposed on XML external entities\nand/or gain access to the XML files processed for other web applications\ndeployed on the same Apache Tomcat instance. (CVE-2014-0119)\n\nAll Tomcat users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. Tomcat must be restarted\nfor this update to take effect.\");\n script_tag(name:\"affected\", value:\"tomcat on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"CESA\", value:\"2014:1034\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2014-August/020478.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~7.0.42~8.el7_0\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-admin-webapps\", rpm:\"tomcat-admin-webapps~7.0.42~8.el7_0\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-docs-webapp\", rpm:\"tomcat-docs-webapp~7.0.42~8.el7_0\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-el-2.2-api\", rpm:\"tomcat-el-2.2-api~7.0.42~8.el7_0\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-javadoc\", rpm:\"tomcat-javadoc~7.0.42~8.el7_0\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-jsp-2.2-api\", rpm:\"tomcat-jsp-2.2-api~7.0.42~8.el7_0\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-jsvc\", rpm:\"tomcat-jsvc~7.0.42~8.el7_0\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-lib\", rpm:\"tomcat-lib~7.0.42~8.el7_0\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-servlet-3.0-api\", rpm:\"tomcat-servlet-3.0-api~7.0.42~8.el7_0\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-webapps\", rpm:\"tomcat-webapps~7.0.42~8.el7_0\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-03-14T19:02:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0119"], "description": "The remote host is missing an update for the ", "modified": "2020-03-13T00:00:00", "published": "2014-08-08T00:00:00", "id": "OPENVAS:1361412562310871223", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871223", "type": "openvas", "title": "RedHat Update for tomcat RHSA-2014:1034-01", "sourceData": "# Copyright (C) 2014 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871223\");\n script_version(\"2020-03-13T10:06:41+0000\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 10:06:41 +0000 (Fri, 13 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-08-08 06:01:55 +0200 (Fri, 08 Aug 2014)\");\n script_cve_id(\"CVE-2014-0119\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_name(\"RedHat Update for tomcat RHSA-2014:1034-01\");\n\n\n script_tag(name:\"affected\", value:\"tomcat on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"insight\", value:\"Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nIt was found that, in certain circumstances, it was possible for a\nmalicious web application to replace the XML parsers used by Apache Tomcat\nto process XSLTs for the default servlet, JSP documents, tag library\ndescriptors (TLDs), and tag plug-in configuration files. The injected XML\nparser(s) could then bypass the limits imposed on XML external entities\nand/or gain access to the XML files processed for other web applications\ndeployed on the same Apache Tomcat instance. (CVE-2014-0119)\n\nAll Tomcat users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. Tomcat must be restarted\nfor this update to take effect.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"RHSA\", value:\"2014:1034-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2014-August/msg00016.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~7.0.42~8.el7_0\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-admin-webapps\", rpm:\"tomcat-admin-webapps~7.0.42~8.el7_0\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-el-2.2-api\", rpm:\"tomcat-el-2.2-api~7.0.42~8.el7_0\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-jsp-2.2-api\", rpm:\"tomcat-jsp-2.2-api~7.0.42~8.el7_0\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-lib\", rpm:\"tomcat-lib~7.0.42~8.el7_0\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-servlet-3.0-api\", rpm:\"tomcat-servlet-3.0-api~7.0.42~8.el7_0\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-webapps\", rpm:\"tomcat-webapps~7.0.42~8.el7_0\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-03-14T19:01:15", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0119", "CVE-2013-4590"], "description": "The remote host is missing an update for the ", "modified": "2020-03-13T00:00:00", "published": "2014-08-12T00:00:00", "id": "OPENVAS:1361412562310881986", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881986", "type": "openvas", "title": "CentOS Update for tomcat6 CESA-2014:1038 centos6", "sourceData": "# Copyright (C) 2014 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.881986\");\n script_version(\"2020-03-13T10:06:41+0000\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 10:06:41 +0000 (Fri, 13 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-08-12 05:55:52 +0200 (Tue, 12 Aug 2014)\");\n script_cve_id(\"CVE-2013-4590\", \"CVE-2014-0119\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_name(\"CentOS Update for tomcat6 CESA-2014:1038 centos6\");\n\n script_tag(name:\"affected\", value:\"tomcat6 on CentOS 6\");\n script_tag(name:\"insight\", value:\"Apache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nIt was found that several application-provided XML files, such as web.xml,\ncontent.xml, *.tld, *.tagx, and *.jspx, resolved external entities,\npermitting XML External Entity (XXE) attacks. An attacker able to deploy\nmalicious applications to Tomcat could use this flaw to circumvent security\nrestrictions set by the JSM, and gain access to sensitive information on\nthe system. Note that this flaw only affected deployments in which Tomcat\nis running applications from untrusted sources, such as in a shared hosting\nenvironment. (CVE-2013-4590)\n\nIt was found that, in certain circumstances, it was possible for a\nmalicious web application to replace the XML parsers used by Apache Tomcat\nto process XSLTs for the default servlet, JSP documents, tag library\ndescriptors (TLDs), and tag plug-in configuration files. The injected XML\nparser(s) could then bypass the limits imposed on XML external entities\nand/or gain access to the XML files processed for other web applications\ndeployed on the same Apache Tomcat instance. (CVE-2014-0119)\n\nAll Tomcat users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. Tomcat must be\nrestarted for this update to take effect.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"CESA\", value:\"2014:1038\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2014-August/020481.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat6'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.24~78.el6_5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-admin-webapps\", rpm:\"tomcat6-admin-webapps~6.0.24~78.el6_5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-docs-webapp\", rpm:\"tomcat6-docs-webapp~6.0.24~78.el6_5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-el-2.1-api\", rpm:\"tomcat6-el-2.1-api~6.0.24~78.el6_5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-javadoc\", rpm:\"tomcat6-javadoc~6.0.24~78.el6_5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-jsp-2.1-api\", rpm:\"tomcat6-jsp-2.1-api~6.0.24~78.el6_5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-lib\", rpm:\"tomcat6-lib~6.0.24~78.el6_5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-servlet-2.5-api\", rpm:\"tomcat6-servlet-2.5-api~6.0.24~78.el6_5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-webapps\", rpm:\"tomcat6-webapps~6.0.24~78.el6_5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-03-14T19:01:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0119", "CVE-2013-4590"], "description": "The remote host is missing an update for the ", "modified": "2020-03-13T00:00:00", "published": "2014-08-12T00:00:00", "id": "OPENVAS:1361412562310871225", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871225", "type": "openvas", "title": "RedHat Update for tomcat6 RHSA-2014:1038-01", "sourceData": "# Copyright (C) 2014 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871225\");\n script_version(\"2020-03-13T10:06:41+0000\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 10:06:41 +0000 (Fri, 13 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-08-12 05:55:28 +0200 (Tue, 12 Aug 2014)\");\n script_cve_id(\"CVE-2013-4590\", \"CVE-2014-0119\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_name(\"RedHat Update for tomcat6 RHSA-2014:1038-01\");\n\n\n script_tag(name:\"affected\", value:\"tomcat6 on Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"insight\", value:\"Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nIt was found that several application-provided XML files, such as web.xml,\ncontent.xml, *.tld, *.tagx, and *.jspx, resolved external entities,\npermitting XML External Entity (XXE) attacks. An attacker able to deploy\nmalicious applications to Tomcat could use this flaw to circumvent security\nrestrictions set by the JSM, and gain access to sensitive information on\nthe system. Note that this flaw only affected deployments in which Tomcat\nis running applications from untrusted sources, such as in a shared hosting\nenvironment. (CVE-2013-4590)\n\nIt was found that, in certain circumstances, it was possible for a\nmalicious web application to replace the XML parsers used by Apache Tomcat\nto process XSLTs for the default servlet, JSP documents, tag library\ndescriptors (TLDs), and tag plug-in configuration files. The injected XML\nparser(s) could then bypass the limits imposed on XML external entities\nand/or gain access to the XML files processed for other web applications\ndeployed on the same Apache Tomcat instance. (CVE-2014-0119)\n\nAll Tomcat users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. Tomcat must be\nrestarted for this update to take effect.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"RHSA\", value:\"2014:1038-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2014-August/msg00018.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat6'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.24~78.el6_5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-el-2.1-api\", rpm:\"tomcat6-el-2.1-api~6.0.24~78.el6_5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-jsp-2.1-api\", rpm:\"tomcat6-jsp-2.1-api~6.0.24~78.el6_5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-lib\", rpm:\"tomcat6-lib~6.0.24~78.el6_5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-servlet-2.5-api\", rpm:\"tomcat6-servlet-2.5-api~6.0.24~78.el6_5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-03-14T18:59:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0119", "CVE-2013-4590"], "description": "Oracle Linux Local Security Checks ELSA-2014-1038", "modified": "2020-03-13T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123334", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123334", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2014-1038", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123334\");\n script_version(\"2020-03-13T10:06:41+0000\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:02:25 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 10:06:41 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Oracle Linux Local Check: ELSA-2014-1038\");\n script_tag(name:\"insight\", value:\"ELSA-2014-1038 - tomcat6 security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2014-1038\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2014-1038.html\");\n script_cve_id(\"CVE-2014-0119\", \"CVE-2013-4590\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.24~78.el6_5\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat6-admin-webapps\", rpm:\"tomcat6-admin-webapps~6.0.24~78.el6_5\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat6-docs-webapp\", rpm:\"tomcat6-docs-webapp~6.0.24~78.el6_5\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat6-el-2.1-api\", rpm:\"tomcat6-el-2.1-api~6.0.24~78.el6_5\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat6-javadoc\", rpm:\"tomcat6-javadoc~6.0.24~78.el6_5\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat6-jsp-2.1-api\", rpm:\"tomcat6-jsp-2.1-api~6.0.24~78.el6_5\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat6-lib\", rpm:\"tomcat6-lib~6.0.24~78.el6_5\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat6-servlet-2.5-api\", rpm:\"tomcat6-servlet-2.5-api~6.0.24~78.el6_5\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat6-webapps\", rpm:\"tomcat6-webapps~6.0.24~78.el6_5\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:36:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0227", "CVE-2014-0230", "CVE-2014-0119", "CVE-2014-7810"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2015-06-26T00:00:00", "id": "OPENVAS:1361412562310842260", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842260", "type": "openvas", "title": "Ubuntu Update for tomcat7 USN-2654-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for tomcat7 USN-2654-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842260\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-06-26 06:24:39 +0200 (Fri, 26 Jun 2015)\");\n script_cve_id(\"CVE-2014-0119\", \"CVE-2014-0227\", \"CVE-2014-0230\", \"CVE-2014-7810\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for tomcat7 USN-2654-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat7'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that the Tomcat XML\nparser incorrectly handled XML External Entities (XXE). A remote attacker could\npossibly use this issue to read arbitrary files. This issue only affected Ubuntu\n14.04 LTS. (CVE-2014-0119)\n\nIt was discovered that Tomcat incorrectly handled data with malformed\nchunked transfer coding. A remote attacker could possibly use this issue to\nconduct HTTP request smuggling attacks, or cause Tomcat to consume\nresources, resulting in a denial of service. This issue only affected\nUbuntu 14.04 LTS. (CVE-2014-0227)\n\nIt was discovered that Tomcat incorrectly handled HTTP responses occurring\nbefore the entire request body was finished being read. A remote attacker\ncould possibly use this issue to cause memory consumption, resulting in a\ndenial of service. This issue only affected Ubuntu 14.04 LTS.\n(CVE-2014-0230)\n\nIt was discovered that the Tomcat Expression Language (EL) implementation\nincorrectly handled accessible interfaces implemented by inaccessible\nclasses. An attacker could possibly use this issue to bypass a\nSecurityManager protection mechanism. (CVE-2014-7810)\");\n script_tag(name:\"affected\", value:\"tomcat7 on Ubuntu 14.10,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2654-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2654-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.10|14\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtomcat7-java\", ver:\"7.0.55-1ubuntu0.2\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtomcat7-java\", ver:\"7.0.52-1ubuntu0.3\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:35:40", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5351", "CVE-2016-0714", "CVE-2015-5345", "CVE-2016-0763", "CVE-2014-0119", "CVE-2015-5346", "CVE-2015-5174", "CVE-2016-0706", "CVE-2014-0096"], "description": "Multiple security vulnerabilities have\nbeen discovered in the Tomcat servlet and JSP engine, which may result in information\ndisclosure, the bypass of CSRF protections and bypass of the SecurityManager.", "modified": "2019-03-18T00:00:00", "published": "2016-04-17T00:00:00", "id": "OPENVAS:1361412562310703552", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703552", "type": "openvas", "title": "Debian Security Advisory DSA 3552-1 (tomcat7 - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3552.nasl 14279 2019-03-18 14:48:34Z cfischer $\n# Auto-generated from advisory DSA 3552-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703552\");\n script_version(\"$Revision: 14279 $\");\n script_cve_id(\"CVE-2014-0096\", \"CVE-2014-0119\", \"CVE-2015-5174\", \"CVE-2015-5345\",\n \"CVE-2015-5346\", \"CVE-2015-5351\", \"CVE-2016-0706\", \"CVE-2016-0714\",\n \"CVE-2016-0763\");\n script_name(\"Debian Security Advisory DSA 3552-1 (tomcat7 - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:48:34 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-04-17 00:00:00 +0200 (Sun, 17 Apr 2016)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2016/dsa-3552.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(7|8|9)\");\n script_tag(name:\"affected\", value:\"tomcat7 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (wheezy),\nthese problems have been fixed in version 7.0.28-4+deb7u4. This update also fixes\nCVE-2014-0119 and CVE-2014-0096 .\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 7.0.56-3+deb8u2.\n\nFor the testing distribution (stretch), these problems have been fixed\nin version 7.0.68-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 7.0.68-1.\n\nWe recommend that you upgrade your tomcat7 packages.\");\n script_tag(name:\"summary\", value:\"Multiple security vulnerabilities have\nbeen discovered in the Tomcat servlet and JSP engine, which may result in information\ndisclosure, the bypass of CSRF protections and bypass of the SecurityManager.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version\nusing the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libservlet3.0-java\", ver:\"7.0.28-4+deb7u4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libservlet3.0-java-doc\", ver:\"7.0.28-4+deb7u4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtomcat7-java\", ver:\"7.0.28-4+deb7u4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7\", ver:\"7.0.28-4+deb7u4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7-admin\", ver:\"7.0.28-4+deb7u4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7-common\", ver:\"7.0.28-4+deb7u4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7-docs\", ver:\"7.0.28-4+deb7u4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7-examples\", ver:\"7.0.28-4+deb7u4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7-user\", ver:\"7.0.28-4+deb7u4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libservlet3.0-java\", ver:\"7.0.56-3+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libservlet3.0-java-doc\", ver:\"7.0.56-3+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtomcat7-java\", ver:\"7.0.56-3+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7\", ver:\"7.0.56-3+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7-admin\", ver:\"7.0.56-3+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7-common\", ver:\"7.0.56-3+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7-docs\", ver:\"7.0.56-3+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7-examples\", ver:\"7.0.56-3+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7-user\", ver:\"7.0.56-3+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libservlet3.0-java\", ver:\"7.0.68-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libservlet3.0-java-doc\", ver:\"7.0.68-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtomcat7-java\", ver:\"7.0.68-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7\", ver:\"7.0.68-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7-admin\", ver:\"7.0.68-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7-common\", ver:\"7.0.68-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7-docs\", ver:\"7.0.68-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7-examples\", ver:\"7.0.68-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7-user\", ver:\"7.0.68-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:55:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5351", "CVE-2016-0714", "CVE-2015-5345", "CVE-2016-0763", "CVE-2014-0119", "CVE-2015-5346", "CVE-2015-5174", "CVE-2016-0706", "CVE-2014-0096"], "description": "Multiple security vulnerabilities have\nbeen discovered in the Tomcat servlet and JSP engine, which may result in information\ndisclosure, the bypass of CSRF protections and bypass of the SecurityManager.", "modified": "2017-07-07T00:00:00", "published": "2016-04-17T00:00:00", "id": "OPENVAS:703552", "href": "http://plugins.openvas.org/nasl.php?oid=703552", "type": "openvas", "title": "Debian Security Advisory DSA 3552-1 (tomcat7 - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3552.nasl 6608 2017-07-07 12:05:05Z cfischer $\n# Auto-generated from advisory DSA 3552-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703552);\n script_version(\"$Revision: 6608 $\");\n script_cve_id(\"CVE-2014-0096\", \"CVE-2014-0119\", \"CVE-2015-5174\", \"CVE-2015-5345\",\n \"CVE-2015-5346\", \"CVE-2015-5351\", \"CVE-2016-0706\", \"CVE-2016-0714\",\n \"CVE-2016-0763\");\n script_name(\"Debian Security Advisory DSA 3552-1 (tomcat7 - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:05 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2016-04-17 00:00:00 +0200 (Sun, 17 Apr 2016)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3552.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"tomcat7 on Debian Linux\");\n script_tag(name: \"insight\", value: \"Apache Tomcat implements the Java Servlet\nand the JavaServer Pages (JSP) specifications from Sun Microsystems, and provides a\n'pure Java' HTTP web server environment for Java code to run.\");\n script_tag(name: \"solution\", value: \"For the oldstable distribution (wheezy),\nthese problems have been fixed in version 7.0.28-4+deb7u4. This update also fixes\nCVE-2014-0119 and CVE-2014-0096 .\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 7.0.56-3+deb8u2.\n\nFor the testing distribution (stretch), these problems have been fixed\nin version 7.0.68-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 7.0.68-1.\n\nWe recommend that you upgrade your tomcat7 packages.\");\n script_tag(name: \"summary\", value: \"Multiple security vulnerabilities have\nbeen discovered in the Tomcat servlet and JSP engine, which may result in information\ndisclosure, the bypass of CSRF protections and bypass of the SecurityManager.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version\nusing the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libservlet3.0-java\", ver:\"7.0.28-4+deb7u4\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libservlet3.0-java-doc\", ver:\"7.0.28-4+deb7u4\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtomcat7-java\", ver:\"7.0.28-4+deb7u4\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7\", ver:\"7.0.28-4+deb7u4\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7-admin\", ver:\"7.0.28-4+deb7u4\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7-common\", ver:\"7.0.28-4+deb7u4\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7-docs\", ver:\"7.0.28-4+deb7u4\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7-examples\", ver:\"7.0.28-4+deb7u4\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7-user\", ver:\"7.0.28-4+deb7u4\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libservlet3.0-java\", ver:\"7.0.56-3+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libservlet3.0-java-doc\", ver:\"7.0.56-3+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtomcat7-java\", ver:\"7.0.56-3+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7\", ver:\"7.0.56-3+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7-admin\", ver:\"7.0.56-3+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7-common\", ver:\"7.0.56-3+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7-docs\", ver:\"7.0.56-3+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7-examples\", ver:\"7.0.56-3+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7-user\", ver:\"7.0.56-3+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libservlet3.0-java\", ver:\"7.0.68-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libservlet3.0-java-doc\", ver:\"7.0.68-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtomcat7-java\", ver:\"7.0.68-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7\", ver:\"7.0.68-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7-admin\", ver:\"7.0.68-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7-common\", ver:\"7.0.68-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7-docs\", ver:\"7.0.68-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7-examples\", ver:\"7.0.68-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7-user\", ver:\"7.0.68-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:34:30", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0227", "CVE-2014-0119", "CVE-2013-4590"], "description": "[0:6.0.24-78]\n- Related: CVE-2013-4590 - remove xml schema names javaee_5,\n- javaee_web_services_1_2, and javaee_web_services_1_2_client\n- from descriptor.DigesterFactory initialization. These\n- schema definitions are not relevant to 6.0.24 as the version\n- of their spec did not exist at the time.\n[0:6.0.24-77]\n- Resolves: CVE-2014-0227\n[0:6.0.24-76]\n- Related: CVE-2013-4590 incrementing release. added\n- excludearch to the spec file for ppc and ppc64. building\n- on ppc produces empty javadoc files.\n[0:6.0.24-74]\n- Related: CVE-2013-4590 incrementing release\n[0:6.0.24-73]\n- Resolves: CVE-2013-4590\n- Resolves: CVE-2014-0119", "edition": 4, "modified": "2014-08-11T00:00:00", "published": "2014-08-11T00:00:00", "id": "ELSA-2014-1038", "href": "http://linux.oracle.com/errata/ELSA-2014-1038.html", "title": "tomcat6 security update", "type": "oraclelinux", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:47", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0099", "CVE-2014-0119", "CVE-2013-4590", "CVE-2014-0096", "CVE-2014-0075"], "description": "[0:7.0.42-8]\n- Resolves: CVE-2013-4590\n- Resolves: CVE-2014-0119\n[0:7.0.42-7]\n- Related: CVE-2014-0099 incrementing release so rpmdiff doesn't complain about\n- no new entries in the changelog\n[0:7.0.42-6]\n- Resolves: CVE-2014-0099 Fix possible overflow when parsing\n- long values from byte array\n- Resolves: CVE-2014-0096 Information discloser process XSLT\n- files not subject to same constraint running under\n- java security manager\n- Resolves: CVE-2014-0075 Avoid overflow in ChunkedInputFilter.", "edition": 4, "modified": "2014-08-07T00:00:00", "published": "2014-08-07T00:00:00", "id": "ELSA-2014-1034", "href": "http://linux.oracle.com/errata/ELSA-2014-1034.html", "title": "tomcat security update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "threatpost": [{"lastseen": "2018-10-06T22:58:45", "bulletinFamily": "info", "cvelist": ["CVE-2014-0096", "CVE-2014-0099", "CVE-2014-0119"], "description": "Apache recently patched [Tomcat](<http://tomcat.apache.org/>), fixing a trio of information disclosure bugs and a denial of service bug in the open source web server and servlet container.\n\nThe denial of service bug, discovered in February by David Jorm of the Red Hat Security Response Team, could have allowed an attacker to create a malformed chunk size as part of a chunked request that would\u2019ve allowed an unlimited amount of data to be streamed to the server. This would have bypassed the size limits enforced on a request and triggered a denial of service condition.\n\n[](<https://media.threatpost.com/wp-content/uploads/sites/103/2013/04/07053808/apache_tomcat.jpg>)The information disclosure bugs \u2013 all discovered by Tomcat\u2019s security team \u2013 could have basically allowed an attacker to bypass limits set by the software.\n\nThe first one (CVE-2014-0096) could\u2019ve let a malicious web app bypass the file access constraints set by the security manager by using external XML entries. The second (CVE-2014-0119) could\u2019ve allowed the same thing, the bypass of limits set on XML external identities, but also allowed the visibility of the XML files processed for other web apps deployed on the same Tomcat instance.\n\nThe last information disclosure bug (CVE-2014-0099) dealt with a problem in the way the code used to parse the request content length header. It didn\u2019t check for overflow when all was said and done. This led to a request smuggling vulnerability when the web server was behind a reverse proxy that correctly processed the content length header. Request smuggling vulnerabilities, when submitted data is incompletely parsed through a HTTP system as a proxy, can be tricky and lead to a handful of other attacks like cache poisoning, session hijacking and cross-site scripting (XSS) attacks.\n\nThe information disclosure bugs, while discovered in February, March and April, were not made public until Tuesday, along with the denial of service issue.\n\nUsers of vulnerable versions, [8.0.0-RC1 to 8.0.3](<http://tomcat.apache.org/security-8.html>), [7.0.0 to 7.0.52](<http://tomcat.apache.org/security-7.html>), and [6.0.0 to 6.0.39](<http://tomcat.apache.org/security-6.html>), are being encouraged to update to the most recent builds to mitigate the bugs.\n", "modified": "2014-05-30T16:31:25", "published": "2014-05-30T12:31:25", "id": "THREATPOST:2CC2BD1F67B44EC21DA3B6C9FFFE676C", "href": "https://threatpost.com/apache-patches-dos-information-disclosure-bugs-in-tomcat/106382/", "type": "threatpost", "title": "Apache Patches Bugs in Tomcat", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "ubuntu": [{"lastseen": "2020-07-02T11:43:47", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0227", "CVE-2014-0230", "CVE-2014-0119", "CVE-2014-7810"], "description": "It was discovered that the Tomcat XML parser incorrectly handled XML \nExternal Entities (XXE). A remote attacker could possibly use this issue to \nread arbitrary files. This issue only affected Ubuntu 14.04 LTS. \n(CVE-2014-0119)\n\nIt was discovered that Tomcat incorrectly handled data with malformed \nchunked transfer coding. A remote attacker could possibly use this issue to \nconduct HTTP request smuggling attacks, or cause Tomcat to consume \nresources, resulting in a denial of service. This issue only affected \nUbuntu 14.04 LTS. (CVE-2014-0227)\n\nIt was discovered that Tomcat incorrectly handled HTTP responses occurring \nbefore the entire request body was finished being read. A remote attacker \ncould possibly use this issue to cause a limited denial of service. This \nissue only affected Ubuntu 14.04 LTS. (CVE-2014-0230)\n\nIt was discovered that the Tomcat Expression Language (EL) implementation \nincorrectly handled accessible interfaces implemented by inaccessible \nclasses. An attacker could possibly use this issue to bypass a \nSecurityManager protection mechanism. (CVE-2014-7810)", "edition": 5, "modified": "2015-06-25T00:00:00", "published": "2015-06-25T00:00:00", "id": "USN-2654-1", "href": "https://ubuntu.com/security/notices/USN-2654-1", "title": "Tomcat vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "debian": [{"lastseen": "2020-08-12T00:58:07", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5351", "CVE-2016-0714", "CVE-2015-5345", "CVE-2016-0763", "CVE-2014-0119", "CVE-2015-5346", "CVE-2015-5174", "CVE-2016-0706", "CVE-2014-0096"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3552-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nApril 17, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : tomcat7\nCVE ID : CVE-2015-5174 CVE-2015-5345 CVE-2015-5346 CVE-2015-5351 \n CVE-2016-0706 CVE-2016-0714 CVE-2016-0763\n\nMultiple security vulnerabilities have been discovered in the Tomcat\nservlet and JSP engine, which may result in information disclosure,\nthe bypass of CSRF protections and bypass of the SecurityManager.\n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 7.0.28-4+deb7u4. This update also fixes CVE-2014-0119 and\nCVE-2014-0096.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 7.0.56-3+deb8u2.\n\nFor the testing distribution (stretch), these problems have been fixed\nin version 7.0.68-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 7.0.68-1.\n\nWe recommend that you upgrade your tomcat7 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 13, "modified": "2016-04-17T18:44:44", "published": "2016-04-17T18:44:44", "id": "DEBIAN:DSA-3552-1:E23CF", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2016/msg00128.html", "title": "[SECURITY] [DSA 3552-1] tomcat7 security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-30T02:21:22", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5351", "CVE-2014-0227", "CVE-2014-0230", "CVE-2016-0714", "CVE-2015-5345", "CVE-2016-0763", "CVE-2014-0099", "CVE-2014-0119", "CVE-2013-4322", "CVE-2015-5346", "CVE-2013-4286", "CVE-2015-5174", "CVE-2013-4590", "CVE-2014-7810", "CVE-2016-0706", "CVE-2014-0096", "CVE-2014-0075", "CVE-2014-0033"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3530-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nMarch 25, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : tomcat6\nCVE ID : CVE-2013-4286 CVE-2013-4322 CVE-2013-4590 CVE-2014-0033 \n CVE-2014-0075 CVE-2014-0096 CVE-2014-0099 CVE-2014-0119\n CVE-2014-0227 CVE-2014-0230 CVE-2014-7810 CVE-2015-5174\n CVE-2015-5345 CVE-2015-5346 CVE-2015-5351 CVE-2016-0706\n CVE-2016-0714 CVE-2016-0763\n\nMultiple security vulnerabilities have been fixed in the Tomcat servlet\nand JSP engine, which may result on bypass of security manager\nrestrictions, information disclosure, denial of service or session\nfixation.\n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 6.0.45+dfsg-1~deb7u1.\n\nWe recommend that you upgrade your tomcat6 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2016-03-25T18:48:21", "published": "2016-03-25T18:48:21", "id": "DEBIAN:DSA-3530-1:6A530", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2016/msg00104.html", "title": "[SECURITY] [DSA 3530-1] tomcat6 security update", "type": "debian", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "symantec": [{"lastseen": "2020-12-24T10:41:58", "bulletinFamily": "software", "cvelist": ["CVE-2014-0033", "CVE-2014-0050", "CVE-2014-0075", "CVE-2014-0095", "CVE-2014-0096", "CVE-2014-0099", "CVE-2014-0119", "CVE-2014-0227", "CVE-2014-0230", "CVE-2014-7810"], "description": "### SUMMARY\n\nBlue Coat products using affected versions of Tomcat 8.x, 7.x, and 6.x are susceptible to multiple vulnerabilities. A remote attacker may exploit these vulnerabilities to gain unauthorized read access or escalated privileges, or to conduct denial of service, HTTP request smuggling, or session fixation attacks. \n \n\n\n### AFFECTED PRODUCTS\n\nThe following products are vulnerable:\n\n**Content Analysis System** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2014-0227, CVE-2014-0119, \nCVE-2014-0099, CVE-2014-0096, \nCVE-2014-0075, CVE-2014-0050 | 1.3 and later | Not vulnerable, fixed in 1.3.1.1 \n1.2 | Upgrade to 1.2.4.5. \n1.1 | Upgrade to later release with fixes. \nCVE-2014-0230 | 1.3 and later | Not vulnerable, fixed in 1.3.1.1 \n1.2 (not vulnerable to known vectors of attack) | Upgrade to 1.2.4.5. \n1.1 | Upgrade to later release with fixes. \nCVE-2014-7810 | 2.1 and later | Not vulnerable, fixed in 2.1.1.1 \n1.3 (not vulnerable to known vectors of attack) | Upgrade to 1.3.7.1. \n1.1, 1.2 | Upgrade to later release with fixes. \n \n \n\n**Director** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2014-7810, CVE-2014-0230, \nCVE-2014-0227 | 6.1 | Upgrade to 6.1.20.1. \n \n \n\n**IntelligenceCenter** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nAll CVEs except CVE-2014-0095, \nCVE-2014-0050 | 3.3 | Upgrade to 3.3.3.1. \n3.2 | Upgrade to later release with fixes. \n \n \n\n**Management Center** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2014-0230, CVE-2014-0227 | 1.5 and later | Not vulnerable, fixed in 1.5.1.1. \n1.4 | Upgrade to 1.4.2.1. \n \n \n\n**X-Series XOS** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nAll CVEs except CVE-2014-0095, \nCVE-2014-0050 | 11.0 | Not available at this time \n \n \n\nThe following products have a vulnerable version of Apache Tomcat, but are not vulnerable to known vectors of attack:\n\n**Advanced Secure Gateway** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2014-0227, CVE-2014-7810 | 6.7 and later | Not vulnerable, fixed in 6.7.2.1. \nCVE-2014-0227 | 6.6 | Upgrade to 6.6.3.1. \nCVE-2014-7810 | 6.6 | Upgrade to 6.6.5.1. \n \n \n\n**Mail Threat Defense** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2014-7810 | 1.1 | Not available at this time \n \n### \n\n### ADDITIONAL PRODUCT INFORMATION\n\nThe Blue Coat HSM Agent for the SafeNet Luna SP is not vulnerable, but the agent does use the Apache Tomcat instance installed on the SafeNet Luna SP. Customers using the agent are advised to contact SafeNet for more information about these vulnerabilities.\n\nThese vulnerabilities can be exploited only through the management interfaces for CAS, Director, Management Center, and X-Series XOS. Limiting the machines and IP address that able to connect to the management interface reduces the threat significantly, and thereby reduces the CVSS v2 base scores for each of the CVEs. The adjusted CVSS v2 base scores and severity are:\n\n * CVE-2014-7810 - 3.3 (LOW) (AV:A/AC:L/Au:N/C:N/I:P/A:N)\n * CVE-2014-0230 - 6.1 (MEDIUM)) (AV:A/AC:L/Au:N/C:N/I:N/A:C)\n * CVE-2014-0227 - 4.8 (MEDIUM) (AV:A/AC:L/Au:N/C:N/I:P/A:P)\n * CVE-2014-0119 - 2.9 (LOW) (AV:A/AC:M/Au:N/C:P/I:N/A:N)\n * CVE-2014-0099 - 2.9 (LOW) (AV:A/AC:M/Au:N/C:N/I:P/A:N)\n * CVE-2014-0096 - 2.9 (LOW) (AV:A/AC:M/Au:N/C:P/I:N/A:N)\n * CVE-2014-0095 - 3.3 (LOW) (AV:A/AC:L/Au:N/C:N/I:N/A:P)\n * CVE-2014-0075 - 3.3 (LOW) (AV:A/AC:L/Au:N/C:N/I:N/A:P)\n * CVE-2014-0050 - 3.3 (LOW) (AV:A/AC:L/Au:N/C:N/I:N/A:P)\n * CVE-2014-0033 - 2.9 (LOW) (AV:A/AC:M/Au:N/C:P/I:N/A:N)\n\nBlue Coat products do not enable or use all functionality within Apache Tomcat. Products that do not utilize or enable the functionality described in a CVE are not vulnerable to that CVE. However, fixes for those CVEs will be included in the patches that are provided. The following products include vulnerable versions of Apache Tomcat, but _do not use_ the functionality described in the CVEs and are not known to be vulnerable.\n\n * ASG: CVE-2014-0227, CVE-2014-7810\n * CAS: CVE-2014-7810 (1.1, 1.2, and 1.3), CVE-2014-0230 (1.1 and 1.2 only)\n * MTD: CVE-2014-7810\n * Management Center: CVE-2014-7810, CVE-2014-0119 (user supplied web applications are not supported)\n\nThe following products are not vulnerable: \n**Android Mobile Agent \nAuth Connector \nBCAAA \nCacheFlow \nClient Connector \nCloud Data Protection for Salesforce \nCloud Data Protection for Salesforce Analytics \nCloud Data Protection for ServiceNow \nCloud Data Protection for Oracle CRM On Demand \nCloud Data Protection for Oracle Field Service Cloud \nCloud Data Protection for Oracle Sales Cloud \nCloud Data Protection Integration Server \nCloud Data Protection Communication Server \nCloud Data Protection Policy Builder \nGeneral Auth Connector Login Application \nIntelligenceCenter Data Collector \nK9 \nMalware Analysis Appliance \nMalware Analyzer G2 \nNorman Shark Industrial Control System Protection \nNorman Shark Network Protection \nNorman Shark SCADA Protection \nOPIC \nPacketShaper \nPacketShaper S-Series \nPolicyCenter** \n**PolicyCenter S-Series \nProxyAV \nProxyAV ConLog and ConLogXP \nProxyClient \nProxySG \nReporter \nSecurity Analytics Platform \nSSL Visibility \nUnified Agent \nWeb Isolation**\n\nThe following products are under investigation: \n**X-Series XOS 10.0.5, 9.7.8, and 9.6.11**\n\nBlue Coat no longer provides vulnerability information for the following products:\n\n**DLP** \nPlease, contact Digital Guardian technical support regarding vulnerability information for DLP. \n \n\n\n### ISSUES\n\n**CVE-2014-7810** \n--- \n**Severity / CVSSv2** | Medium / 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N) \n**References** | SecurityFocus: [BID 74665](<https://www.securityfocus.com/bid/74665>) / NVD: [CVE-2014-7810](<https://nvd.nist.gov/vuln/detail/CVE-2014-7810>) \n**Impact** | Security control bypass \n**Description** | A flaw allows an attacker to bypass the SecurityManager protection using a malicious web application. This vulnerability affects Blue Coat products that accept input from untrusted sources. \n \n \n\n**CVE-2014-0230** \n--- \n**Severity / CVSSv2** | High / 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C) \n**References** | SecurityFocus: [BID 74475](<https://www.securityfocus.com/bid/74475>) / NVD: [CVE-2014-0230](<https://nvd.nist.gov/vuln/detail/CVE-2014-0230>) \n**Impact** | Denial of service \n**Description** | A flaw in the handling of HTTP responses allows an attacker to send a series of aborted uploads resulting in memory exhaustion that could lead to a crash or degraded operation \n \n \n\n**CVE-2014-0227** \n--- \n**Severity / CVSSv2** | Medium / 6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P) \n**References** | SecurityFocus: [BID 72717](<https://www.securityfocus.com/bid/72717>) / NVD: [CVE-2014-0227](<https://nvd.nist.gov/vuln/detail/CVE-2014-0227>) \n**Impact** | Security control bypass, denial of service \n**Description** | There exists a flaw in the handling of attempts to read data after an error has already occurred. An attacker can exploit this flaw to conduct HTTP request smuggling attacks or to cause a denial of service by streaming crafted data to the vulnerable host. \n \n \n\n**CVE-2014-0119** \n--- \n**Severity / CVSSv2** | Medium / 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n**References** | SecurityFocus: [BID 67669](<https://www.securityfocus.com/bid/67669>) / NVD: [CVE-2014-0119](<https://nvd.nist.gov/vuln/detail/CVE-2014-0119>) \n**Impact** | Information disclosure \n**Description** | A flaw allows an attacker to gain read access to unauthorized files using a crafted web application. \n \n \n\n**CVE-2014-0099** \n--- \n**Severity / CVSSv2** | Medium / 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n**References** | SecurityFocus: [BID 67668](<https://www.securityfocus.com/bid/67668>) / NVD: [CVE-2014-0099](<https://nvd.nist.gov/vuln/detail/CVE-2014-0099>) \n**Impact** | Security control bypass \n**Description** | A flaw allows an attacker to conduct HTTP request smuggling attacks using a crafted header when the Tomcat installation is behind a reverse proxy such as ProxySG. \n \n \n\n**CVE-2014-0096** \n--- \n**Severity / CVSSv2** | Medium / 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n**References** | SecurityFocus: [BID 67667](<https://www.securityfocus.com/bid/67667>) / NVD: [CVE-2014-0096](<https://nvd.nist.gov/vuln/detail/CVE-2014-0096>) \n**Impact** | Information disclosure \n**Description** | A flaw allows an attacker to bypass the SecurityManager protection using a crafted web application to read arbitrary files. \n \n \n\n**CVE-2014-0095** \n--- \n**Severity / CVSSv2** | Medium / 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n**References** | SecurityFocus: [BID 67673](<https://www.securityfocus.com/bid/67673>) / NVD: [CVE-2014-0095](<https://nvd.nist.gov/vuln/detail/CVE-2014-0095>) \n**Impact** | Denial of service \n**Description** | An input validation flaw allows an attacker to cause a denial of service. \n \n \n\n**CVE-2014-0075** \n--- \n**Severity / CVSSv2** | Medium / 7.5 (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n**References** | SecurityFocus: [BID 67671](<https://www.securityfocus.com/bid/67671>) / NVD: [CVE-2014-0075](<https://nvd.nist.gov/vuln/detail/CVE-2014-0075>) \n**Impact** | Denial of service \n**Description** | A flaw allows an attacker to cause a denial of service due to resource consumption. \n \n \n\n**CVE-2014-0050** \n--- \n**Severity / CVSSv2** | Medium / 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n**References** | SecurityFocus: [BID 65400](<https://www.securityfocus.com/bid/65400>) / NVD: [CVE-2014-0050](<https://nvd.nist.gov/vuln/detail/CVE-2014-0050>) \n**Impact** | Denial of service \n**Description** | A flaw allows an attacker to cause a denial of service. \n \n \n\n**CVE-2014-0033** \n--- \n**Severity / CVSSv2** | Medium / 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n**References** | SecurityFocus: [BID 65769](<https://www.securityfocus.com/bid/65769>) / NVD: [CVE-2014-0033](<https://nvd.nist.gov/vuln/detail/CVE-2014-0033>) \n**Impact** | Session hijacking \n**Description** | A flaw in handling of session IDs in a URL allows an attacker to conduct session fixation attacks. \n \n### \n\n### MITIGATION\n\nLimit access to management consoles to only the machines, IP addresses, or subnets that require access. \n \n\n\n### REFERENCES\n\nApache Tomcat 8.x vulnerabilities - <https://tomcat.apache.org/security-8.html> \nApache Tomcat 7.x vulnerabilities - <https://tomcat.apache.org/security-7.html> \nApache Tomcat 6.x vulnerabilities - <https://tomcat.apache.org/security-6.html> \n \n\n\n### REVISION\n\n2020-04-18 Advisory status moved to Closed. \n2019-10-02 Web Isolation is not vulnerable. \n2017-11-06 ASG 6.7 is not vulnerable because a fix is available in 6.7.2.1. \n2017-07-20 MC 1.10 is not vulnerable. \n2017-05-29 A fix for ASG is available in 6.6.5.1. \n2017-05-17 CAS 2.1 is not vulnerable. \n2017-03-30 MC 1.9 is not vulnerable. \n2017-02-15 MC 1.8 is not vulnerable. Vulnerability inquiries for DLP should be addressed to Digital Guardian technical support. \n2016-11-17 Cloud Data Protection for Oracle Field Service Cloud is not vulnerable. \n2016-11-15 MC 1.6 and 1.7 are not vulnerable. \n2016-09-15 ASG 6.6 has a vulnerable version of Apache Tomcat, but is not vulnerable to known vectors of attack. \n2016-08-12 A fix for all CVEs in CAS 1.3 is available in 1.3.7.1. \n2016-06-11 PolicyCenter S-Series is not vulnerable. \n2016-05-24 MC 1.5 is not vulnerable. \n2016-05-11 No Cloud Data Protection products are vulnerable. \n2016-05-06 A fix for MC 1.4 is available in 1.4.2.1. \n2016-05-02 A fix for IC 3.3 is available in 3.3.3.1. \n2016-04-25 MTD 1.1 and CAS 1.3 have vulnerable code for CVE-2014-7810, but are not vulnerable to known vectors of attack. Previously it was reported that a fix for CVE-2014-7810 in CAS is provided in 1.2.4.5. New information indicates that all CAS 1.2.x versions contain the vulnerable code for this CVE, but are not vulnerable to known vectors of attack. A patch will be provided in CAS 1.3. \n2015-10-01 CAS is vulnerable and a fix is available; CAS is not vulnerable to CVE-2014-0230 and CAS fix addresses all vulnerabilities \n2015-07-23 initial public release\n", "modified": "2020-04-18T21:50:20", "published": "2015-07-23T08:00:00", "id": "SMNTC-1329", "href": "", "type": "symantec", "title": "SA100 : Apache Tomcat Vulnerabilities", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:52", "bulletinFamily": "unix", "cvelist": ["CVE-2012-3544", "CVE-2013-2071", "CVE-2012-5887", "CVE-2014-0099", "CVE-2014-0119", "CVE-2013-4322", "CVE-2012-4431", "CVE-2012-2733", "CVE-2014-0050", "CVE-2013-2067", "CVE-2013-4286", "CVE-2013-4590", "CVE-2014-0096", "CVE-2014-0075", "CVE-2012-3546", "CVE-2012-5886", "CVE-2014-0033", "CVE-2012-4534", "CVE-2012-5885"], "description": "### Background\n\nApache Tomcat is a Servlet-3.0/JSP-2.2 Container.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Tomcat. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker may be able to cause a Denial of Service condition as well as obtain sensitive information, bypass protection mechanisms and authentication restrictions. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Tomcat 6.0.x users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-servers/tomcat-6.0.41\"\n \n\nAll Tomcat 7.0.x users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-servers/tomcat-7.0.56\"", "edition": 1, "modified": "2016-03-20T00:00:00", "published": "2014-12-15T00:00:00", "id": "GLSA-201412-29", "href": "https://security.gentoo.org/glsa/201412-29", "type": "gentoo", "title": "Apache Tomcat: Multiple vulnerabilities", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "oracle": [{"lastseen": "2019-05-29T18:20:55", "bulletinFamily": "software", "cvelist": ["CVE-2014-2482", "CVE-2012-3544", "CVE-2014-4224", "CVE-2014-4208", "CVE-2014-4213", "CVE-2014-4262", "CVE-2014-4242", "CVE-2014-2490", "CVE-2014-4226", "CVE-2014-4251", "CVE-2014-4263", "CVE-2014-4238", "CVE-2014-2481", "CVE-2013-3774", "CVE-2014-2480", "CVE-2014-4250", "CVE-2014-4260", "CVE-2014-2479", "CVE-2014-4218", "CVE-2014-4254", "CVE-2014-4258", "CVE-2014-4221", "CVE-2013-6449", "CVE-2014-4255", "CVE-2014-4253", "CVE-2014-4268", "CVE-2013-2172", "CVE-2014-4203", "CVE-2014-4265", "CVE-2014-4231", "CVE-2014-4201", "CVE-2014-4233", "CVE-2013-5855", "CVE-2014-4210", "CVE-2014-4229", "CVE-2013-5605", "CVE-2014-0224", "CVE-2014-4267", "CVE-2014-4266", "CVE-2014-2486", "CVE-2014-4270", "CVE-2014-0098", "CVE-2014-4214", "CVE-2014-2485", "CVE-2014-4222", "CVE-2013-1741", "CVE-2014-4257", "CVE-2014-4244", "CVE-2014-2494", "CVE-2014-2487", "CVE-2014-4205", "CVE-2014-4261", "CVE-2014-0436", "CVE-2013-1740", "CVE-2014-2493", "CVE-2014-4206", "CVE-2014-0099", "CVE-2013-6438", "CVE-2014-3470", "CVE-2014-2488", "CVE-2013-1739", "CVE-2014-4215", "CVE-2014-0119", "CVE-2014-1492", "CVE-2014-4209", "CVE-2013-6450", "CVE-2014-4245", "CVE-2013-5606", "CVE-2014-0114", "CVE-2014-0211", "CVE-2013-4322", "CVE-2014-0050", "CVE-2013-2461", "CVE-2014-1490", "CVE-2010-5298", "CVE-2014-0160", "CVE-2013-4286", "CVE-2014-0209", "CVE-2014-0210", "CVE-2014-4234", "CVE-2014-2489", "CVE-2014-0195", "CVE-2014-4269", "CVE-2014-0198", "CVE-2014-4216", "CVE-2014-4230", "CVE-2013-3751", "CVE-2014-4264", "CVE-2014-2477", "CVE-2014-4220", "CVE-2014-4237", "CVE-2014-4204", "CVE-2014-0096", "CVE-2014-4243", "CVE-2014-4217", "CVE-2014-4239", "CVE-2014-4248", "CVE-2014-0075", "CVE-2014-4211", "CVE-2014-2496", "CVE-2014-2483", "CVE-2014-4235", "CVE-2014-0033", "CVE-2014-4225", "CVE-2014-4241", "CVE-2014-4246", "CVE-2014-4207", "CVE-2014-4232", "CVE-2014-4256", "CVE-2014-1491", "CVE-2014-4227", "CVE-2014-4247", "CVE-2014-4252", "CVE-2014-2492", "CVE-2014-4228", "CVE-2014-4202", "CVE-2014-4212", "CVE-2014-2484", "CVE-2014-4236", "CVE-2014-4240", "CVE-2014-4219", "CVE-2014-2456", "CVE-2014-4249", "CVE-2013-1620", "CVE-2014-4223", "CVE-2014-4271", "CVE-2014-0221", "CVE-2014-2491", "CVE-2014-2495"], "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are generally cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n[Critical Patch Updates and Security Alerts](<http://www.oracle.com/technetwork/topics/security/alerts-086861.html>) for information about Oracle Security Advisories.\n\n**Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible.** This Critical Patch Update contains 113 new security fixes across the product families listed below.\n\nPlease note that a blog entry summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at <https://blogs.oracle.com/security>.\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available at: <http://www.oracle.com/technetwork/topics/security/cpufaq-098434.html#CVRF>.\n\nPlease note that on April 18, 2014, Oracle released a [Security Alert for CVE-2014-0160 OpenSSL \"Heartbleed\"](<http://www.oracle.com/technetwork/topics/security/alert-cve-2014-0160-2190703.html>). This Critical Patch Update includes an update to MySQL Enterprise Server 5.6 and this update includes a fix for vulnerability CVE-2014-0160. Customers of other Oracle products are strongly advised to apply the [fixes ](<http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html>) that were announced in the Security Alert for CVE-2014-0160.\n", "modified": "2014-07-24T00:00:00", "published": "2014-07-15T00:00:00", "id": "ORACLE:CPUJUL2014-1972956", "href": "", "type": "oracle", "title": "Oracle Critical Patch Update - July 2014", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:21:14", "bulletinFamily": "software", "cvelist": ["CVE-2014-6495", "CVE-2014-6506", "CVE-2014-6500", "CVE-2014-2478", "CVE-2014-6564", "CVE-2014-6482", "CVE-2014-6536", "CVE-2014-6544", "CVE-2014-6558", "CVE-2014-6516", "CVE-2014-6560", "CVE-2014-6530", "CVE-2014-6505", "CVE-2014-4301", "CVE-2014-6463", "CVE-2014-6515", "CVE-2014-6460", "CVE-2014-6554", "CVE-2014-6539", "CVE-2014-4292", "CVE-2014-6487", "CVE-2014-6538", "CVE-2014-6493", "CVE-2014-4280", "CVE-2014-6488", "CVE-2014-4282", "CVE-2014-6519", "CVE-2014-2472", "CVE-2014-6466", "CVE-2014-6517", "CVE-2014-6471", "CVE-2014-6501", "CVE-2014-6504", "CVE-2014-6534", "CVE-2014-6455", "CVE-2014-6459", "CVE-2014-6502", "CVE-2014-7169", "CVE-2013-5605", "CVE-2014-6472", "CVE-2014-0224", "CVE-2014-6492", "CVE-2014-6457", "CVE-2014-4284", "CVE-2014-6484", "CVE-2014-6476", "CVE-2014-6479", "CVE-2014-6535", "CVE-2014-6507", "CVE-2014-6503", "CVE-2014-6490", "CVE-2014-6557", "CVE-2014-6542", "CVE-2014-6454", "CVE-2014-4295", "CVE-2014-4291", "CVE-2014-6469", "CVE-2014-4278", "CVE-2014-6537", "CVE-2014-6486", "CVE-2014-6496", "CVE-2013-1741", "CVE-2014-6555", "CVE-2014-2476", "CVE-2014-6529", "CVE-2014-6562", "CVE-2013-1740", "CVE-2014-4293", "CVE-2014-6511", "CVE-2014-3470", "CVE-2013-1739", "CVE-2014-6475", "CVE-2014-6485", "CVE-2014-6559", "CVE-2014-6470", "CVE-2014-4274", "CVE-2014-4294", "CVE-2014-6531", "CVE-2014-0119", "CVE-2014-1492", "CVE-2014-6456", "CVE-2014-6547", "CVE-2014-2880", "CVE-2013-5606", "CVE-2014-0114", "CVE-2014-4310", "CVE-2014-6543", "CVE-2014-6464", "CVE-2014-6468", "CVE-2014-4297", "CVE-2013-4322", "CVE-2014-0050", "CVE-2014-6520", "CVE-2014-6551", "CVE-2014-1490", "CVE-2010-5298", "CVE-2013-4286", "CVE-2014-6458", "CVE-2014-6532", "CVE-2014-6533", "CVE-2014-4276", "CVE-2014-4277", "CVE-2014-4288", "CVE-2014-6550", "CVE-2014-0195", "CVE-2014-4296", "CVE-2014-0198", "CVE-2013-4590", "CVE-2014-4290", "CVE-2014-6478", "CVE-2014-6553", "CVE-2014-6483", "CVE-2014-6473", "CVE-2014-0096", "CVE-2014-2475", "CVE-2014-4300", "CVE-2014-0075", "CVE-2014-6546", "CVE-2014-6465", "CVE-2014-4299", "CVE-2014-6491", "CVE-2014-6508", "CVE-2014-4289", "CVE-2014-6453", "CVE-2014-2473", "CVE-2014-4285", "CVE-2014-6522", "CVE-2014-0033", "CVE-2012-5615", "CVE-2014-6467", "CVE-2014-6523", "CVE-2014-6452", "CVE-2014-0095", "CVE-2014-6513", "CVE-2014-6474", "CVE-2014-1491", "CVE-2014-6489", "CVE-2014-2474", "CVE-2014-6563", "CVE-2014-6545", "CVE-2014-4281", "CVE-2014-4275", "CVE-2014-4287", "CVE-2014-6477", "CVE-2014-6552", "CVE-2014-6540", "CVE-2014-6494", "CVE-2014-6461", "CVE-2014-4283", "CVE-2014-6527", "CVE-2014-6462", "CVE-2014-6561", "CVE-2014-4298", "CVE-2014-6499", "CVE-2014-6512", "CVE-2014-0221", "CVE-2014-6498", "CVE-2014-6497"], "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n[Critical Patch Updates and Security Alerts](<http://www.oracle.com/technetwork/topics/security/alerts-086861.html>) for information about Oracle Security Advisories.\n\n**Oracle has received specific reports of malicious exploitation of vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that malicious attackers have been successful because customers had failed to apply these Oracle patches. Oracle therefore _strongly_ recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes _without_ delay.**\n\nOracle acknowledges Dana Taylor of netinfiltration.com for bringing to Oracle's attention a number of sites that were vulnerable to disclosure of sensitive information because Oracle CPU fixes were not applied to those sites for more than a year.\n\nThis Critical Patch Update contains 154 new security fixes across the product families listed below. Please note that a blog entry summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at <https://blogs.oracle.com/security>.\n\nPlease note that on September 26, 2014, Oracle released a [Security Alert for CVE-2014-7169 \"Bash\"](<http://www.oracle.com/technetwork/topics/security/alert-cve-2014-7169-2303276.html>) and other publicly disclosed vulnerabilities affecting GNU Bash. Customers of affected Oracle products are strongly advised to apply the fixes that were announced in the Security Alert for CVE-2014-7169.\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available at: <http://www.oracle.com/technetwork/topics/security/cpufaq-098434.html#CVRF>.\n", "modified": "2014-11-21T00:00:00", "published": "2014-10-14T00:00:00", "id": "ORACLE:CPUOCT2014-1972960", "href": "", "type": "oracle", "title": "Oracle Critical Patch Update - October 2014", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:20:59", "bulletinFamily": "software", "cvelist": ["CVE-2016-5606", "CVE-2016-5540", "CVE-2016-5630", "CVE-2016-5594", "CVE-2016-5575", "CVE-2016-5609", "CVE-2015-5351", "CVE-2016-8294", "CVE-2016-5565", "CVE-2016-5591", "CVE-2015-1792", "CVE-2016-5498", "CVE-2016-5624", "CVE-2016-5555", "CVE-2014-9296", "CVE-2015-0235", "CVE-2015-1793", "CVE-2016-1546", "CVE-2016-5560", "CVE-2016-5611", "CVE-2014-7809", "CVE-2016-3492", "CVE-2016-5612", "CVE-2015-3197", "CVE-2016-5602", "CVE-2016-5487", "CVE-2016-5505", "CVE-2016-5608", "CVE-2016-5625", "CVE-2016-6306", "CVE-2016-5619", "CVE-2016-5568", "CVE-2016-6663", "CVE-2015-1789", "CVE-2016-5527", "CVE-2016-2183", "CVE-2014-0227", "CVE-2016-5481", "CVE-2016-5518", "CVE-2016-8281", "CVE-2016-5631", "CVE-2015-0286", "CVE-2016-2178", "CVE-2016-8288", "CVE-2016-5635", "CVE-2016-5497", "CVE-2015-2568", "CVE-2016-5486", "CVE-2016-5628", "CVE-2015-3195", "CVE-2016-4979", "CVE-2016-5617", "CVE-2016-5621", "CVE-2016-3473", "CVE-2016-5521", "CVE-2016-5543", "CVE-2016-5585", "CVE-2016-5488", "CVE-2016-0714", "CVE-2014-3571", "CVE-2016-8292", "CVE-2016-5588", "CVE-2016-5559", "CVE-2016-5599", "CVE-2016-5539", "CVE-2016-5514", "CVE-2016-5479", "CVE-2016-6302", "CVE-2016-5504", "CVE-2016-6664", "CVE-2016-3551", "CVE-2016-5499", "CVE-2016-2177", "CVE-2016-5604", "CVE-2016-5574", "CVE-2014-9294", "CVE-2010-5312", "CVE-2014-0224", "CVE-2016-5616", "CVE-2016-8296", "CVE-2016-0635", "CVE-2016-2105", "CVE-2016-5557", "CVE-2016-5569", "CVE-2016-2107", "CVE-2016-5553", "CVE-2015-7501", "CVE-2016-5610", "CVE-2016-5577", "CVE-2015-3253", "CVE-2014-9295", "CVE-2016-6307", "CVE-2016-3562", "CVE-2016-1182", "CVE-2016-5566", "CVE-2016-5576", "CVE-2016-5582", "CVE-2016-0763", "CVE-2016-5493", "CVE-2016-5615", "CVE-2016-8285", "CVE-2016-6308", "CVE-2016-5633", "CVE-2016-2180", "CVE-2016-5534", "CVE-2016-5542", "CVE-2016-5513", "CVE-2016-5571", "CVE-2016-5567", "CVE-2016-5597", "CVE-2016-5525", "CVE-2016-8295", "CVE-2014-0099", "CVE-2016-5627", "CVE-2014-2532", "CVE-2016-5500", "CVE-2016-8287", "CVE-2016-2109", "CVE-2016-3505", "CVE-2016-2181", "CVE-2014-0119", "CVE-2016-6304", "CVE-2016-5482", "CVE-2016-5522", "CVE-2014-0114", "CVE-2016-5529", "CVE-2013-4322", "CVE-2016-5515", "CVE-2016-6662", "CVE-2014-0050", "CVE-2016-5595", "CVE-2013-2067", "CVE-2015-0500", "CVE-2016-5596", "CVE-2013-4286", "CVE-2016-1881", "CVE-2015-0382", "CVE-2099-1234", "CVE-2016-5587", "CVE-2016-5480", "CVE-2016-5600", "CVE-2016-5491", "CVE-2016-5586", "CVE-2016-5519", "CVE-2016-5605", "CVE-2015-1788", "CVE-2016-5632", "CVE-2016-5511", "CVE-2016-5578", "CVE-2016-5562", "CVE-2016-5489", "CVE-2016-7052", "CVE-2016-5490", "CVE-2016-5533", "CVE-2013-4590", "CVE-2016-5626", "CVE-2016-5583", "CVE-2016-5556", "CVE-2016-1950", "CVE-2016-5607", "CVE-2016-8291", "CVE-2016-0706", "CVE-2016-5492", "CVE-2012-1007", "CVE-2016-5570", "CVE-2016-5516", "CVE-2016-8283", "CVE-2016-5507", "CVE-2016-5537", "CVE-2016-5584", "CVE-2016-5598", "CVE-2015-0409", "CVE-2016-1181", "CVE-2013-2566", "CVE-2015-0423", "CVE-2014-0096", "CVE-2016-5508", "CVE-2016-2176", "CVE-2016-5524", "CVE-2015-1790", "CVE-2016-5510", "CVE-2014-0075", "CVE-2013-4444", "CVE-2016-6305", "CVE-2016-5530", "CVE-2016-5580", "CVE-2016-6303", "CVE-2016-5538", "CVE-2015-1351", "CVE-2016-5523", "CVE-2016-5613", "CVE-2016-5618", "CVE-2016-5601", "CVE-2016-2182", "CVE-2016-5554", "CVE-2016-5535", "CVE-2015-0433", "CVE-2016-8293", "CVE-2016-5589", "CVE-2016-5581", "CVE-2016-5531", "CVE-2016-5620", "CVE-2016-5495", "CVE-2016-5573", "CVE-2016-5564", "CVE-2016-5592", "CVE-2016-5532", "CVE-2015-7940", "CVE-2016-5526", "CVE-2016-5603", "CVE-2016-5517", "CVE-2016-5501", "CVE-2016-5502", "CVE-2016-5634", "CVE-2016-5512", "CVE-2016-5579", "CVE-2016-5561", "CVE-2016-8284", "CVE-2016-5593", "CVE-2016-8290", "CVE-2016-3081", "CVE-2016-2179", "CVE-2016-5503", "CVE-2016-2106", "CVE-2016-7440", "CVE-2016-5558", "CVE-2016-1000031", "CVE-2015-4852", "CVE-2014-9293", "CVE-2016-5536", "CVE-2015-1791", "CVE-2016-5563", "CVE-2016-8289", "CVE-2016-8286", "CVE-2016-6309", "CVE-2016-5572", "CVE-2016-5622", "CVE-2016-5629", "CVE-2016-5506", "CVE-2016-3495", "CVE-2016-5544", "CVE-2015-0411", "CVE-2015-0381"], "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n[Critical Patch Updates and Security Alerts](<http://www.oracle.com/technetwork/topics/security/alerts-086861.html>) for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore _strongly_ recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes _without_ delay.**\n\nThis Critical Patch Update contains 253 new security fixes across the product families listed below. Please note that a blog entry summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at <https://blogs.oracle.com/security>.\n\nPlease note that the vulnerabilities in this Critical Patch Update are scored using version 3.0 of Common Vulnerability Scoring Standard (CVSS).\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available [here](<http://www.oracle.com/technetwork/topics/security/cpufaq-098434.html#CVRF>).\n", "modified": "2019-05-16T00:00:00", "published": "2016-10-18T00:00:00", "id": "ORACLE:CPUOCT2016-2881722", "href": "", "type": "oracle", "title": "Oracle Critical Patch Update - October 2016", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-10-04T21:15:59", "bulletinFamily": "software", "cvelist": ["CVE-2010-5312", "CVE-2012-1007", "CVE-2013-2067", "CVE-2013-2566", "CVE-2013-4286", "CVE-2013-4322", "CVE-2013-4444", "CVE-2013-4590", "CVE-2014-0050", "CVE-2014-0075", "CVE-2014-0096", "CVE-2014-0099", "CVE-2014-0114", "CVE-2014-0119", "CVE-2014-0224", "CVE-2014-0227", "CVE-2014-2532", "CVE-2014-3571", "CVE-2014-7809", "CVE-2014-9293", "CVE-2014-9294", "CVE-2014-9295", "CVE-2014-9296", "CVE-2015-0235", "CVE-2015-0286", "CVE-2015-0381", "CVE-2015-0382", "CVE-2015-0409", "CVE-2015-0411", "CVE-2015-0423", "CVE-2015-0433", "CVE-2015-0500", "CVE-2015-1351", "CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-1793", "CVE-2015-2568", "CVE-2015-3195", "CVE-2015-3197", "CVE-2015-3253", "CVE-2015-4852", "CVE-2015-5351", "CVE-2015-7501", "CVE-2015-7940", "CVE-2016-0635", "CVE-2016-0706", "CVE-2016-0714", "CVE-2016-0763", "CVE-2016-1000031", "CVE-2016-1181", "CVE-2016-1182", "CVE-2016-1546", "CVE-2016-1881", "CVE-2016-1950", "CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2109", "CVE-2016-2176", "CVE-2016-2177", "CVE-2016-2178", "CVE-2016-2179", "CVE-2016-2180", "CVE-2016-2181", "CVE-2016-2182", "CVE-2016-2183", "CVE-2016-3081", "CVE-2016-3473", "CVE-2016-3492", "CVE-2016-3495", "CVE-2016-3505", "CVE-2016-3551", "CVE-2016-3562", "CVE-2016-4979", "CVE-2016-5479", "CVE-2016-5480", "CVE-2016-5481", "CVE-2016-5482", "CVE-2016-5486", "CVE-2016-5487", "CVE-2016-5488", "CVE-2016-5489", "CVE-2016-5490", "CVE-2016-5491", "CVE-2016-5492", "CVE-2016-5493", "CVE-2016-5495", "CVE-2016-5497", "CVE-2016-5498", "CVE-2016-5499", "CVE-2016-5500", "CVE-2016-5501", "CVE-2016-5502", "CVE-2016-5503", "CVE-2016-5504", "CVE-2016-5505", "CVE-2016-5506", "CVE-2016-5507", "CVE-2016-5508", "CVE-2016-5510", "CVE-2016-5511", "CVE-2016-5512", "CVE-2016-5513", "CVE-2016-5514", "CVE-2016-5515", "CVE-2016-5516", "CVE-2016-5517", "CVE-2016-5518", "CVE-2016-5519", "CVE-2016-5521", "CVE-2016-5522", "CVE-2016-5523", "CVE-2016-5524", "CVE-2016-5525", "CVE-2016-5526", "CVE-2016-5527", "CVE-2016-5529", "CVE-2016-5530", "CVE-2016-5531", "CVE-2016-5532", "CVE-2016-5533", "CVE-2016-5534", "CVE-2016-5535", "CVE-2016-5536", "CVE-2016-5537", "CVE-2016-5538", "CVE-2016-5539", "CVE-2016-5540", "CVE-2016-5542", "CVE-2016-5543", "CVE-2016-5544", "CVE-2016-5553", "CVE-2016-5554", "CVE-2016-5555", "CVE-2016-5556", "CVE-2016-5557", "CVE-2016-5558", "CVE-2016-5559", "CVE-2016-5560", "CVE-2016-5561", "CVE-2016-5562", "CVE-2016-5563", "CVE-2016-5564", "CVE-2016-5565", "CVE-2016-5566", "CVE-2016-5567", "CVE-2016-5568", "CVE-2016-5569", "CVE-2016-5570", "CVE-2016-5571", "CVE-2016-5572", "CVE-2016-5573", "CVE-2016-5574", "CVE-2016-5575", "CVE-2016-5576", "CVE-2016-5577", "CVE-2016-5578", "CVE-2016-5579", "CVE-2016-5580", "CVE-2016-5581", "CVE-2016-5582", "CVE-2016-5583", "CVE-2016-5584", "CVE-2016-5585", "CVE-2016-5586", "CVE-2016-5587", "CVE-2016-5588", "CVE-2016-5589", "CVE-2016-5591", "CVE-2016-5592", "CVE-2016-5593", "CVE-2016-5594", "CVE-2016-5595", "CVE-2016-5596", "CVE-2016-5597", "CVE-2016-5598", "CVE-2016-5599", "CVE-2016-5600", "CVE-2016-5601", "CVE-2016-5602", "CVE-2016-5603", "CVE-2016-5604", "CVE-2016-5605", "CVE-2016-5606", "CVE-2016-5607", "CVE-2016-5608", "CVE-2016-5609", "CVE-2016-5610", "CVE-2016-5611", "CVE-2016-5612", "CVE-2016-5613", "CVE-2016-5615", "CVE-2016-5616", "CVE-2016-5617", "CVE-2016-5618", "CVE-2016-5619", "CVE-2016-5620", "CVE-2016-5621", "CVE-2016-5622", "CVE-2016-5624", "CVE-2016-5625", "CVE-2016-5626", "CVE-2016-5627", "CVE-2016-5628", "CVE-2016-5629", "CVE-2016-5630", "CVE-2016-5631", "CVE-2016-5632", "CVE-2016-5633", "CVE-2016-5634", "CVE-2016-5635", "CVE-2016-6302", "CVE-2016-6303", "CVE-2016-6304", "CVE-2016-6305", "CVE-2016-6306", "CVE-2016-6307", "CVE-2016-6308", "CVE-2016-6309", "CVE-2016-6662", "CVE-2016-6663", "CVE-2016-6664", "CVE-2016-7052", "CVE-2016-7440", "CVE-2016-8281", "CVE-2016-8283", "CVE-2016-8284", "CVE-2016-8285", "CVE-2016-8286", "CVE-2016-8287", "CVE-2016-8288", "CVE-2016-8289", "CVE-2016-8290", "CVE-2016-8291", "CVE-2016-8292", "CVE-2016-8293", "CVE-2016-8294", "CVE-2016-8295", "CVE-2016-8296", "CVE-2099-1234"], "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\nCritical Patch Updates and Security Alerts for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore _strongly_ recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes _without_ delay.**\n\nThis Critical Patch Update contains 253 new security fixes across the product families listed below. Please note that a blog entry summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at <https://blogs.oracle.com/security>.\n\nPlease note that the vulnerabilities in this Critical Patch Update are scored using version 3.0 of Common Vulnerability Scoring Standard (CVSS).\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available here.\n", "modified": "2019-05-16T00:00:00", "published": "2016-10-18T00:00:00", "id": "ORACLE:CPUOCT2016", "href": "", "type": "oracle", "title": "Oracle Critical Patch Update - October 2016", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
