Search...

F5 Networks BIG-IP : Apache Tomcat information disclosure vulnerability (SOL9110)

2014-10-10T00:00:00

ID F5_BIGIP_SOL9110.NASL
Type nessus
Reporter This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2014-10-10T00:00:00

Description

Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files through a .. (dot dot) in a request parameter.

                                        
                                            #%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from F5 Networks BIG-IP Solution SOL9110.
#
# The text description of this plugin is (C) F5 Networks.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(78226);
  script_version("1.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2008-2370");
  script_bugtraq_id(30494);

  script_name(english:"F5 Networks BIG-IP : Apache Tomcat information disclosure vulnerability (SOL9110)");
  script_summary(english:"Checks the BIG-IP version.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote device is missing a vendor-supplied security patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0
through 6.0.16, when a RequestDispatcher is used, performs path
normalization before removing the query string from the URI, which
allows remote attackers to conduct directory traversal attacks and
read arbitrary files through a .. (dot dot) in a request parameter."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://support.f5.com/csp/article/K9110"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade to one of the non-vulnerable versions listed in the F5
Solution SOL9110."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_cwe_id(22);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_security_manager");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_global_traffic_manager");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_link_controller");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_local_traffic_manager");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_wan_optimization_manager");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_webaccelerator");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip_protocol_security_manager");

  script_set_attribute(attribute:"patch_publication_date", value:"2008/09/01");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/10");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"F5 Networks Local Security Checks");

  script_dependencies("f5_bigip_detect.nbin");
  script_require_keys("Host/local_checks_enabled", "Host/BIG-IP/hotfix", "Host/BIG-IP/modules", "Host/BIG-IP/version");

  exit(0);
}


include("f5_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
version = get_kb_item("Host/BIG-IP/version");
if ( ! version ) audit(AUDIT_OS_NOT, "F5 Networks BIG-IP");
if ( isnull(get_kb_item("Host/BIG-IP/hotfix")) ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/hotfix");
if ( ! get_kb_item("Host/BIG-IP/modules") ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/modules");

sol = "SOL9110";
vmatrix = make_array();

# ASM
vmatrix["ASM"] = make_array();
vmatrix["ASM"]["affected"  ] = make_list("9.3.0-9.3.1","9.4.0-9.4.8","10.0.0-10.0.1");
vmatrix["ASM"]["unaffected"] = make_list("10.1","10.2","11");

# GTM
vmatrix["GTM"] = make_array();
vmatrix["GTM"]["affected"  ] = make_list("9.3.0-9.3.1","9.4.0-9.4.8","10.0.0-10.0.1");
vmatrix["GTM"]["unaffected"] = make_list("10.1","10.2","11");

# LC
vmatrix["LC"] = make_array();
vmatrix["LC"]["affected"  ] = make_list("9.3.0-9.3.1","9.4.0-9.4.8","10.0.0-10.0.1");
vmatrix["LC"]["unaffected"] = make_list("10.1","10.2","11");

# LTM
vmatrix["LTM"] = make_array();
vmatrix["LTM"]["affected"  ] = make_list("9.3.0-9.3.1","9.4.0-9.4.8","9.6.0-9.6.1","10.0.0-10.0.1");
vmatrix["LTM"]["unaffected"] = make_list("10.1","10.2","11");

# PSM
vmatrix["PSM"] = make_array();
vmatrix["PSM"]["affected"  ] = make_list("9.4.5-9.4.8","10.0.0-10.0.1");
vmatrix["PSM"]["unaffected"] = make_list("10.1","10.2","11");

# WAM
vmatrix["WAM"] = make_array();
vmatrix["WAM"]["affected"  ] = make_list("9.4.0-9.4.8","10.0.0-10.0.1");
vmatrix["WAM"]["unaffected"] = make_list("10.1","10.2","11");

# WOM
vmatrix["WOM"] = make_array();
vmatrix["WOM"]["affected"  ] = make_list("10.0.0-10.0.1");
vmatrix["WOM"]["unaffected"] = make_list("10.1","10.2","11");


if (bigip_is_affected(vmatrix:vmatrix, sol:sol))
{
  if (report_verbosity &gt; 0) security_warning(port:0, extra:bigip_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = bigip_get_tested_modules();
  audit_extra = "For BIG-IP module(s) " + tested + ",";
  if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);
  else audit(AUDIT_HOST_NOT, "running any of the affected modules");
}

JSON Vulners Source

Initial Source

{"id": "F5_BIGIP_SOL9110.NASL", "bulletinFamily": "scanner", "title": "F5 Networks BIG-IP : Apache Tomcat information disclosure vulnerability (SOL9110)", "description": "Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0\nthrough 6.0.16, when a RequestDispatcher is used, performs path\nnormalization before removing the query string from the URI, which\nallows remote attackers to conduct directory traversal attacks and\nread arbitrary files through a .. (dot dot) in a request parameter.", "published": "2014-10-10T00:00:00", "modified": "2014-10-10T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "href": "https://www.tenable.com/plugins/nessus/78226", "reporter": "This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://support.f5.com/csp/article/K9110"], "cvelist": ["CVE-2008-2370"], "type": "nessus", "lastseen": "2021-01-12T10:05:35", "edition": 27, "viewCount": 10, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-2370"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:9193", "SECURITYVULNS:DOC:23524", "SECURITYVULNS:DOC:20275"]}, {"type": "f5", "idList": ["F5:K9110", "F5:K67352212", "SOL9110"]}, {"type": "exploitdb", "idList": ["EDB-ID:32137"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310870028", "OPENVAS:1361412562310830681", "OPENVAS:1361412562310835190", "OPENVAS:1361412562310900021", "OPENVAS:835190", "OPENVAS:860209", "OPENVAS:860391", "OPENVAS:830681", "OPENVAS:870028", "OPENVAS:1361412562310122558"]}, {"type": "redhat", "idList": ["RHSA-2008:0862", "RHSA-2008:1007", "RHSA-2008:0648", "RHSA-2008:0877", "RHSA-2008:0864"]}, {"type": "nessus", "idList": ["FEDORA_2008-7977.NASL", "CENTOS_RHSA-2008-0648.NASL", "TOMCAT_4_1_39.NASL", "REDHAT-RHSA-2008-0648.NASL", "REDHAT-RHSA-2008-0877.NASL", "VMWARE_VMSA-2009-0002.NASL", "TOMCAT_6_0_18.NASL", "SL_20080827_TOMCAT_ON_SL5_X.NASL", "ORACLELINUX_ELSA-2008-0648.NASL", "FEDORA_2008-8113.NASL"]}, {"type": "vmware", "idList": ["VMSA-2009-0002", "VMSA-2009-0016"]}, {"type": "oraclelinux", "idList": ["ELSA-2008-0648"]}, {"type": "centos", "idList": ["CESA-2008:0648"]}, {"type": "atlassian", "idList": ["ATLASSIAN:CONF-10445", "ATLASSIAN:CONFSERVER-10445"]}, {"type": "fedora", "idList": ["FEDORA:EC5A9208DCA", "FEDORA:A50D42E031E", "FEDORA:62EF6208DAC"]}], "modified": "2021-01-12T10:05:35", "rev": 2}, "score": {"value": 5.4, "vector": "NONE", "modified": "2021-01-12T10:05:35", "rev": 2}, "vulnersScore": 5.4}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution SOL9110.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78226);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-2370\");\n script_bugtraq_id(30494);\n\n script_name(english:\"F5 Networks BIG-IP : Apache Tomcat information disclosure vulnerability (SOL9110)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0\nthrough 6.0.16, when a RequestDispatcher is used, performs path\nnormalization before removing the query string from the URI, which\nallows remote attackers to conduct directory traversal attacks and\nread arbitrary files through a .. (dot dot) in a request parameter.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K9110\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution SOL9110.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(22);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/09/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"SOL9110\";\nvmatrix = make_array();\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"9.3.0-9.3.1\",\"9.4.0-9.4.8\",\"10.0.0-10.0.1\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"10.1\",\"10.2\",\"11\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"9.3.0-9.3.1\",\"9.4.0-9.4.8\",\"10.0.0-10.0.1\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"10.1\",\"10.2\",\"11\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"9.3.0-9.3.1\",\"9.4.0-9.4.8\",\"10.0.0-10.0.1\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"10.1\",\"10.2\",\"11\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"9.3.0-9.3.1\",\"9.4.0-9.4.8\",\"9.6.0-9.6.1\",\"10.0.0-10.0.1\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"10.1\",\"10.2\",\"11\");\n\n# PSM\nvmatrix[\"PSM\"] = make_array();\nvmatrix[\"PSM\"][\"affected\" ] = make_list(\"9.4.5-9.4.8\",\"10.0.0-10.0.1\");\nvmatrix[\"PSM\"][\"unaffected\"] = make_list(\"10.1\",\"10.2\",\"11\");\n\n# WAM\nvmatrix[\"WAM\"] = make_array();\nvmatrix[\"WAM\"][\"affected\" ] = make_list(\"9.4.0-9.4.8\",\"10.0.0-10.0.1\");\nvmatrix[\"WAM\"][\"unaffected\"] = make_list(\"10.1\",\"10.2\",\"11\");\n\n# WOM\nvmatrix[\"WOM\"] = make_array();\nvmatrix[\"WOM\"][\"affected\" ] = make_list(\"10.0.0-10.0.1\");\nvmatrix[\"WOM\"][\"unaffected\"] = make_list(\"10.1\",\"10.2\",\"11\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "naslFamily": "F5 Networks Local Security Checks", "pluginID": "78226", "cpe": ["cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/h:f5:big-ip_protocol_security_manager", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_wan_optimization_manager", "cpe:/h:f5:big-ip", "cpe:/a:f5:big-ip_webaccelerator"], "scheme": null}

{"cve": [{"lastseen": "2020-10-03T11:50:59", "description": "Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.", "edition": 5, "cvss3": {}, "published": "2008-08-04T01:41:00", "title": "CVE-2008-2370", "type": "cve", "cwe": ["CWE-22"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-2370"], "modified": "2019-03-25T11:30:00", "cpe": ["cpe:/a:apache:tomcat:4.1.36", "cpe:/a:apache:tomcat:6.0.16", "cpe:/a:apache:tomcat:4.1.13", "cpe:/a:apache:tomcat:5.5.0", "cpe:/a:apache:tomcat:4.1.18", "cpe:/a:apache:tomcat:4.1.9", "cpe:/a:apache:tomcat:4.1.34", "cpe:/a:apache:tomcat:5.5.23", "cpe:/a:apache:tomcat:5.5.18", "cpe:/a:apache:tomcat:4.1.1", "cpe:/a:apache:tomcat:4.1.35", "cpe:/a:apache:tomcat:4.1.20", "cpe:/a:apache:tomcat:5.5.2", "cpe:/a:apache:tomcat:6.0.7", "cpe:/a:apache:tomcat:5.5.1", "cpe:/a:apache:tomcat:6.0.0", "cpe:/a:apache:tomcat:4.1.27", "cpe:/a:apache:tomcat:6.0.4", "cpe:/a:apache:tomcat:4.1.28", "cpe:/a:apache:tomcat:6.0.10", "cpe:/a:apache:tomcat:6.0.5", "cpe:/a:apache:tomcat:4.1.0", "cpe:/a:apache:tomcat:4.1.29", "cpe:/a:apache:tomcat:4.1.22", "cpe:/a:apache:tomcat:5.5.4", "cpe:/a:apache:tomcat:6.0.6", "cpe:/a:apache:tomcat:4.1.32", "cpe:/a:apache:tomcat:4.1.30", "cpe:/a:apache:tomcat:4.1.33", "cpe:/a:apache:tomcat:4.1.2", "cpe:/a:apache:tomcat:4.1.15", "cpe:/a:apache:tomcat:4.1.7", "cpe:/a:apache:tomcat:5.5.22", "cpe:/a:apache:tomcat:5.5.14", "cpe:/a:apache:tomcat:5.5.16", "cpe:/a:apache:tomcat:4.1.26", "cpe:/a:apache:tomcat:4.1.25", "cpe:/a:apache:tomcat:6.0.13", "cpe:/a:apache:tomcat:4.1.16", "cpe:/a:apache:tomcat:5.5.24", "cpe:/a:apache:tomcat:4.1.3", "cpe:/a:apache:tomcat:6.0.14", "cpe:/a:apache:tomcat:5.5.3", "cpe:/a:apache:tomcat:5.5.10", "cpe:/a:apache:tomcat:5.5.9", "cpe:/a:apache:tomcat:4.1.5", "cpe:/a:apache:tomcat:4.1.17", "cpe:/a:apache:tomcat:4.1.19", "cpe:/a:apache:tomcat:4.1.23", "cpe:/a:apache:tomcat:6.0.12", "cpe:/a:apache:tomcat:5.5.11", "cpe:/a:apache:tomcat:6.0.11", "cpe:/a:apache:tomcat:4.1.11", "cpe:/a:apache:tomcat:4.1.6", "cpe:/a:apache:tomcat:4.1.14", "cpe:/a:apache:tomcat:6.0.8", "cpe:/a:apache:tomcat:5.5.25", "cpe:/a:apache:tomcat:5.5.19", "cpe:/a:apache:tomcat:4.1.10", "cpe:/a:apache:tomcat:5.5.21", "cpe:/a:apache:tomcat:5.5.5", "cpe:/a:apache:tomcat:5.5.26", "cpe:/a:apache:tomcat:6.0.2", "cpe:/a:apache:tomcat:6.0.1", "cpe:/a:apache:tomcat:5.5.17", "cpe:/a:apache:tomcat:5.5.7", "cpe:/a:apache:tomcat:4.1.37", "cpe:/a:apache:tomcat:5.5.13", "cpe:/a:apache:tomcat:4.1.8", "cpe:/a:apache:tomcat:4.1.4", "cpe:/a:apache:tomcat:6.0.3", "cpe:/a:apache:tomcat:5.5.15", "cpe:/a:apache:tomcat:6.0.15", "cpe:/a:apache:tomcat:4.1.31", "cpe:/a:apache:tomcat:5.5.8", "cpe:/a:apache:tomcat:5.5.6", "cpe:/a:apache:tomcat:4.1.12", "cpe:/a:apache:tomcat:4.1.21", "cpe:/a:apache:tomcat:4.1.24", "cpe:/a:apache:tomcat:5.5.12", "cpe:/a:apache:tomcat:5.5.20", "cpe:/a:apache:tomcat:6.0.9"], "id": "CVE-2008-2370", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2370", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:4.1.22:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:4.1.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:4.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:4.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.26:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:4.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:4.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:4.1.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:4.1.28:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:4.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:4.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:4.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:4.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:4.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:4.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:4.1.29:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:4.1.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:4.1.36:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:4.1.23:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:4.1.25:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:4.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:4.1.34:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:4.1.27:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.25:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:4.1.32:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:4.1.33:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:4.1.30:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:4.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:4.1.31:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:4.1.21:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:4.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:4.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:4.1.37:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:4.1.35:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:4.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:4.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:4.1.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:4.1.26:*:*:*:*:*:*:*"]}], "securityvulns": [{"lastseen": "2018-08-31T11:10:27", "bulletinFamily": "software", "cvelist": ["CVE-2008-2370"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nCVE-2008-2370: Apache Tomcat information disclosure vulnerability\r\n\r\nSeverity: Important\r\n\r\nVendor:\r\nThe Apache Software Foundation\r\n\r\nVersions Affected:\r\nTomcat 4.1.0 to 4.1.37\r\nTomcat 5.5.0 to 5.5.26\r\nTomcat 6.0.0 to 6.0.16\r\nThe unsupported Tomcat 3.x, 4.0.x and 5.0.x versions may be also affected\r\n\r\nDescription:\r\nWhen using a RequestDispatcher the target path was normalised before the\r\nquery string was removed. A request that included a specially crafted\r\nrequest parameter could be used to access content that would otherwise be\r\nprotected by a security constraint or by locating it in under the WEB-INF\r\ndirectory.\r\n\r\nMitigation:\r\n6.0.x users should upgrade to 6.0.18\r\n5.5.x users should obtain the latest source from svn or apply this patch\r\nwhich will be included from 5.5.27\r\nhttp://svn.apache.org/viewvc?rev=680949&view=rev\r\n4.1.x users should obtain the latest source from svn or apply this patch\r\nwhich will be included from 4.1.38\r\nhttp://svn.apache.org/viewvc?rev=680950&view=rev\r\n\r\nExample:\r\nFor a page that contains:\r\n<%\r\npageContext.forward("/page2.jsp?somepar=someval&par="+request.getParameter("blah"));\r\n%>\r\nan attacker can use:\r\nhttp://host/page.jsp?blah=/../WEB-INF/web.xml\r\n\r\nCredit:\r\nThis issue was discovered by ?Stefano Di Paola of Minded Security Research\r\nLabs.\r\n\r\nReferences:\r\nhttp://tomcat.apache.org/security.html\r\n\r\nMark Thomas\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (MingW32)\r\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org\r\n\r\niEYEARECAAYFAkiTGGkACgkQb7IeiTPGAkNeQACdHk1KQ98Dx45Sc+Hslw/YIBH7\r\n8b4An1WZ30LS34Pxx4Rc+VzqhswLLbZd\r\n=Zbvc\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2008-08-01T00:00:00", "published": "2008-08-01T00:00:00", "id": "SECURITYVULNS:DOC:20275", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20275", "title": "[CVE-2008-2370] Apache Tomcat information disclosure vulnerability", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:34", "bulletinFamily": "software", "cvelist": ["CVE-2008-2370"], "description": "CVE-2008-2370: Apache CouchDB Timing Attack Vulnerability\r\n\r\nSeverity: Important\r\n\r\nVendor:\r\nThe Apache Software Foundation\r\n\r\nVersions Affected:\r\nApache CouchDB 0.8.0 to 0.10.1\r\n\r\nDescription:\r\nApache CouchDB versions prior to version 0.11.0 are vulnerable to\r\ntiming attacks, also known as side-channel information leakage,\r\ndue to using simple break-on-inequality string comparisons when\r\nverifying hashes and passwords.\r\n\r\nMitigation:\r\nAll users should upgrade to CouchDB 0.11.0. Upgrades from the 0.10.x\r\nseries should be seamless. Users on earlier versions should consult\r\n\r\n http://wiki.apache.org/couchdb/Breaking_changes\r\n\r\nExample:\r\nA canonical description of the attack can be found in\r\n\r\n http://codahale.com/a-lesson-in-timing-attacks/\r\n\r\nCredit:\r\nThis issue was discovered by Jason Davies of the Apache CouchDB \r\ndevelopment team.\r\n\r\nReferences:\r\nhttp://couchdb.apache.org/\r\nhttp://couchdb.apache.org/downloads.html\r\nhttp://wiki.apache.org/couchdb/Breaking_changes\r\nhttp://codahale.com/a-lesson-in-timing-attacks/\r\n\r\nJan Lehnardt\r\n--", "edition": 1, "modified": "2010-04-05T00:00:00", "published": "2010-04-05T00:00:00", "id": "SECURITYVULNS:DOC:23524", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:23524", "title": "[SECURITY] CVE-2008-2370: Apache CouchDB Timing Attack Vulnerability", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:09:30", "bulletinFamily": "software", "cvelist": ["CVE-2008-2938", "CVE-2008-2370", "CVE-2008-1232"], "description": "Crossite scripting, information leak.", "edition": 1, "modified": "2009-01-28T00:00:00", "published": "2009-01-28T00:00:00", "id": "SECURITYVULNS:VULN:9193", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9193", "title": "Apache Tomcat multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "f5": [{"lastseen": "2020-04-06T22:39:57", "bulletinFamily": "software", "cvelist": ["CVE-2008-2370"], "description": "", "edition": 1, "modified": "2019-05-08T22:57:00", "published": "2013-03-26T02:52:00", "id": "F5:K9110", "href": "https://support.f5.com/csp/article/K9110", "title": "Apache Tomcat information disclosure vulnerability - CVE-2008-2370", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2016-09-26T17:23:05", "bulletinFamily": "software", "cvelist": ["CVE-2008-2370"], "edition": 1, "description": "Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files through a .. (dot dot) in a request parameter.\n\n**Note**: This issue is considered to be a local vulnerability with low risk, as execution would require the user to already be logged in to the Configuration utility for the BIG-IP LTM, GTM, ASM, PSM, Link Controller, WebAccelerator, and Enterprise Manager products.\n\nInformation about this advisory is available at the following location:\n\n**Note**: This link takes you to a resource outside of AskF5, and it is possible that the information may be removed without our knowledge.\n\n<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370>\n\nF5 Product Development tracked this issue as CR104935 and it was fixed in BIG-IP 10.1.0 and Enterprise Manager 2.0.0. For information about upgrading, refer to the BIG-IP LTM, GTM, ASM, PSM, SAM, Link Controller, WebAccelerator, or Enterprise Manager release notes.\n\nF5 Product Development tracked this issue as ID 31455 for ARX and it was fixed in ARX 5.2.0. For information about upgrading, refer to the ARX release notes.\n", "modified": "2013-03-25T00:00:00", "published": "2008-09-01T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/9000/100/sol9110.html", "id": "SOL9110", "title": "SOL9110 - Apache Tomcat information disclosure vulnerability - CVE-2008-2370", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2020-04-06T22:40:44", "bulletinFamily": "software", "cvelist": ["CVE-2018-1324", "CVE-2018-1294", "CVE-2018-1286", "CVE-2018-1316", "CVE-2008-2370", "CVE-2018-1319"], "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability, and no F5 products were found to be vulnerable.\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "edition": 1, "modified": "2018-09-04T18:01:00", "published": "2018-09-04T18:01:00", "id": "F5:K67352212", "href": "https://support.f5.com/csp/article/K67352212", "title": "Apache vulnerabilities CVE-2018-1286, CVE-2018-1294, CVE-2018-1316, CVE-2018-1319, and CVE-2018-1324", "type": "f5", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}], "exploitdb": [{"lastseen": "2016-02-03T16:15:59", "description": "Apache Tomcat 6.0.16 'RequestDispatcher' Information Disclosure Vulnerability. CVE-2008-2370. Remote exploits for multiple platform", "published": "2008-08-01T00:00:00", "type": "exploitdb", "title": "Apache Tomcat <= 6.0.16 - 'RequestDispatcher' Information Disclosure Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-2370"], "modified": "2008-08-01T00:00:00", "id": "EDB-ID:32137", "href": "https://www.exploit-db.com/exploits/32137/", "sourceData": "source: http://www.securityfocus.com/bid/30494/info\r\n\r\nApache Tomcat is prone to a remote information-disclosure vulnerability.\r\n\r\nRemote attackers can exploit this issue to obtain the contents of sensitive files stored on the server. Information obtained may lead to further attacks.\r\n\r\nThe following versions are affected:\r\n\r\nTomcat 4.1.0 through 4.1.37\r\nTomcat 5.5.0 through 5.5.26\r\nTomcat 6.0.0 through 6.0.16\r\n\r\nTomcat 3.x, 4.0.x, and 5.0.x may also be affected.\r\n\r\nhttp://www.example.com/page.jsp?blah=/../WEB-INF/web.xml ", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/32137/"}], "openvas": [{"lastseen": "2019-05-29T18:40:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2370", "CVE-2008-1232"], "description": "This host is running Apache Tomcat web server, which is prone to\n cross site scripting and security bypass vulnerabilities.", "modified": "2019-05-10T00:00:00", "published": "2008-08-07T00:00:00", "id": "OPENVAS:1361412562310900021", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310900021", "type": "openvas", "title": "Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# Description: Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2008 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n##############################################################################\n\nCPE = \"cpe:/a:apache:tomcat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.900021\");\n script_version(\"2019-05-10T11:41:35+0000\");\n script_tag(name:\"last_modification\", value:\"2019-05-10 11:41:35 +0000 (Fri, 10 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2008-08-07 17:25:16 +0200 (Thu, 07 Aug 2008)\");\n script_bugtraq_id(30494, 30496);\n script_cve_id(\"CVE-2008-1232\", \"CVE-2008-2370\");\n script_copyright(\"Copyright (C) 2008 SecPod\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web Servers\");\n script_dependencies(\"gb_apache_tomcat_consolidation.nasl\");\n script_mandatory_keys(\"apache/tomcat/detected\");\n\n script_name(\"Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/31379/\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/31381/\");\n\n script_tag(name:\"summary\", value:\"This host is running Apache Tomcat web server, which is prone to\n cross site scripting and security bypass vulnerabilities.\");\n\n script_tag(name:\"insight\", value:\"The flaws are due to,\n\n - input validation error in the method HttpServletResponse.sendError() which\n fails to properly sanitise before being returned to the user in the HTTP Reason-Phrase.\n\n - the application fails to normalize the target path before removing\n the query string when using a RequestDispatcher.\");\n\n script_tag(name:\"affected\", value:\"Apache Tomcat 4.1.0 - 4.1.37, 5.5.0 - 5.5.26, and 6.0.0 - 6.0.16.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to a later version of 4.x, 5.x, or 6.x series.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation could cause execution of arbitrary\n HTML code, script code, and information disclosure.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(isnull(appPort = get_app_port(cpe:CPE)))\n exit(0);\n\nif(!infos = get_app_version_and_location(cpe:CPE, port:appPort, exit_no_version:TRUE))\n exit(0);\n\nappVer = infos[\"version\"];\npath = infos[\"location\"];\n\nif(appVer =~ \"^4\\.1\")\n{\n if(version_in_range(version:appVer, test_version:\"4.1.0\", test_version2:\"4.1.37\"))\n {\n fix = \"4.1.38\";\n VULN = TRUE;\n }\n}\n\nif(appVer =~ \"^5\\.5\")\n{\n if(version_in_range(version:appVer, test_version:\"5.5.0\", test_version2:\"5.5.26\"))\n {\n fix = \"5.5.27\";\n VULN = TRUE;\n }\n}\n\nif(appVer =~ \"^6\\.0\")\n{\n if(version_in_range(version:appVer, test_version:\"6.0.0\", test_version2:\"6.0.16\"))\n {\n fix = \"6.0.17\";\n VULN = TRUE;\n }\n}\n\nif(VULN)\n{\n\n report = report_fixed_ver(installed_version:appVer, fixed_version:fix, install_path:path);\n security_message(data:report, port:appPort);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2017-07-25T10:56:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-1947", "CVE-2008-2938", "CVE-2008-2370", "CVE-2008-1232"], "description": "Check for the Version of tomcat6", "modified": "2017-07-10T00:00:00", "published": "2009-02-17T00:00:00", "id": "OPENVAS:860391", "href": "http://plugins.openvas.org/nasl.php?oid=860391", "type": "openvas", "title": "Fedora Update for tomcat6 FEDORA-2008-7977", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tomcat6 FEDORA-2008-7977\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Tomcat is the servlet container that is used in the official Reference\n Implementation for the Java Servlet and JavaServer Pages technologies.\n The Java Servlet and JavaServer Pages specifications are developed by\n Sun under the Java Community Process.\n\n Tomcat is developed in an open and participatory environment and\n released under the Apache Software License version 2.0. Tomcat is intended\n to be a collaboration of the best-of-breed developers from around the world.\";\n\ntag_affected = \"tomcat6 on Fedora 9\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html\");\n script_id(860391);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 17:03:12 +0100 (Tue, 17 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2008-7977\");\n script_cve_id(\"CVE-2008-1232\", \"CVE-2008-1947\", \"CVE-2008-2370\", \"CVE-2008-2938\");\n script_name( \"Fedora Update for tomcat6 FEDORA-2008-7977\");\n\n script_summary(\"Check for the Version of tomcat6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC9\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.18~1.1.fc9\", rls:\"FC9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2020-03-14T19:00:43", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-1947", "CVE-2008-2938", "CVE-2008-2370", "CVE-2008-1232"], "description": "Oracle Linux Local Security Checks ELSA-2008-0648", "modified": "2020-03-13T00:00:00", "published": "2015-10-08T00:00:00", "id": "OPENVAS:1361412562310122558", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122558", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2008-0648", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122558\");\n script_version(\"2020-03-13T10:06:41+0000\");\n script_tag(name:\"creation_date\", value:\"2015-10-08 14:47:58 +0300 (Thu, 08 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 10:06:41 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Oracle Linux Local Check: ELSA-2008-0648\");\n script_tag(name:\"insight\", value:\"ELSA-2008-0648 - tomcat security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2008-0648\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2008-0648.html\");\n script_cve_id(\"CVE-2008-1232\", \"CVE-2008-1947\", \"CVE-2008-2370\", \"CVE-2008-2938\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.23~0jpp.7.el5_2.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.23~0jpp.7.el5_2.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.23~0jpp.7.el5_2.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.23~0jpp.7.el5_2.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.23~0jpp.7.el5_2.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.23~0jpp.7.el5_2.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.23~0jpp.7.el5_2.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.23~0jpp.7.el5_2.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.23~0jpp.7.el5_2.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.23~0jpp.7.el5_2.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.23~0jpp.7.el5_2.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2017-07-25T10:56:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-1947", "CVE-2008-2938", "CVE-2008-2370", "CVE-2008-1232"], "description": "Check for the Version of tomcat5", "modified": "2017-07-10T00:00:00", "published": "2009-02-17T00:00:00", "id": "OPENVAS:860209", "href": "http://plugins.openvas.org/nasl.php?oid=860209", "type": "openvas", "title": "Fedora Update for tomcat5 FEDORA-2008-8113", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tomcat5 FEDORA-2008-8113\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Tomcat is the servlet container that is used in the official Reference\n Implementation for the Java Servlet and JavaServer Pages technologies.\n The Java Servlet and JavaServer Pages specifications are developed by\n Sun under the Java Community Process.\n\n Tomcat is developed in an open and participatory environment and\n released under the Apache Software License. Tomcat is intended to be\n a collaboration of the best-of-breed developers from around the world.\n We invite you to participate in this open development project. To\n learn more about getting involved, click here.\";\n\ntag_affected = \"tomcat5 on Fedora 9\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html\");\n script_id(860209);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 17:05:11 +0100 (Tue, 17 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2008-8113\");\n script_cve_id(\"CVE-2008-1232\", \"CVE-2008-1947\", \"CVE-2008-2370\", \"CVE-2008-2938\");\n script_name( \"Fedora Update for tomcat5 FEDORA-2008-8113\");\n\n script_summary(\"Check for the Version of tomcat5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC9\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.27~0jpp.2.fc9\", rls:\"FC9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-27T10:56:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-1947", "CVE-2008-2938", "CVE-2008-2370", "CVE-2008-1232"], "description": "Check for the Version of tomcat", "modified": "2017-07-12T00:00:00", "published": "2009-03-06T00:00:00", "id": "OPENVAS:870028", "href": "http://plugins.openvas.org/nasl.php?oid=870028", "type": "openvas", "title": "RedHat Update for tomcat RHSA-2008:0648-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for tomcat RHSA-2008:0648-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Apache Tomcat is a servlet container for the Java Servlet and JavaServer\n Pages (JSP) technologies.\n\n A cross-site scripting vulnerability was discovered in the\n HttpServletResponse.sendError() method. A remote attacker could inject\n arbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232)\n\n An additional cross-site scripting vulnerability was discovered in the host\n manager application. A remote attacker could inject arbitrary web script or\n HTML via the hostname parameter. (CVE-2008-1947)\n\n A traversal vulnerability was discovered when using a RequestDispatcher\n in combination with a servlet or JSP. A remote attacker could utilize a\n specially-crafted request parameter to access protected web resources.\n (CVE-2008-2370)\n\n An additional traversal vulnerability was discovered when the\n "allowLinking" and "URIencoding" settings were activated. A remote attacker\n could use a UTF-8-encoded request to extend their privileges and obtain\n local files accessible to the Tomcat process. (CVE-2008-2938)\n\n Users of tomcat should upgrade to these updated packages, which contain\n backported patches to resolve these issues.\";\n\ntag_affected = \"tomcat on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-August/msg00020.html\");\n script_id(870028);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"RHSA\", value: \"2008:0648-01\");\n script_cve_id(\"CVE-2008-1232\", \"CVE-2008-1947\", \"CVE-2008-2370\", \"CVE-2008-2938\");\n script_name( \"RedHat Update for tomcat RHSA-2008:0648-01\");\n\n script_summary(\"Check for the Version of tomcat\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.23~0jpp.7.el5_2.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.23~0jpp.7.el5_2.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.23~0jpp.7.el5_2.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-debuginfo\", rpm:\"tomcat5-debuginfo~5.5.23~0jpp.7.el5_2.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.23~0jpp.7.el5_2.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.23~0jpp.7.el5_2.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.23~0jpp.7.el5_2.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.23~0jpp.7.el5_2.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.23~0jpp.7.el5_2.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.23~0jpp.7.el5_2.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.23~0jpp.7.el5_2.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.23~0jpp.7.el5_2.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-04-09T11:40:43", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-1947", "CVE-2008-2938", "CVE-2008-2370", "CVE-2008-1232"], "description": "Check for the Version of tomcat", "modified": "2018-04-06T00:00:00", "published": "2009-03-06T00:00:00", "id": "OPENVAS:1361412562310870028", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870028", "type": "openvas", "title": "RedHat Update for tomcat RHSA-2008:0648-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for tomcat RHSA-2008:0648-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Apache Tomcat is a servlet container for the Java Servlet and JavaServer\n Pages (JSP) technologies.\n\n A cross-site scripting vulnerability was discovered in the\n HttpServletResponse.sendError() method. A remote attacker could inject\n arbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232)\n\n An additional cross-site scripting vulnerability was discovered in the host\n manager application. A remote attacker could inject arbitrary web script or\n HTML via the hostname parameter. (CVE-2008-1947)\n\n A traversal vulnerability was discovered when using a RequestDispatcher\n in combination with a servlet or JSP. A remote attacker could utilize a\n specially-crafted request parameter to access protected web resources.\n (CVE-2008-2370)\n\n An additional traversal vulnerability was discovered when the\n "allowLinking" and "URIencoding" settings were activated. A remote attacker\n could use a UTF-8-encoded request to extend their privileges and obtain\n local files accessible to the Tomcat process. (CVE-2008-2938)\n\n Users of tomcat should upgrade to these updated packages, which contain\n backported patches to resolve these issues.\";\n\ntag_affected = \"tomcat on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-August/msg00020.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870028\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"RHSA\", value: \"2008:0648-01\");\n script_cve_id(\"CVE-2008-1232\", \"CVE-2008-1947\", \"CVE-2008-2370\", \"CVE-2008-2938\");\n script_name( \"RedHat Update for tomcat RHSA-2008:0648-01\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of tomcat\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.23~0jpp.7.el5_2.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.23~0jpp.7.el5_2.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.23~0jpp.7.el5_2.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-debuginfo\", rpm:\"tomcat5-debuginfo~5.5.23~0jpp.7.el5_2.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.23~0jpp.7.el5_2.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.23~0jpp.7.el5_2.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.23~0jpp.7.el5_2.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.23~0jpp.7.el5_2.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.23~0jpp.7.el5_2.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.23~0jpp.7.el5_2.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.23~0jpp.7.el5_2.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.23~0jpp.7.el5_2.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-24T12:56:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5342", "CVE-2008-1947", "CVE-2008-2938", "CVE-2008-2370", "CVE-2008-1232"], "description": "Check for the Version of tomcat5", "modified": "2017-07-06T00:00:00", "published": "2009-04-09T00:00:00", "id": "OPENVAS:830681", "href": "http://plugins.openvas.org/nasl.php?oid=830681", "type": "openvas", "title": "Mandriva Update for tomcat5 MDVSA-2008:188 (tomcat5)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for tomcat5 MDVSA-2008:188 (tomcat5)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A number of vulnerabilities have been discovered in the Apache\n Tomcat server:\n\n The default catalina.policy in the JULI logging component did not\n restrict certain permissions for web applications which could allow a\n remote attacker to modify logging configuration options and overwrite\n arbitrary files (CVE-2007-5342).\n \n A cross-site scripting vulnerability was found in the\n HttpServletResponse.sendError() method which could allow a remote\n attacker to inject arbitrary web script or HTML via forged HTTP headers\n (CVE-2008-1232).\n \n A cross-site scripting vulnerability was found in the host manager\n application that could allow a remote attacker to inject arbitrary\n web script or HTML via the hostname parameter (CVE-2008-1947).\n \n A traversal vulnerability was found when using a RequestDispatcher in\n combination with a servlet or JSP that could allow a remote attacker\n to utilize a specially-crafted request parameter to access protected\n web resources (CVE-2008-2370).\n \n A traversal vulnerability was found when the 'allowLinking' and\n 'URIencoding' settings were activated which could allow a remote attacker\n to use a UTF-8-encoded request to extend their privileges and obtain\n local files accessible to the Tomcat process (CVE-2008-2938).\n \n The updated packages have been patched to correct these issues.\";\n\ntag_affected = \"tomcat5 on Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64,\n Mandriva Linux 2008.1,\n Mandriva Linux 2008.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-09/msg00005.php\");\n script_id(830681);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:26:37 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_xref(name: \"MDVSA\", value: \"2008:188\");\n script_cve_id(\"CVE-2007-5342\", \"CVE-2008-1232\", \"CVE-2008-1947\", \"CVE-2008-2370\", \"CVE-2008-2938\");\n script_name( \"Mandriva Update for tomcat5 MDVSA-2008:188 (tomcat5)\");\n\n script_summary(\"Check for the Version of tomcat5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.23~9.2.10.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.23~9.2.10.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.23~9.2.10.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.23~9.2.10.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.23~9.2.10.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp\", rpm:\"tomcat5-jsp~2.0~api~5.5.23~9.2.10.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp\", rpm:\"tomcat5-jsp~2.0~api~javadoc~5.5.23~9.2.10.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.23~9.2.10.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet\", rpm:\"tomcat5-servlet~2.4~api~5.5.23~9.2.10.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet\", rpm:\"tomcat5-servlet~2.4~api~javadoc~5.5.23~9.2.10.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.23~9.2.10.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.25~1.2.1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.25~1.2.1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.25~1.2.1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.25~1.2.1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-eclipse\", rpm:\"tomcat5-jasper-eclipse~5.5.25~1.2.1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.25~1.2.1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp\", rpm:\"tomcat5-jsp~2.0~api~5.5.25~1.2.1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp\", rpm:\"tomcat5-jsp~2.0~api~javadoc~5.5.25~1.2.1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.25~1.2.1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet\", rpm:\"tomcat5-servlet~2.4~api~5.5.25~1.2.1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet\", rpm:\"tomcat5-servlet~2.4~api~javadoc~5.5.25~1.2.1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.25~1.2.1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-04-09T11:39:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5342", "CVE-2008-1947", "CVE-2008-2938", "CVE-2008-2370", "CVE-2008-1232"], "description": "Check for the Version of tomcat5", "modified": "2018-04-06T00:00:00", "published": "2009-04-09T00:00:00", "id": "OPENVAS:1361412562310830681", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830681", "type": "openvas", "title": "Mandriva Update for tomcat5 MDVSA-2008:188 (tomcat5)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for tomcat5 MDVSA-2008:188 (tomcat5)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A number of vulnerabilities have been discovered in the Apache\n Tomcat server:\n\n The default catalina.policy in the JULI logging component did not\n restrict certain permissions for web applications which could allow a\n remote attacker to modify logging configuration options and overwrite\n arbitrary files (CVE-2007-5342).\n \n A cross-site scripting vulnerability was found in the\n HttpServletResponse.sendError() method which could allow a remote\n attacker to inject arbitrary web script or HTML via forged HTTP headers\n (CVE-2008-1232).\n \n A cross-site scripting vulnerability was found in the host manager\n application that could allow a remote attacker to inject arbitrary\n web script or HTML via the hostname parameter (CVE-2008-1947).\n \n A traversal vulnerability was found when using a RequestDispatcher in\n combination with a servlet or JSP that could allow a remote attacker\n to utilize a specially-crafted request parameter to access protected\n web resources (CVE-2008-2370).\n \n A traversal vulnerability was found when the 'allowLinking' and\n 'URIencoding' settings were activated which could allow a remote attacker\n to use a UTF-8-encoded request to extend their privileges and obtain\n local files accessible to the Tomcat process (CVE-2008-2938).\n \n The updated packages have been patched to correct these issues.\";\n\ntag_affected = \"tomcat5 on Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64,\n Mandriva Linux 2008.1,\n Mandriva Linux 2008.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-09/msg00005.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830681\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:26:37 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_xref(name: \"MDVSA\", value: \"2008:188\");\n script_cve_id(\"CVE-2007-5342\", \"CVE-2008-1232\", \"CVE-2008-1947\", \"CVE-2008-2370\", \"CVE-2008-2938\");\n script_name( \"Mandriva Update for tomcat5 MDVSA-2008:188 (tomcat5)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of tomcat5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.23~9.2.10.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.23~9.2.10.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.23~9.2.10.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.23~9.2.10.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.23~9.2.10.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp\", rpm:\"tomcat5-jsp~2.0~api~5.5.23~9.2.10.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp\", rpm:\"tomcat5-jsp~2.0~api~javadoc~5.5.23~9.2.10.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.23~9.2.10.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet\", rpm:\"tomcat5-servlet~2.4~api~5.5.23~9.2.10.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet\", rpm:\"tomcat5-servlet~2.4~api~javadoc~5.5.23~9.2.10.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.23~9.2.10.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.25~1.2.1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.25~1.2.1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.25~1.2.1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.25~1.2.1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-eclipse\", rpm:\"tomcat5-jasper-eclipse~5.5.25~1.2.1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.25~1.2.1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp\", rpm:\"tomcat5-jsp~2.0~api~5.5.25~1.2.1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp\", rpm:\"tomcat5-jsp~2.0~api~javadoc~5.5.25~1.2.1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.25~1.2.1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet\", rpm:\"tomcat5-servlet~2.4~api~5.5.25~1.2.1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet\", rpm:\"tomcat5-servlet~2.4~api~javadoc~5.5.25~1.2.1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.25~1.2.1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-24T12:56:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2939", "CVE-2008-2364", "CVE-2008-3658", "CVE-2008-1947", "CVE-2008-2938", "CVE-2008-2370", "CVE-2008-1232", "CVE-2007-6420"], "description": "Check for the Version of Apache Web Server Suite", "modified": "2017-07-06T00:00:00", "published": "2009-05-05T00:00:00", "id": "OPENVAS:835190", "href": "http://plugins.openvas.org/nasl.php?oid=835190", "type": "openvas", "title": "HP-UX Update for Apache Web Server Suite HPSBUX02401", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for Apache Web Server Suite HPSBUX02401\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Remote Denial of Service (DoS)\n cross-site scripting (XSS)\n execution of arbitrary code\n cross-site request forgery (CSRF)\";\ntag_affected = \"Apache Web Server Suite on\n HP-UX B.11.23 and B.11.31 running Apache-based Web Server v2.2.8.01.01 or \n v2.0.59.07.02 or earlier or Tomcat-based Servelet Engine v5.5.27.01 or \n earlier HP-UX B.11.11 running Apache-based Web Server v2.0.59.07.02 or \n earlier or Tomcat-based Servelet Engine v5.5.27.01 or earlier\";\ntag_insight = \"Potential security vulnerabilities have been identified with HP-UX running \n Apache-based Web Server or Tomcat-based Servelet Engine. The vulnerabilities \n could be exploited remotely to cause a Denial of Service (DoS), cross-site \n scripting (XSS), execution of arbitrary code, or cross-site request forgery \n (CSRF). Apache-based Web Server and Tomcat-based Servelet Engine are \n contained in the Apache Web Server Suite.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01650939-4\");\n script_id(835190);\n script_version(\"$Revision: 6584 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 16:13:23 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 12:14:23 +0200 (Tue, 05 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"HPSBUX\", value: \"02401\");\n script_cve_id(\"CVE-2007-6420\", \"CVE-2008-1232\", \"CVE-2008-1947\", \"CVE-2008-2364\", \"CVE-2008-2370\", \"CVE-2008-2938\", \"CVE-2008-2939\", \"CVE-2008-3658\");\n script_name( \"HP-UX Update for Apache Web Server Suite HPSBUX02401\");\n\n script_summary(\"Check for the Version of Apache Web Server Suite\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.31\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxws22APACHE.APACHE\", revision:\"B.2.2.8.01.02\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxws22APACHE.APACHE2\", revision:\"B.2.2.8.01.02\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxws22TOMCAT.TOMCAT\", revision:\"B.2.2.8.01.02\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.APACHE\", revision:\"B.2.0.59.07.03\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.APACHE2\", revision:\"B.2.0.59.07.03\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsTOMCAT.TOMCAT\", revision:\"B.2.0.59.07.03\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxws22APCH32.APACHE\", revision:\"B.2.2.8.01.02\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxws22APCH32.APACHE2\", revision:\"B.2.2.8.01.02\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxws22TOMCAT.TOMCAT\", revision:\"B.2.2.8.01.02\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.APACHE\", revision:\"B.2.0.59.07.03\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.APACHE2\", revision:\"B.2.0.59.07.03\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsTOMCAT.TOMCAT\", revision:\"B.2.0.59.07.03\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.APACHE\", revision:\"B.2.0.59.07.03\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.APACHE2\", revision:\"B.2.0.59.07.03\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsTOMCAT.TOMCAT\", revision:\"B.2.0.59.07.03\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:39:56", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2939", "CVE-2008-2364", "CVE-2008-3658", "CVE-2008-1947", "CVE-2008-2938", "CVE-2008-2370", "CVE-2008-1232", "CVE-2007-6420"], "description": "Check for the Version of Apache Web Server Suite", "modified": "2018-04-06T00:00:00", "published": "2009-05-05T00:00:00", "id": "OPENVAS:1361412562310835190", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310835190", "type": "openvas", "title": "HP-UX Update for Apache Web Server Suite HPSBUX02401", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for Apache Web Server Suite HPSBUX02401\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Remote Denial of Service (DoS)\n cross-site scripting (XSS)\n execution of arbitrary code\n cross-site request forgery (CSRF)\";\ntag_affected = \"Apache Web Server Suite on\n HP-UX B.11.23 and B.11.31 running Apache-based Web Server v2.2.8.01.01 or \n v2.0.59.07.02 or earlier or Tomcat-based Servelet Engine v5.5.27.01 or \n earlier HP-UX B.11.11 running Apache-based Web Server v2.0.59.07.02 or \n earlier or Tomcat-based Servelet Engine v5.5.27.01 or earlier\";\ntag_insight = \"Potential security vulnerabilities have been identified with HP-UX running \n Apache-based Web Server or Tomcat-based Servelet Engine. The vulnerabilities \n could be exploited remotely to cause a Denial of Service (DoS), cross-site \n scripting (XSS), execution of arbitrary code, or cross-site request forgery \n (CSRF). Apache-based Web Server and Tomcat-based Servelet Engine are \n contained in the Apache Web Server Suite.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01650939-4\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.835190\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 12:14:23 +0200 (Tue, 05 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"HPSBUX\", value: \"02401\");\n script_cve_id(\"CVE-2007-6420\", \"CVE-2008-1232\", \"CVE-2008-1947\", \"CVE-2008-2364\", \"CVE-2008-2370\", \"CVE-2008-2938\", \"CVE-2008-2939\", \"CVE-2008-3658\");\n script_name( \"HP-UX Update for Apache Web Server Suite HPSBUX02401\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of Apache Web Server Suite\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.31\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxws22APACHE.APACHE\", revision:\"B.2.2.8.01.02\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxws22APACHE.APACHE2\", revision:\"B.2.2.8.01.02\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxws22TOMCAT.TOMCAT\", revision:\"B.2.2.8.01.02\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.APACHE\", revision:\"B.2.0.59.07.03\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.APACHE2\", revision:\"B.2.0.59.07.03\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsTOMCAT.TOMCAT\", revision:\"B.2.0.59.07.03\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxws22APCH32.APACHE\", revision:\"B.2.2.8.01.02\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxws22APCH32.APACHE2\", revision:\"B.2.2.8.01.02\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxws22TOMCAT.TOMCAT\", revision:\"B.2.2.8.01.02\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.APACHE\", revision:\"B.2.0.59.07.03\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.APACHE2\", revision:\"B.2.0.59.07.03\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsTOMCAT.TOMCAT\", revision:\"B.2.0.59.07.03\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.APACHE\", revision:\"B.2.0.59.07.03\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.APACHE2\", revision:\"B.2.0.59.07.03\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsTOMCAT.TOMCAT\", revision:\"B.2.0.59.07.03\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2019-12-11T13:32:56", "bulletinFamily": "unix", "cvelist": ["CVE-2008-1232", "CVE-2008-2370", "CVE-2008-2938"], "description": "JBoss Web Server (jbossweb) is an enterprise ready web server designed for\nmedium and large applications, is based on Apache Tomcat, and is embedded\ninto JBoss Application Server. It provides organizations with a single\ndeployment platform for JavaServer Pages (JSP) and Java Servlet\ntechnologies, Microsoft\u00ae .NET, PHP, and CGI.\n\nA traversal vulnerability was discovered when using a RequestDispatcher\nin combination with a servlet or JSP. A remote attacker could utilize a\nspecially-crafted request parameter to access protected web resources.\n(CVE-2008-2370)\n\nAn additional traversal vulnerability was discovered when the\n\"allowLinking\" and \"URIencoding\" settings were activated. A remote attacker\ncould use a UTF-8-encoded request to extend their privileges and obtain\nlocal files accessible to the jbossweb process. (CVE-2008-2938)\n\nUsers of jbossweb should upgrade to this updated package, which contains\nbackported patches to resolve these issues.", "modified": "2016-04-04T18:31:14", "published": "2008-09-22T04:00:00", "id": "RHSA-2008:0877", "href": "https://access.redhat.com/errata/RHSA-2008:0877", "type": "redhat", "title": "(RHSA-2008:0877) Important: jbossweb security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-08-13T18:46:23", "bulletinFamily": "unix", "cvelist": ["CVE-2008-1232", "CVE-2008-1947", "CVE-2008-2370", "CVE-2008-2938"], "description": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nA cross-site scripting vulnerability was discovered in the\nHttpServletResponse.sendError() method. A remote attacker could inject\narbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232)\n\nAn additional cross-site scripting vulnerability was discovered in the host\nmanager application. A remote attacker could inject arbitrary web script or\nHTML via the hostname parameter. (CVE-2008-1947)\n\nA traversal vulnerability was discovered when using a RequestDispatcher\nin combination with a servlet or JSP. A remote attacker could utilize a\nspecially-crafted request parameter to access protected web resources.\n(CVE-2008-2370)\n\nAn additional traversal vulnerability was discovered when the\n\"allowLinking\" and \"URIencoding\" settings were activated. A remote attacker\ncould use a UTF-8-encoded request to extend their privileges and obtain\nlocal files accessible to the Tomcat process. (CVE-2008-2938)\n\nUsers of tomcat should upgrade to these updated packages, which contain\nbackported patches to resolve these issues.", "modified": "2017-09-08T12:11:04", "published": "2008-08-27T04:00:00", "id": "RHSA-2008:0648", "href": "https://access.redhat.com/errata/RHSA-2008:0648", "type": "redhat", "title": "(RHSA-2008:0648) Important: tomcat security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-08-13T18:46:24", "bulletinFamily": "unix", "cvelist": ["CVE-2008-1232", "CVE-2008-1947", "CVE-2008-2370", "CVE-2008-2938"], "description": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nA cross-site scripting vulnerability was discovered in the\nHttpServletResponse.sendError() method. A remote attacker could inject\narbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232)\n\nAn additional cross-site scripting vulnerability was discovered in the host\nmanager application. A remote attacker could inject arbitrary web script or\nHTML via the hostname parameter. (CVE-2008-1947)\n\nA traversal vulnerability was discovered when using a RequestDispatcher\nin combination with a servlet or JSP. A remote attacker could utilize a\nspecially-crafted request parameter to access protected web resources.\n(CVE-2008-2370)\n\nAn additional traversal vulnerability was discovered when the\n\"allowLinking\" and \"URIencoding\" settings were activated. A remote attacker\ncould use a UTF-8-encoded request to extend their privileges and obtain\nlocal files accessible to the Tomcat process. (CVE-2008-2938)\n\nUsers of tomcat should upgrade to these updated packages, which contain\nbackported patches to resolve these issues.", "modified": "2019-03-22T23:44:18", "published": "2008-10-02T04:00:00", "id": "RHSA-2008:0864", "href": "https://access.redhat.com/errata/RHSA-2008:0864", "type": "redhat", "title": "(RHSA-2008:0864) Important: tomcat security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T14:34:45", "bulletinFamily": "unix", "cvelist": ["CVE-2008-1232", "CVE-2008-1947", "CVE-2008-2370", "CVE-2008-2938", "CVE-2008-3271"], "description": "This update corrects several security vulnerabilities in the Tomcat\ncomponent shipped as part of Red Hat Network Satellite Server. In a\ntypical operating environment, Tomcat is not exposed to users\nof Satellite Server in a vulnerable manner. These security updates will\nreduce risk in unique Satellite Server environments.\n\nMultiple flaws were fixed in the Apache Tomcat package. (CVE-2008-1232,\nCVE-2008-1947, CVE-2008-2370, CVE-2008-2938, CVE-2008-3271)\n\nUsers of Red Hat Network Satellite Server 5.0 or 5.1 are advised to update\nto these Tomcat packages which resolve these issues.", "modified": "2019-03-22T23:44:40", "published": "2008-12-08T05:00:00", "id": "RHSA-2008:1007", "href": "https://access.redhat.com/errata/RHSA-2008:1007", "type": "redhat", "title": "(RHSA-2008:1007) Low: tomcat security update for Red Hat Network Satellite Server", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-08-13T18:46:12", "bulletinFamily": "unix", "cvelist": ["CVE-2007-5342", "CVE-2007-5461", "CVE-2008-1232", "CVE-2008-1947", "CVE-2008-2370", "CVE-2008-2938"], "description": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nThe default security policy in the JULI logging component did not restrict\naccess permissions to files. This could be misused by untrusted web\napplications to access and write arbitrary files in the context of the\nTomcat process. (CVE-2007-5342)\n\nA directory traversal vulnerability was discovered in the Apache Tomcat\nwebdav servlet. Under certain configurations, this allowed remote,\nauthenticated users to read files accessible to the local Tomcat process.\n(CVE-2007-5461)\n\nA cross-site scripting vulnerability was discovered in the\nHttpServletResponse.sendError() method. A remote attacker could inject\narbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232)\n\nAn additional cross-site scripting vulnerability was discovered in the host\nmanager application. A remote attacker could inject arbitrary web script or\nHTML via the hostname parameter. (CVE-2008-1947)\n\nA traversal vulnerability was discovered when using a RequestDispatcher\nin combination with a servlet or JSP. A remote attacker could utilize a\nspecially-crafted request parameter to access protected web resources.\n(CVE-2008-2370)\n\nAn additional traversal vulnerability was discovered when the\n\"allowLinking\" and \"URIencoding\" settings were activated. A remote attacker\ncould use a UTF-8-encoded request to extend their privileges and obtain\nlocal files accessible to the Tomcat process. (CVE-2008-2938)\n\nUsers of tomcat should upgrade to these updated packages, which contain\nbackported patches to resolve these issues.", "modified": "2019-03-22T23:44:27", "published": "2008-10-02T04:00:00", "id": "RHSA-2008:0862", "href": "https://access.redhat.com/errata/RHSA-2008:0862", "type": "redhat", "title": "(RHSA-2008:0862) Important: tomcat security update", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}], "nessus": [{"lastseen": "2020-09-14T19:09:27", "description": "According to its self-reported version number, the instance of Apache\nTomcat 4.x listening on the remote host is prior to 4.1.39. It is,\ntherefore, affected by one or more of the following vulnerabilities :\n\n - If the remote Apache Tomcat install is configured to use\n the SingleSignOn Valve, the JSESSIONIDSSO cookie does\n not have the 'secure' attribute set if authentication\n takes place over HTTPS. This allows the JSESSIONIDSSO\n cookie to be sent to the same server when HTTP content\n is requested. (CVE-2008-0128)\n\n - The remote Apache Tomcat install is vulnerable to a\n cross-site scripting attack. Improper input validation\n allows a remote attacker to inject arbitrary script\n code or HTML into the message argument used by the\n HttpServletResponse.sendError method. (CVE-2008-1232)\n\n - If the remote Apache Tomcat install contains pages\n using the RequestDispatcher object, a directory\n traversal attack may be possible. This allows an\n attacker to select one or more of the input parameters\n and provide specific values leading to access of\n potentially sensitive files. (CVE-2008-2370)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.", "edition": 19, "cvss3": {"score": 5.3, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "published": "2010-06-11T00:00:00", "title": "Apache Tomcat 4.x < 4.1.39 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2370", "CVE-2008-0128", "CVE-2008-1232"], "modified": "2010-06-11T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_4_1_39.NASL", "href": "https://www.tenable.com/plugins/nessus/46867", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(46867);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/11\");\n\n script_cve_id(\"CVE-2008-0128\", \"CVE-2008-1232\", \"CVE-2008-2370\");\n script_bugtraq_id(27365, 30496, 30494);\n script_xref(name:\"Secunia\", value:\"28552\");\n script_xref(name:\"Secunia\", value:\"31379\");\n\n script_name(english:\"Apache Tomcat 4.x < 4.1.39 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the Apache Tomcat version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"The remote web server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the instance of Apache\nTomcat 4.x listening on the remote host is prior to 4.1.39. It is,\ntherefore, affected by one or more of the following vulnerabilities :\n\n - If the remote Apache Tomcat install is configured to use\n the SingleSignOn Valve, the JSESSIONIDSSO cookie does\n not have the 'secure' attribute set if authentication\n takes place over HTTPS. This allows the JSESSIONIDSSO\n cookie to be sent to the same server when HTTP content\n is requested. (CVE-2008-0128)\n\n - The remote Apache Tomcat install is vulnerable to a\n cross-site scripting attack. Improper input validation\n allows a remote attacker to inject arbitrary script\n code or HTML into the message argument used by the\n HttpServletResponse.sendError method. (CVE-2008-1232)\n\n - If the remote Apache Tomcat install contains pages\n using the RequestDispatcher object, a directory\n traversal attack may be possible. This allows an\n attacker to select one or more of the input parameters\n and provide specific values leading to access of\n potentially sensitive files. (CVE-2008-2370)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://tomcat.apache.org/security-4.html#Fixed_in_Apache_Tomcat_4.1.39\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Apache Tomcat version 4.1.39 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2008-0128\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(16, 22, 79);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/01/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/06/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n\n exit(0);\n}\n\ninclude(\"tomcat_version.inc\");\n\ntomcat_check_version(fixed:\"4.1.39\", min:\"4.0.0\", severity:SECURITY_WARNING, xss:TRUE, granularity_regex:\"^4(\\.1)?$\");\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-09-14T19:09:28", "description": "According to its self-reported version number, the instance of Apache\nTomcat listening on the remote host is prior to 6.0.18. It is,\ntherefore, affected by multiple vulnerabilities :\n\n - The remote Apache Tomcat installation is affected by a\n cross-site scripting vulnerability in the\n HttpServletResponse.sendError method due to improper\n validation of user-supplied input to the 'message'\n argument. An attacker can exploit this to execute\n arbitrary script code in a user's browser session.\n (CVE-2008-1232)\n\n - A cross-site scripting vulnerability exists in the host\n manager application due to improper validation of\n user-supplied input to the 'hostname' parameter. An\n attacker can exploit this to execute arbitrary script\n code in a user's browser session. (CVE-2008-1947)\n\n - A traversal vulnerability exists when using a\n RequestDispatcher in combination with a servlet or JSP\n that allows a remote attacker to utilize a specially\n crafted request parameter to access protected web\n resources. (CVE-2008-2370)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.", "edition": 18, "cvss3": {"score": 5.3, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "published": "2010-07-01T00:00:00", "title": "Apache Tomcat < 6.0.18 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-1947", "CVE-2008-2370", "CVE-2008-1232"], "modified": "2010-07-01T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_6_0_18.NASL", "href": "https://www.tenable.com/plugins/nessus/47578", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(47578);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/11\");\n\n script_cve_id(\"CVE-2008-1232\", \"CVE-2008-1947\", \"CVE-2008-2370\");\n script_bugtraq_id(30494, 30496);\n script_xref(name:\"Secunia\", value:\"30500\");\n script_xref(name:\"Secunia\", value:\"31379\");\n\n script_name(english:\"Apache Tomcat < 6.0.18 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the Apache Tomcat version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apache Tomcat server is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the instance of Apache\nTomcat listening on the remote host is prior to 6.0.18. It is,\ntherefore, affected by multiple vulnerabilities :\n\n - The remote Apache Tomcat installation is affected by a\n cross-site scripting vulnerability in the\n HttpServletResponse.sendError method due to improper\n validation of user-supplied input to the 'message'\n argument. An attacker can exploit this to execute\n arbitrary script code in a user's browser session.\n (CVE-2008-1232)\n\n - A cross-site scripting vulnerability exists in the host\n manager application due to improper validation of\n user-supplied input to the 'hostname' parameter. An\n attacker can exploit this to execute arbitrary script\n code in a user's browser session. (CVE-2008-1947)\n\n - A traversal vulnerability exists when using a\n RequestDispatcher in combination with a servlet or JSP\n that allows a remote attacker to utilize a specially\n crafted request parameter to access protected web\n resources. (CVE-2008-2370)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.18\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Apache Tomcat version 6.0.18 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2008-1232\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(22, 79);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/06/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n\n exit(0);\n}\n\ninclude(\"tomcat_version.inc\");\n\ntomcat_check_version(fixed:\"6.0.18\", min:\"6.0.0\", severity:SECURITY_WARNING, xss:TRUE, granularity_regex:\"^6(\\.0)?$\");\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-07T15:19:58", "description": "a. Update for VirtualCenter and ESX patch update Apache Tomcat version\n to 5.5.27\n\n Update for VirtualCenter and ESX patch update the Tomcat package to\n version 5.5.27 which addresses multiple security issues that existed\n in the previous version of Apache Tomcat.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2008-1232, CVE-2008-1947 and\n CVE-2008-2370 to these issues.", "edition": 25, "published": "2009-10-19T00:00:00", "title": "VMSA-2009-0002 : VirtualCenter Update 4 and ESX patch update Tomcat to version 5.5.27", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-1947", "CVE-2008-2370", "CVE-2008-1232"], "modified": "2009-10-19T00:00:00", "cpe": ["cpe:/o:vmware:esx:3.5"], "id": "VMWARE_VMSA-2009-0002.NASL", "href": "https://www.tenable.com/plugins/nessus/42178", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from VMware Security Advisory 2009-0002. \n# The text itself is copyright (C) VMware Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(42178);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-1232\", \"CVE-2008-1947\", \"CVE-2008-2370\");\n script_bugtraq_id(29502, 30494, 30496);\n script_xref(name:\"VMSA\", value:\"2009-0002\");\n\n script_name(english:\"VMSA-2009-0002 : VirtualCenter Update 4 and ESX patch update Tomcat to version 5.5.27\");\n script_summary(english:\"Checks esxupdate output for the patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote VMware ESX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"a. Update for VirtualCenter and ESX patch update Apache Tomcat version\n to 5.5.27\n\n Update for VirtualCenter and ESX patch update the Tomcat package to\n version 5.5.27 which addresses multiple security issues that existed\n in the previous version of Apache Tomcat.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2008-1232, CVE-2008-1947 and\n CVE-2008-2370 to these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.vmware.com/pipermail/security-announce/2009/000072.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply the missing patch.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(22, 79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:3.5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/02/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/10/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"VMware ESX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/VMware/release\", \"Host/VMware/version\");\n script_require_ports(\"Host/VMware/esxupdate\", \"Host/VMware/esxcli_software_vibs\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"vmware_esx_packages.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/VMware/release\")) audit(AUDIT_OS_NOT, \"VMware ESX / ESXi\");\nif (\n !get_kb_item(\"Host/VMware/esxcli_software_vibs\") &&\n !get_kb_item(\"Host/VMware/esxupdate\")\n) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ninit_esx_check(date:\"2009-02-23\");\nflag = 0;\n\n\nif (\n esx_check(\n ver : \"ESX 3.5.0\",\n patch : \"ESX350-200910403-SG\",\n patch_updates : make_list(\"ESX350-201003403-SG\", \"ESX350-201203401-SG\", \"ESX350-Update05\", \"ESX350-Update05a\")\n )\n) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:esx_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-17T13:06:16", "description": "An updated jbossweb package that fixes various security issues is now\navailable for JBoss Enterprise Application Platform (JBoss EAP) 4.2\nand 4.3.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nJBoss Web Server (jbossweb) is an enterprise ready web server designed\nfor medium and large applications, is based on Apache Tomcat, and is\nembedded into JBoss Application Server. It provides organizations with\na single deployment platform for JavaServer Pages (JSP) and Java\nServlet technologies, Microsoft(r) .NET, PHP, and CGI.\n\nA traversal vulnerability was discovered when using a\nRequestDispatcher in combination with a servlet or JSP. A remote\nattacker could utilize a specially crafted request parameter to access\nprotected web resources. (CVE-2008-2370)\n\nAn additional traversal vulnerability was discovered when the\n'allowLinking' and 'URIencoding' settings were activated. A remote\nattacker could use a UTF-8-encoded request to extend their privileges\nand obtain local files accessible to the jbossweb process.\n(CVE-2008-2938)\n\nUsers of jbossweb should upgrade to this updated package, which\ncontains backported patches to resolve these issues.", "edition": 31, "published": "2013-01-24T00:00:00", "title": "RHEL 4 / 5 : jbossweb (RHSA-2008:0877)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2938", "CVE-2008-2370", "CVE-2008-1232"], "modified": "2013-01-24T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:jbossweb"], "id": "REDHAT-RHSA-2008-0877.NASL", "href": "https://www.tenable.com/plugins/nessus/63868", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0877. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63868);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-1232\", \"CVE-2008-2370\", \"CVE-2008-2938\");\n script_bugtraq_id(30494, 30633);\n script_xref(name:\"RHSA\", value:\"2008:0877\");\n\n script_name(english:\"RHEL 4 / 5 : jbossweb (RHSA-2008:0877)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated jbossweb package that fixes various security issues is now\navailable for JBoss Enterprise Application Platform (JBoss EAP) 4.2\nand 4.3.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nJBoss Web Server (jbossweb) is an enterprise ready web server designed\nfor medium and large applications, is based on Apache Tomcat, and is\nembedded into JBoss Application Server. It provides organizations with\na single deployment platform for JavaServer Pages (JSP) and Java\nServlet technologies, Microsoft(r) .NET, PHP, and CGI.\n\nA traversal vulnerability was discovered when using a\nRequestDispatcher in combination with a servlet or JSP. A remote\nattacker could utilize a specially crafted request parameter to access\nprotected web resources. (CVE-2008-2370)\n\nAn additional traversal vulnerability was discovered when the\n'allowLinking' and 'URIencoding' settings were activated. A remote\nattacker could use a UTF-8-encoded request to extend their privileges\nand obtain local files accessible to the jbossweb process.\n(CVE-2008-2938)\n\nUsers of jbossweb should upgrade to this updated package, which\ncontains backported patches to resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-1232\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2370\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2938\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2008:0877\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected jbossweb package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Apache Tomcat File Disclosure\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(22, 79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/08/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/09/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:0877\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"jbossweb-2.0.0-5.CP07.0jpp.ep1.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"jbossweb-2.0.0-5.CP07.0jpp.ep1.1.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"jbossweb\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-12T10:06:40", "description": "This release fixes several security-related issues. In addition, this\nrelease fixes several user-reported problems related to the startup\nscripts and file layout.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 28, "published": "2008-09-12T00:00:00", "title": "Fedora 9 : tomcat6-6.0.18-1.1.fc9 (2008-7977)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-1947", "CVE-2008-2938", "CVE-2008-2370", "CVE-2008-1232"], "modified": "2008-09-12T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:tomcat6", "cpe:/o:fedoraproject:fedora:9"], "id": "FEDORA_2008-7977.NASL", "href": "https://www.tenable.com/plugins/nessus/34185", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-7977.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(34185);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-1232\", \"CVE-2008-1947\", \"CVE-2008-2370\", \"CVE-2008-2938\");\n script_bugtraq_id(29502, 30494, 30496, 30633);\n script_xref(name:\"FEDORA\", value:\"2008-7977\");\n\n script_name(english:\"Fedora 9 : tomcat6-6.0.18-1.1.fc9 (2008-7977)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This release fixes several security-related issues. In addition, this\nrelease fixes several user-reported problems related to the startup\nscripts and file layout.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=446393\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=456120\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=457597\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=457934\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-September/014243.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a1b6d4c0\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat6 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Apache Tomcat File Disclosure\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(22, 79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:9\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/06/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/09/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/09/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 9.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC9\", reference:\"tomcat6-6.0.18-1.1.fc9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-12T10:06:40", "description": " - Mon Sep 15 2008 David Walluck <dwalluck at redhat.com>\n 0:5.5.27-0jpp.2\n\n - add commons-io symlink\n\n - Mon Sep 15 2008 David Walluck <dwalluck at redhat.com>\n 0:5.5.27-0jpp.1\n\n - 5.5.27 Resolves: rhbz#456120 Resolves: rhbz#457934\n Resolves: rhbz#446393 Resolves: rhbz#457597\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 28, "published": "2008-09-17T00:00:00", "title": "Fedora 9 : tomcat5-5.5.27-0jpp.2.fc9 (2008-8113)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-1947", "CVE-2008-2938", "CVE-2008-2370", "CVE-2008-1232"], "modified": "2008-09-17T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:tomcat5", "cpe:/o:fedoraproject:fedora:9"], "id": "FEDORA_2008-8113.NASL", "href": "https://www.tenable.com/plugins/nessus/34226", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-8113.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(34226);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-1232\", \"CVE-2008-1947\", \"CVE-2008-2370\", \"CVE-2008-2938\");\n script_bugtraq_id(29502, 30494, 30496, 30633);\n script_xref(name:\"FEDORA\", value:\"2008-8113\");\n\n script_name(english:\"Fedora 9 : tomcat5-5.5.27-0jpp.2.fc9 (2008-8113)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Mon Sep 15 2008 David Walluck <dwalluck at redhat.com>\n 0:5.5.27-0jpp.2\n\n - add commons-io symlink\n\n - Mon Sep 15 2008 David Walluck <dwalluck at redhat.com>\n 0:5.5.27-0jpp.1\n\n - 5.5.27 Resolves: rhbz#456120 Resolves: rhbz#457934\n Resolves: rhbz#446393 Resolves: rhbz#457597\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=446393\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=456120\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=457597\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=457934\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-September/014390.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?776be90a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat5 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Apache Tomcat File Disclosure\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(22, 79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:9\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/06/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/09/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/09/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 9.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC9\", reference:\"tomcat5-5.5.27-0jpp.2.fc9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat5\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-17T13:06:15", "description": "Updated tomcat packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nA cross-site scripting vulnerability was discovered in the\nHttpServletResponse.sendError() method. A remote attacker could inject\narbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232)\n\nAn additional cross-site scripting vulnerability was discovered in the\nhost manager application. A remote attacker could inject arbitrary web\nscript or HTML via the hostname parameter. (CVE-2008-1947)\n\nA traversal vulnerability was discovered when using a\nRequestDispatcher in combination with a servlet or JSP. A remote\nattacker could utilize a specially crafted request parameter to access\nprotected web resources. (CVE-2008-2370)\n\nAn additional traversal vulnerability was discovered when the\n'allowLinking' and 'URIencoding' settings were activated. A remote\nattacker could use a UTF-8-encoded request to extend their privileges\nand obtain local files accessible to the Tomcat process.\n(CVE-2008-2938)\n\nUsers of tomcat should upgrade to these updated packages, which\ncontain backported patches to resolve these issues.", "edition": 31, "published": "2008-08-28T00:00:00", "title": "RHEL 5 : tomcat (RHSA-2008:0648)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-1947", "CVE-2008-2938", "CVE-2008-2370", "CVE-2008-1232"], "modified": "2008-08-28T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:tomcat5-jsp-2.0-api-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat5-servlet-2.4-api-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat5-server-lib", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:tomcat5-common-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat5-jasper-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat5-jsp-2.0-api", "cpe:/o:redhat:enterprise_linux:5.2", "p-cpe:/a:redhat:enterprise_linux:tomcat5", "p-cpe:/a:redhat:enterprise_linux:tomcat5-jasper", "p-cpe:/a:redhat:enterprise_linux:tomcat5-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat5-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat5-servlet-2.4-api"], "id": "REDHAT-RHSA-2008-0648.NASL", "href": "https://www.tenable.com/plugins/nessus/34057", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0648. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(34057);\n script_version(\"1.33\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-1232\", \"CVE-2008-1947\", \"CVE-2008-2370\", \"CVE-2008-2938\");\n script_bugtraq_id(29502, 30494, 30496, 30633);\n script_xref(name:\"RHSA\", value:\"2008:0648\");\n\n script_name(english:\"RHEL 5 : tomcat (RHSA-2008:0648)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated tomcat packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nA cross-site scripting vulnerability was discovered in the\nHttpServletResponse.sendError() method. A remote attacker could inject\narbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232)\n\nAn additional cross-site scripting vulnerability was discovered in the\nhost manager application. A remote attacker could inject arbitrary web\nscript or HTML via the hostname parameter. (CVE-2008-1947)\n\nA traversal vulnerability was discovered when using a\nRequestDispatcher in combination with a servlet or JSP. A remote\nattacker could utilize a specially crafted request parameter to access\nprotected web resources. (CVE-2008-2370)\n\nAn additional traversal vulnerability was discovered when the\n'allowLinking' and 'URIencoding' settings were activated. A remote\nattacker could use a UTF-8-encoded request to extend their privileges\nand obtain local files accessible to the Tomcat process.\n(CVE-2008-2938)\n\nUsers of tomcat should upgrade to these updated packages, which\ncontain backported patches to resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-1232\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-1947\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2370\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2938\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2008:0648\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Apache Tomcat File Disclosure\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(22, 79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-common-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-jasper-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-jsp-2.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-jsp-2.0-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-server-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-servlet-2.4-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-servlet-2.4-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/06/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/08/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/08/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:0648\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-5.5.23-0jpp.7.el5_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-5.5.23-0jpp.7.el5_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-5.5.23-0jpp.7.el5_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.7.el5_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.7.el5_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.7.el5_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-common-lib-5.5.23-0jpp.7.el5_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-common-lib-5.5.23-0jpp.7.el5_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-common-lib-5.5.23-0jpp.7.el5_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-jasper-5.5.23-0jpp.7.el5_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-jasper-5.5.23-0jpp.7.el5_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-jasper-5.5.23-0jpp.7.el5_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.7.el5_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.7.el5_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.7.el5_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.7.el5_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.7.el5_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.7.el5_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.7.el5_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.7.el5_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.7.el5_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-server-lib-5.5.23-0jpp.7.el5_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-server-lib-5.5.23-0jpp.7.el5_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-server-lib-5.5.23-0jpp.7.el5_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.7.el5_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.7.el5_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.7.el5_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.7.el5_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.7.el5_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.7.el5_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-webapps-5.5.23-0jpp.7.el5_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-webapps-5.5.23-0jpp.7.el5_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-webapps-5.5.23-0jpp.7.el5_2.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat5 / tomcat5-admin-webapps / tomcat5-common-lib / etc\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-17T12:44:13", "description": "From Red Hat Security Advisory 2008:0648 :\n\nUpdated tomcat packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nA cross-site scripting vulnerability was discovered in the\nHttpServletResponse.sendError() method. A remote attacker could inject\narbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232)\n\nAn additional cross-site scripting vulnerability was discovered in the\nhost manager application. A remote attacker could inject arbitrary web\nscript or HTML via the hostname parameter. (CVE-2008-1947)\n\nA traversal vulnerability was discovered when using a\nRequestDispatcher in combination with a servlet or JSP. A remote\nattacker could utilize a specially crafted request parameter to access\nprotected web resources. (CVE-2008-2370)\n\nAn additional traversal vulnerability was discovered when the\n'allowLinking' and 'URIencoding' settings were activated. A remote\nattacker could use a UTF-8-encoded request to extend their privileges\nand obtain local files accessible to the Tomcat process.\n(CVE-2008-2938)\n\nUsers of tomcat should upgrade to these updated packages, which\ncontain backported patches to resolve these issues.", "edition": 29, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 5 : tomcat (ELSA-2008-0648)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-1947", "CVE-2008-2938", "CVE-2008-2370", "CVE-2008-1232"], "modified": "2013-07-12T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:tomcat5-jasper", "p-cpe:/a:oracle:linux:tomcat5-jsp-2.0-api-javadoc", "p-cpe:/a:oracle:linux:tomcat5-servlet-2.4-api", "p-cpe:/a:oracle:linux:tomcat5", "p-cpe:/a:oracle:linux:tomcat5-jasper-javadoc", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:tomcat5-admin-webapps", "p-cpe:/a:oracle:linux:tomcat5-servlet-2.4-api-javadoc", "p-cpe:/a:oracle:linux:tomcat5-server-lib", "p-cpe:/a:oracle:linux:tomcat5-webapps", "p-cpe:/a:oracle:linux:tomcat5-common-lib", "p-cpe:/a:oracle:linux:tomcat5-jsp-2.0-api"], "id": "ORACLELINUX_ELSA-2008-0648.NASL", "href": "https://www.tenable.com/plugins/nessus/67733", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2008:0648 and \n# Oracle Linux Security Advisory ELSA-2008-0648 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67733);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-1232\", \"CVE-2008-1947\", \"CVE-2008-2370\", \"CVE-2008-2938\");\n script_bugtraq_id(29502, 30494, 30496, 30633);\n script_xref(name:\"RHSA\", value:\"2008:0648\");\n\n script_name(english:\"Oracle Linux 5 : tomcat (ELSA-2008-0648)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2008:0648 :\n\nUpdated tomcat packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nA cross-site scripting vulnerability was discovered in the\nHttpServletResponse.sendError() method. A remote attacker could inject\narbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232)\n\nAn additional cross-site scripting vulnerability was discovered in the\nhost manager application. A remote attacker could inject arbitrary web\nscript or HTML via the hostname parameter. (CVE-2008-1947)\n\nA traversal vulnerability was discovered when using a\nRequestDispatcher in combination with a servlet or JSP. A remote\nattacker could utilize a specially crafted request parameter to access\nprotected web resources. (CVE-2008-2370)\n\nAn additional traversal vulnerability was discovered when the\n'allowLinking' and 'URIencoding' settings were activated. A remote\nattacker could use a UTF-8-encoded request to extend their privileges\nand obtain local files accessible to the Tomcat process.\n(CVE-2008-2938)\n\nUsers of tomcat should upgrade to these updated packages, which\ncontain backported patches to resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2008-August/000720.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Apache Tomcat File Disclosure\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(22, 79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-common-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-jasper-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-jsp-2.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-jsp-2.0-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-server-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-servlet-2.4-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-servlet-2.4-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/06/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/08/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-5.5.23-0jpp.7.el5_2.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.7.el5_2.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-common-lib-5.5.23-0jpp.7.el5_2.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-jasper-5.5.23-0jpp.7.el5_2.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.7.el5_2.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.7.el5_2.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.7.el5_2.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-server-lib-5.5.23-0jpp.7.el5_2.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.7.el5_2.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.7.el5_2.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-webapps-5.5.23-0jpp.7.el5_2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat5 / tomcat5-admin-webapps / tomcat5-common-lib / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-06T09:25:23", "description": "Updated tomcat packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nA cross-site scripting vulnerability was discovered in the\nHttpServletResponse.sendError() method. A remote attacker could inject\narbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232)\n\nAn additional cross-site scripting vulnerability was discovered in the\nhost manager application. A remote attacker could inject arbitrary web\nscript or HTML via the hostname parameter. (CVE-2008-1947)\n\nA traversal vulnerability was discovered when using a\nRequestDispatcher in combination with a servlet or JSP. A remote\nattacker could utilize a specially crafted request parameter to access\nprotected web resources. (CVE-2008-2370)\n\nAn additional traversal vulnerability was discovered when the\n'allowLinking' and 'URIencoding' settings were activated. A remote\nattacker could use a UTF-8-encoded request to extend their privileges\nand obtain local files accessible to the Tomcat process.\n(CVE-2008-2938)\n\nUsers of tomcat should upgrade to these updated packages, which\ncontain backported patches to resolve these issues.", "edition": 31, "published": "2010-01-06T00:00:00", "title": "CentOS 5 : tomcat5 (CESA-2008:0648)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-1947", "CVE-2008-2938", "CVE-2008-2370", "CVE-2008-1232"], "modified": "2010-01-06T00:00:00", "cpe": ["p-cpe:/a:centos:centos:tomcat5", "p-cpe:/a:centos:centos:tomcat5-webapps", "p-cpe:/a:centos:centos:tomcat5-jsp-2.0-api", "p-cpe:/a:centos:centos:tomcat5-server-lib", "p-cpe:/a:centos:centos:tomcat5-admin-webapps", "p-cpe:/a:centos:centos:tomcat5-servlet-2.4-api", "p-cpe:/a:centos:centos:tomcat5-jasper-javadoc", "p-cpe:/a:centos:centos:tomcat5-common-lib", "cpe:/o:centos:centos:5", "p-cpe:/a:centos:centos:tomcat5-servlet-2.4-api-javadoc", "p-cpe:/a:centos:centos:tomcat5-jasper", "p-cpe:/a:centos:centos:tomcat5-jsp-2.0-api-javadoc"], "id": "CENTOS_RHSA-2008-0648.NASL", "href": "https://www.tenable.com/plugins/nessus/43703", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0648 and \n# CentOS Errata and Security Advisory 2008:0648 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43703);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2008-1232\", \"CVE-2008-1947\", \"CVE-2008-2370\", \"CVE-2008-2938\");\n script_bugtraq_id(29502, 30494, 30496, 30633);\n script_xref(name:\"RHSA\", value:\"2008:0648\");\n\n script_name(english:\"CentOS 5 : tomcat5 (CESA-2008:0648)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated tomcat packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nA cross-site scripting vulnerability was discovered in the\nHttpServletResponse.sendError() method. A remote attacker could inject\narbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232)\n\nAn additional cross-site scripting vulnerability was discovered in the\nhost manager application. A remote attacker could inject arbitrary web\nscript or HTML via the hostname parameter. (CVE-2008-1947)\n\nA traversal vulnerability was discovered when using a\nRequestDispatcher in combination with a servlet or JSP. A remote\nattacker could utilize a specially crafted request parameter to access\nprotected web resources. (CVE-2008-2370)\n\nAn additional traversal vulnerability was discovered when the\n'allowLinking' and 'URIencoding' settings were activated. A remote\nattacker could use a UTF-8-encoded request to extend their privileges\nand obtain local files accessible to the Tomcat process.\n(CVE-2008-2938)\n\nUsers of tomcat should upgrade to these updated packages, which\ncontain backported patches to resolve these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-August/015217.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?eaa054e7\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-August/015218.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e8ad3363\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat5 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Apache Tomcat File Disclosure\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(22, 79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-common-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-jasper-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-jsp-2.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-jsp-2.0-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-server-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-servlet-2.4-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-servlet-2.4-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/06/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/08/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-5.5.23-0jpp.7.el5_2.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.7.el5_2.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-common-lib-5.5.23-0jpp.7.el5_2.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-jasper-5.5.23-0jpp.7.el5_2.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.7.el5_2.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.7.el5_2.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.7.el5_2.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-server-lib-5.5.23-0jpp.7.el5_2.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.7.el5_2.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.7.el5_2.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-webapps-5.5.23-0jpp.7.el5_2.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat5 / tomcat5-admin-webapps / tomcat5-common-lib / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-17T13:44:00", "description": "A cross-site scripting vulnerability was discovered in the\nHttpServletResponse.sendError() method. A remote attacker could inject\narbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232)\n\nAn additional cross-site scripting vulnerability was discovered in the\nhost manager application. A remote attacker could inject arbitrary web\nscript or HTML via the hostname parameter. (CVE-2008-1947)\n\nA traversal vulnerability was discovered when using a\nRequestDispatcher in combination with a servlet or JSP. A remote\nattacker could utilize a specially crafted request parameter to access\nprotected web resources. (CVE-2008-2370)\n\nAn additional traversal vulnerability was discovered when the\n'allowLinking' and 'URIencoding' settings were activated. A remote\nattacker could use a UTF-8-encoded request to extend their privileges\nand obtain local files accessible to the Tomcat process.\n(CVE-2008-2938)", "edition": 29, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : tomcat on SL5.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-1947", "CVE-2008-2938", "CVE-2008-2370", "CVE-2008-1232"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20080827_TOMCAT_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60470", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60470);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-1232\", \"CVE-2008-1947\", \"CVE-2008-2370\", \"CVE-2008-2938\");\n\n script_name(english:\"Scientific Linux Security Update : tomcat on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A cross-site scripting vulnerability was discovered in the\nHttpServletResponse.sendError() method. A remote attacker could inject\narbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232)\n\nAn additional cross-site scripting vulnerability was discovered in the\nhost manager application. A remote attacker could inject arbitrary web\nscript or HTML via the hostname parameter. (CVE-2008-1947)\n\nA traversal vulnerability was discovered when using a\nRequestDispatcher in combination with a servlet or JSP. A remote\nattacker could utilize a specially crafted request parameter to access\nprotected web resources. (CVE-2008-2370)\n\nAn additional traversal vulnerability was discovered when the\n'allowLinking' and 'URIencoding' settings were activated. A remote\nattacker could use a UTF-8-encoded request to extend their privileges\nand obtain local files accessible to the Tomcat process.\n(CVE-2008-2938)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0809&L=scientific-linux-errata&T=0&P=207\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2a60964c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Apache Tomcat File Disclosure\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(22, 79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/06/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/08/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-5.5.23-0jpp.7.el5_2.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.7.el5_2.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-common-lib-5.5.23-0jpp.7.el5_2.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-jasper-5.5.23-0jpp.7.el5_2.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.7.el5_2.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.7.el5_2.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.7.el5_2.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-server-lib-5.5.23-0jpp.7.el5_2.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.7.el5_2.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.7.el5_2.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-webapps-5.5.23-0jpp.7.el5_2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "vmware": [{"lastseen": "2019-11-06T16:05:50", "bulletinFamily": "unix", "cvelist": ["CVE-2008-1947", "CVE-2008-2370", "CVE-2008-1232"], "description": "a. Update for VirtualCenter and ESX patch update Apache Tomcat version to 5.5.27 \nUpdate for VirtualCenter and ESX patch update the Tomcat package to version 5.5.27 which addresses multiple security issues that existed in the previous version of Apache Tomcat. \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-1232, CVE-2008-1947 and CVE-2008-2370 to these issues. \nThe following table lists what action remediates the vulnerability (column 4) if a solution is available. \n", "edition": 4, "modified": "2009-11-20T00:00:00", "published": "2009-02-23T00:00:00", "id": "VMSA-2009-0002", "href": "https://www.vmware.com/security/advisories/VMSA-2009-0002.html", "title": "VirtualCenter Update 4 and ESX patch update Tomcat to version 5.5.27", "type": "vmware", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-11-06T16:05:47", "bulletinFamily": "unix", "cvelist": ["CVE-2007-5342", "CVE-2007-2052", "CVE-2009-1095", "CVE-2009-1093", "CVE-2009-1104", "CVE-2009-1096", "CVE-2009-2670", "CVE-2009-1895", "CVE-2009-2692", "CVE-2009-1099", "CVE-2009-2716", "CVE-2009-2417", "CVE-2008-1721", "CVE-2009-1097", "CVE-2008-3143", "CVE-2009-2414", "CVE-2008-4864", "CVE-2009-1385", "CVE-2008-5700", "CVE-2008-3528", "CVE-2009-0033", "CVE-2009-2723", "CVE-2009-2718", "CVE-2007-5333", "CVE-2009-0675", "CVE-2009-0747", "CVE-2009-0787", "CVE-2009-2416", "CVE-2008-4307", "CVE-2009-0696", "CVE-2009-2722", "CVE-2007-4965", "CVE-2009-0746", "CVE-2009-0580", "CVE-2009-2698", "CVE-2009-0028", "CVE-2009-2720", "CVE-2009-0781", "CVE-2008-5515", "CVE-2009-2625", "CVE-2008-1947", "CVE-2009-0778", "CVE-2009-2673", "CVE-2009-1100", "CVE-2008-3144", "CVE-2009-1072", "CVE-2009-0322", "CVE-2009-0159", "CVE-2009-0676", "CVE-2009-1192", "CVE-2009-1098", "CVE-2009-1094", "CVE-2009-0745", "CVE-2007-5461", "CVE-2008-3142", "CVE-2009-2407", "CVE-2009-1106", "CVE-2009-1337", "CVE-2009-1103", "CVE-2007-5966", "CVE-2009-1388", "CVE-2009-0783", "CVE-2009-0269", "CVE-2007-6286", "CVE-2009-2724", "CVE-2009-1389", "CVE-2008-2370", "CVE-2009-0834", "CVE-2009-1633", "CVE-2008-2315", "CVE-2009-0748", "CVE-2009-1101", "CVE-2009-2406", "CVE-2009-1439", "CVE-2009-1336", "CVE-2009-2848", "CVE-2009-1252", "CVE-2008-1887", "CVE-2009-1107", "CVE-2009-2671", "CVE-2008-1232", "CVE-2008-5031", "CVE-2009-1102", "CVE-2009-1630", "CVE-2009-2672", "CVE-2009-2847", "CVE-2009-2719", "CVE-2009-2676", "CVE-2009-1105", "CVE-2009-2721", "CVE-2009-2675", "CVE-2008-0002"], "description": "a. JRE Security Update \n \nJRE update to version 1.5.0_20, which addresses multiple security \nissues that existed in earlier releases of JRE. \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has \nassigned the following names to the security issues fixed in \nJRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, \nCVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, \nCVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103, \nCVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107. \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has \nassigned the following names to the security issues fixed in \nJRE 1.5.0_20: CVE-2009-2625, CVE-2009-2670, CVE-2009-2671, \nCVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2676, \nCVE-2009-2716, CVE-2009-2718, CVE-2009-2719, CVE-2009-2720, \nCVE-2009-2721, CVE-2009-2722, CVE-2009-2723, CVE-2009-2724. \nThe following table lists what action remediates the vulnerability \n(column 4) if a solution is available. \n\n", "edition": 4, "modified": "2010-03-29T00:00:00", "published": "2009-11-20T00:00:00", "id": "VMSA-2009-0016", "href": "https://www.vmware.com/security/advisories/VMSA-2009-0016.html", "title": "VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components.", "type": "vmware", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:35:20", "bulletinFamily": "unix", "cvelist": ["CVE-2008-1947", "CVE-2008-2938", "CVE-2008-2370", "CVE-2008-1232"], "description": "[5.5.23-0jpp.7.el5_2.1]\n- add patch for CVE-2008-1232\n Resolves: rhbz#457727\n- add patch for CVE-2008-1947\n Resolves: rhbz#449916\n- add patch for CVE-2008-2370\n Resolves: rhbz#458634\n- add patch for CVE-2008-2938\n Resolves: rhbz#456214", "edition": 4, "modified": "2008-08-27T00:00:00", "published": "2008-08-27T00:00:00", "id": "ELSA-2008-0648", "href": "http://linux.oracle.com/errata/ELSA-2008-0648.html", "title": "tomcat security update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "centos": [{"lastseen": "2019-12-20T18:26:13", "bulletinFamily": "unix", "cvelist": ["CVE-2008-1947", "CVE-2008-2938", "CVE-2008-2370", "CVE-2008-1232"], "description": "**CentOS Errata and Security Advisory** CESA-2008:0648\n\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nA cross-site scripting vulnerability was discovered in the\nHttpServletResponse.sendError() method. A remote attacker could inject\narbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232)\n\nAn additional cross-site scripting vulnerability was discovered in the host\nmanager application. A remote attacker could inject arbitrary web script or\nHTML via the hostname parameter. (CVE-2008-1947)\n\nA traversal vulnerability was discovered when using a RequestDispatcher\nin combination with a servlet or JSP. A remote attacker could utilize a\nspecially-crafted request parameter to access protected web resources.\n(CVE-2008-2370)\n\nAn additional traversal vulnerability was discovered when the\n\"allowLinking\" and \"URIencoding\" settings were activated. A remote attacker\ncould use a UTF-8-encoded request to extend their privileges and obtain\nlocal files accessible to the Tomcat process. (CVE-2008-2938)\n\nUsers of tomcat should upgrade to these updated packages, which contain\nbackported patches to resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-August/027255.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-August/027256.html\n\n**Affected packages:**\ntomcat5\ntomcat5-admin-webapps\ntomcat5-common-lib\ntomcat5-jasper\ntomcat5-jasper-javadoc\ntomcat5-jsp-2.0-api\ntomcat5-jsp-2.0-api-javadoc\ntomcat5-server-lib\ntomcat5-servlet-2.4-api\ntomcat5-servlet-2.4-api-javadoc\ntomcat5-webapps\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2008-0648.html", "edition": 3, "modified": "2008-08-28T22:01:41", "published": "2008-08-28T22:01:41", "href": "http://lists.centos.org/pipermail/centos-announce/2008-August/027255.html", "id": "CESA-2008:0648", "title": "tomcat5 security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "fedora": [{"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-1232", "CVE-2008-1947", "CVE-2008-2370", "CVE-2008-2938"], "description": "Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License version 2.0. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world. ", "modified": "2008-09-11T17:17:43", "published": "2008-09-11T17:17:43", "id": "FEDORA:A50D42E031E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 9 Update: tomcat6-6.0.18-1.1.fc9", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-1232", "CVE-2008-1947", "CVE-2008-2370", "CVE-2008-2938"], "description": "Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open development project. To learn more about getting involved, click here. ", "modified": "2008-09-16T23:25:10", "published": "2008-09-16T23:25:10", "id": "FEDORA:62EF6208DAC", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 9 Update: tomcat5-5.5.27-0jpp.2.fc9", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2007-1355", "CVE-2007-1358", "CVE-2007-2449", "CVE-2007-2450", "CVE-2007-3382", "CVE-2007-3385", "CVE-2007-3386", "CVE-2007-5333", "CVE-2007-5342", "CVE-2007-5461", "CVE-2007-6286", "CVE-2008-1232", "CVE-2008-1947", "CVE-2008-2370", "CVE-2008-2938"], "description": "Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open development project. To learn more about getting involved, click here. ", "modified": "2008-09-16T23:28:35", "published": "2008-09-16T23:28:35", "id": "FEDORA:EC5A9208DCA", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: tomcat5-5.5.27-0jpp.2.fc8", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}], "atlassian": [{"lastseen": "2017-03-22T18:16:54", "bulletinFamily": "software", "cvelist": ["CVE-2007-3382", "CVE-2008-2938", "CVE-2008-2370", "CVE-2007-3385"], "edition": 1, "description": "We should bundle the latest version of Tomcat with standalone to pick up some fixes including the security vulnerability detailed at:\r\n\r\n* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3382\r\n* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385", "modified": "2017-02-17T05:10:26", "published": "2008-01-15T04:23:59", "href": "https://jira.atlassian.com/browse/CONF-10445", "id": "ATLASSIAN:CONF-10445", "title": "Upgrade standalone Tomcat to 5.5.25", "type": "atlassian", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-04-02T06:17:24", "bulletinFamily": "software", "cvelist": ["CVE-2007-3382", "CVE-2008-2938", "CVE-2008-2370", "CVE-2007-3385"], "edition": 1, "description": "We should bundle the latest version of Tomcat with standalone to pick up some fixes including the security vulnerability detailed at:\r\n\r\n* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3382\r\n* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385", "modified": "2017-02-17T05:10:26", "published": "2008-01-15T04:23:59", "href": "https://jira.atlassian.com/browse/CONFSERVER-10445", "id": "ATLASSIAN:CONFSERVER-10445", "type": "atlassian", "title": "Upgrade standalone Tomcat to 5.5.25", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}]}