Fedora 23 : 1:tomcat (2016-4094bd4ad6) (httpoxy)

2016-11-14T00:00:00

Description

This updates includes a rebase from tomcat 8.0.36 up to 8.0.38 which resolves multiple CVEs and a problem that 8.0.37 introduces to freeipa : - rhbz#1375581 - CVE-2016-5388 Tomcat: CGI sets environmental variable based on user supplied Proxy request header - rhbz#1390532 - CVE-2016-0762 CVE-2016-5018 CVE-2016-6794 CVE-2016-6796 CVE-2016-6797 tomcat: various flaws and includes two additional CVE fixes along with one bug fix : - rhbz#1383210 - CVE-2016-5425 tomcat: Local privilege escalation via systemd-tmpfiles service - rhbz#1383216 - CVE-2016-6325 tomcat: tomcat writable config files allow privilege escalation - rhbz#1370262 - catalina.out is no longer in use in the main package, but still gets rotated Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

{"id": "FEDORA_2016-4094BD4AD6.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "Fedora 23 : 1:tomcat (2016-4094bd4ad6) (httpoxy)", "description": "This updates includes a rebase from tomcat 8.0.36 up to 8.0.38 which resolves multiple CVEs and a problem that 8.0.37 introduces to freeipa :\n\n - rhbz#1375581 - CVE-2016-5388 Tomcat: CGI sets environmental variable based on user supplied Proxy request header\n\n - rhbz#1390532 - CVE-2016-0762 CVE-2016-5018 CVE-2016-6794 CVE-2016-6796 CVE-2016-6797 tomcat: various flaws\n\nand includes two additional CVE fixes along with one bug fix :\n\n - rhbz#1383210 - CVE-2016-5425 tomcat: Local privilege escalation via systemd-tmpfiles service\n\n - rhbz#1383216 - CVE-2016-6325 tomcat: tomcat writable config files allow privilege escalation\n\n - rhbz#1370262 - catalina.out is no longer in use in the main package, but still gets rotated\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2016-11-14T00:00:00", "modified": "2021-01-11T00:00:00", "epss": [], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/94747", "reporter": "This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://bodhi.fedoraproject.org/updates/FEDORA-2016-4094bd4ad6", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0762", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5425", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6794", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5388", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6325", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6797", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5018", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6796"], "cvelist": ["CVE-2016-0762", "CVE-2016-5018", "CVE-2016-5388", "CVE-2016-5425", "CVE-2016-6325", "CVE-2016-6794", "CVE-2016-6796", "CVE-2016-6797"], "immutableFields": [], "lastseen": "2023-05-18T14:30:07", "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "amazon", "idList": ["ALAS-2016-722", "ALAS-2016-764"]}, {"type": "archlinux", "idList": ["ASA-201609-21", "ASA-201609-7", "ASA-201611-6"]}, {"type": "centos", "idList": ["CESA-2016:2045", "CESA-2016:2046", "CESA-2017:2247"]}, {"type": "cert", "idList": ["VU:797896"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2016-0607"]}, {"type": "cve", "idList": ["CVE-2016-0762", "CVE-2016-1000106", "CVE-2016-5018", "CVE-2016-5388", "CVE-2016-5425", "CVE-2016-6325", "CVE-2016-6794", "CVE-2016-6796", "CVE-2016-6797"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1883-1:3E939", "DEBIAN:DLA-728-1:A9D65", "DEBIAN:DLA-728-1:ECD0E", "DEBIAN:DLA-729-1:1B0B9", "DEBIAN:DLA-729-1:E931B", "DEBIAN:DLA-746-1:64FA3", "DEBIAN:DLA-746-1:A270A", "DEBIAN:DLA-746-2:0504B", "DEBIAN:DLA-746-2:CEF95", "DEBIAN:DLA-753-1:4DD3E", "DEBIAN:DLA-753-1:C31B7", "DEBIAN:DSA-3720-1:0F2C1", "DEBIAN:DSA-3720-1:B5B38", "DEBIAN:DSA-3721-1:2B54A", "DEBIAN:DSA-3721-1:8336F"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2016-0762", "DEBIANCVE:CVE-2016-5018", "DEBIANCVE:CVE-2016-5388", "DEBIANCVE:CVE-2016-5425", "DEBIANCVE:CVE-2016-6325", "DEBIANCVE:CVE-2016-6794", "DEBIANCVE:CVE-2016-6796", "DEBIANCVE:CVE-2016-6797"]}, {"type": "exploitdb", "idList": ["EDB-ID:40488", "EDB-ID:47892"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:093A394113BB59F99F2891210E4279F0", "EXPLOITPACK:3168D2153C7D83509BF8B05BB17AF9F0"]}, {"type": "f5", "idList": ["F5:K36302720", "F5:K36784855", "F5:K51663510", "F5:K61414056", "F5:K65230547", "F5:K73644551", "SOL36302720", "SOL36784855", "SOL51663510", "SOL61414056", "SOL65230547", "SOL73644551"]}, {"type": "fedora", "idList": ["FEDORA:1472760748FE", "FEDORA:2C5E66075D89", "FEDORA:C6B3F60776BE"]}, {"type": "freebsd", "idList": ["3AE106E2-D521-11E6-AE1B-002590263BF5"]}, {"type": "github", "idList": ["GHSA-2RVF-329F-P99G", "GHSA-4V3G-G84W-HV7R", "GHSA-Q6X7-F33R-3WXX", "GHSA-V646-RX6W-R3QQ", "GHSA-WXCP-F2C8-X6XV"]}, {"type": "ibm", "idList": ["03B6C658330D9ED7D3D5C516018194DBD42F5AA0466A1BAFC87309A8A438D756", "0C4F91C9AA7E146EDA1AA877B92C4C590E445AC7D2AC0E60ECCE4BA77A47F0EB", "154959AD312743D0405AEAA761D472891EC4AB0DB42D62DF98414A64862177AA", "2E77519DC296010534657E6685399645E3688DDB75C1903A1ED7B83A0135B27C", "3410E09FDCBC57E565C72083D3A630854D64B8490C9907FC7A07113F787F18CE", "40143F0DA50617F5EA31C30CAE6F6341059E3F031BCE0BC7DBD9F120A3C1F432", "418A4C8D1E8F2E8A923DFE2C36570B4A5EF7B515E050C0F19513AF3DAE7D2628", "4CB5AEEB4566C85CB97CB5F4470481A16D1ECBA93395EFF72D6B83CAA77AD1F6", "51AB1F7F50AE2546674F97D246115890E30F6672B86D6D523810D29C5BAE0D62", "52BCF84201CEBA012FEF5D806CBEB019BE40DA44E167DE103878B677EE8CAFAB", "55156FCD842A2CC421648C286DB79335E98E88FF88D30BADC857588FB7995139", "6B0A5599577E8CC081B38DC85FFC053A3E597118CD8108314778BA17EC91A265", "6F9B3E5D97FDBB41059AA8C4DDC3F8C6E337642756FF537C16A61C7599D523B9", "70549CC4BB1FA3369F5BC1EF01770F5CF2D9642AA2B34DE63805694D06A895CC", "83949293D531C3BC38D05B8E11F73860AE63D675A7ACD0FBACD46879F7DFA117", "85F4F9ABC26A141EA4CBD424EA8C33FAF00DCF970AA42D90F5EC572561A224B5", "8CD96AA2457162E63BDEB62B1DBB2807FB35D668A2D11F4D4EF019AA03F22467", "AB8332BB49251697A40C4A181070CC821286458CE2114BD526688971705EBC0B", "B192A38BFCB65C485CB834810BC072C9ED521B788476FAD8E67C2FE9EE26ACC2", "B2EA2FBA4D280351FEA7F9EC1921C448D44F4D9EC613590A87A15467F7D34153", "B5810DD31544DECD338CCD71F5C05C78B267068FE3FD01928B5545B05BEE5FA0", "B73E2AC64919358B53CBFE9E0576F144ECF05CB1E42E5E59DCDDEF0BD5FEF485", "B8AFBDF45AEF0460886E5F93AC90DAE8F281918FBE5E510F9AEB0E2A09E65A0A", "BBD0BB9278125E79B44348E7A6E2FDFBBE0FF4AC9E9184823B714AE94FCDD740", "BFC19961F4B2A71B650F919D0D8075421D25957A36A4487C121AAA7C17E478AF", "BFE62D2E10067E39BEC56AD69C10E0DBC04809ABC92027C78C59975EAF86C0D8", "C445DD959FD44CB52DF6F0949E5288CA935A9BF5DBADFD21062765CE50E710D1", "D27D7A3FAB54F4252945DE24C1BCEB0239D87CB0DB7641EF3375DE0B604D151D", "D2E48469AB3A6F2B1FEAEFDF00F68B8BC2F210C7E3BBABA5556DFDE4C6DB7ECD", "D4C1C0E6A5170ECC8C7B3DFFE304FF401A904E8D9E1A70A203081EBBCDBE568F", "DA78D22BE98AAE3FAE7595498C22303F728B4F1A787F6AA2950D1A2B51579024", "E19B380C2BF0F26DFDCBADD37C1B7D4A13ED463E7B4B4ECE7EEEC8895D5690CB", "F44762E24B816A7F151F28C5E5AA700D0D9FC674A4A6B85954337A27915F3F8D", "F5CDE8C22C4BBC6BB7CBF97A440438D883CD649212412738F8629A2D4E07BCFD", "FCEDD547799AE384A4D749F6F180AE8594D14E825F787E185F25A3AC75A35F08", "FEA72A089D1755DA76737B39FD3BC90F9FC3011626C35A4FAFB48AD0A4D10189"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:461A7AC5896687E62024A8D8E5A3749D"]}, {"type": "mageia", "idList": ["MGASA-2016-0312", "MGASA-2016-0367"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT-LINUX-LOCAL-TOMCAT_RHEL_BASED_TEMP_PRIV_ESC-"]}, {"type": "myhack58", "idList": ["MYHACK58:62201680058", "MYHACK58:62201680097", "MYHACK58:62201680650"]}, {"type": "nessus", "idList": ["9721.PASL", "ACTIVEMQ_5_15_5.NASL", "ALA_ALAS-2016-722.NASL", "ALA_ALAS-2016-764.NASL", "CENTOS_RHSA-2016-2045.NASL", "CENTOS_RHSA-2016-2046.NASL", "CENTOS_RHSA-2017-2247.NASL", "DEBIAN_DLA-1883.NASL", "DEBIAN_DLA-728.NASL", "DEBIAN_DLA-729.NASL", "DEBIAN_DLA-746.NASL", "DEBIAN_DLA-753.NASL", "DEBIAN_DSA-3720.NASL", "DEBIAN_DSA-3721.NASL", "EULEROS_SA-2016-1049.NASL", "EULEROS_SA-2017-1191.NASL", "EULEROS_SA-2017-1192.NASL", "FEDORA_2016-38E5B05260.NASL", "FEDORA_2016-C1B01B9278.NASL", "FREEBSD_PKG_3AE106E2D52111E6AE1B002590263BF5.NASL", "HPSMH_7_6.NASL", "HTTP_HTTPOXY.NASL", "OPENSUSE-2016-1056.NASL", "OPENSUSE-2016-1455.NASL", "OPENSUSE-2016-1456.NASL", "ORACLELINUX_ELSA-2016-2045.NASL", "ORACLELINUX_ELSA-2016-2046.NASL", "ORACLELINUX_ELSA-2017-2247.NASL", "ORACLE_ENTERPRISE_MANAGER_JUL_2017_CPU.NASL", "ORACLE_SECURE_GLOBAL_DESKTOP_APR_2017_CPU.NASL", "REDHAT-RHSA-2016-1635.NASL", "REDHAT-RHSA-2016-1636.NASL", "REDHAT-RHSA-2016-2045.NASL", "REDHAT-RHSA-2016-2046.NASL", "REDHAT-RHSA-2017-0455.NASL", "REDHAT-RHSA-2017-0456.NASL", "REDHAT-RHSA-2017-1548.NASL", "REDHAT-RHSA-2017-1549.NASL", "REDHAT-RHSA-2017-1550.NASL", "REDHAT-RHSA-2017-1552.NASL", "REDHAT-RHSA-2017-2247.NASL", "SL_20161010_TOMCAT6_ON_SL6_X.NASL", "SL_20161010_TOMCAT_ON_SL7_X.NASL", "SL_20170802_TOMCAT_ON_SL7_X.NASL", "TOMCAT_8_5_5.NASL", "UBUNTU_USN-3177-1.NASL", "UBUNTU_USN-3177-2.NASL", "UBUNTU_USN-4557-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310106390", "OPENVAS:1361412562310106641", "OPENVAS:1361412562310120711", "OPENVAS:1361412562310703720", "OPENVAS:1361412562310703721", "OPENVAS:1361412562310808629", "OPENVAS:1361412562310810182", "OPENVAS:1361412562310810184", "OPENVAS:1361412562310811298", "OPENVAS:1361412562310811703", "OPENVAS:1361412562310843024", "OPENVAS:1361412562310843035", "OPENVAS:1361412562310851455", "OPENVAS:1361412562310851503", "OPENVAS:1361412562310871669", "OPENVAS:1361412562310871670", "OPENVAS:1361412562310871857", "OPENVAS:1361412562310871971", "OPENVAS:1361412562310882575", "OPENVAS:1361412562310882576", "OPENVAS:1361412562310891883", "OPENVAS:1361412562311220161049", "OPENVAS:1361412562311220171191", "OPENVAS:1361412562311220171192", "OPENVAS:703720", "OPENVAS:703721"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2017", "ORACLE:CPUJUL2017", "ORACLE:CPUJUL2021", "ORACLE:CPUOCT2019", "ORACLE:CPUOCT2021"]}, {"type": "oraclelinux", "idList": ["ELSA-2016-2045", "ELSA-2016-2046", "ELSA-2017-2247"]}, {"type": "osv", "idList": ["OSV:DLA-1883-1", "OSV:DLA-728-1", "OSV:DLA-729-1", "OSV:DLA-746-1", "OSV:DLA-746-2", "OSV:DLA-753-1", "OSV:DSA-3720-1", "OSV:DSA-3721-1", "OSV:GHSA-2RVF-329F-P99G", "OSV:GHSA-4V3G-G84W-HV7R", "OSV:GHSA-Q6X7-F33R-3WXX", "OSV:GHSA-V646-RX6W-R3QQ", "OSV:GHSA-WXCP-F2C8-X6XV"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:139041", "PACKETSTORM:155873", "PACKETSTORM:171337"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:DB6B41D530934724F19E6F3BC63F0E73"]}, {"type": "redhat", "idList": ["RHSA-2016:1635", "RHSA-2016:1636", "RHSA-2016:2045", "RHSA-2016:2046", "RHSA-2017:0455", "RHSA-2017:0456", "RHSA-2017:0457", "RHSA-2017:1548", "RHSA-2017:1549", "RHSA-2017:1550", "RHSA-2017:1551", "RHSA-2017:1552", "RHSA-2017:2247"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-5388", "RH:CVE-2016-5425", "RH:CVE-2016-6325", "RH:CVE-2016-6794", "RH:CVE-2016-6797", "RH:CVE-2016-8657"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2016:3129-1", "OPENSUSE-SU-2016:3144-1", "SUSE-SU-2016:3079-1", "SUSE-SU-2016:3081-1", "SUSE-SU-2017:1632-1", "SUSE-SU-2017:1660-1"]}, {"type": "threatpost", "idList": ["THREATPOST:29907254311441DFE8331A9706EE7EFA"]}, {"type": "tomcat", "idList": ["TOMCAT:3BE7322A30732B9FCCD5C138E261173F", "TOMCAT:790F7EF00EBD814D5B55BBA9ADFAB91D", "TOMCAT:8423D2ED2F8751548B2F3411FE07D05F", "TOMCAT:937E284FF802C2D5A6E9C8A59AB6C822"]}, {"type": "ubuntu", "idList": ["USN-3177-1", "USN-3177-2", "USN-4557-1", "USN-4791-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2016-0762", "UB:CVE-2016-5018", "UB:CVE-2016-5388", "UB:CVE-2016-5425", "UB:CVE-2016-6325", "UB:CVE-2016-6794", "UB:CVE-2016-6796", "UB:CVE-2016-6797"]}, {"type": "veracode", "idList": ["VERACODE:12348", "VERACODE:12454", "VERACODE:20287", "VERACODE:3834"]}, {"type": "zdt", "idList": ["1337DAY-ID-25464", "1337DAY-ID-38260"]}]}, "score": {"value": 0.0, "vector": "NONE"}, "backreferences": {"references": [{"type": "archlinux", "idList": ["ASA-201609-21"]}, {"type": "centos", "idList": ["CESA-2016:2045", "CESA-2016:2046"]}, {"type": "cert", "idList": ["VU:797896"]}, {"type": "cve", "idList": ["CVE-2016-5388", "CVE-2016-6325"]}, {"type": "debian", "idList": ["DEBIAN:DLA-753-1:C31B7"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2016-5018"]}, {"type": "exploitdb", "idList": ["EDB-ID:47892"]}, {"type": "f5", "idList": ["F5:K36784855", "SOL36302720", "SOL65230547", "SOL73644551"]}, {"type": "fedora", "idList": ["FEDORA:2C5E66075D89", "FEDORA:C6B3F60776BE"]}, {"type": "ibm", "idList": ["03B6C658330D9ED7D3D5C516018194DBD42F5AA0466A1BAFC87309A8A438D756"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/HPSMH-CVE-2016-5388/", "MSF:ILITIES/SUSE-CVE-2016-5018/"]}, {"type": "myhack58", "idList": ["MYHACK58:62201680650"]}, {"type": "nessus", "idList": ["EULEROS_SA-2016-1049.NASL", "EULEROS_SA-2017-1192.NASL", "FREEBSD_PKG_3AE106E2D52111E6AE1B002590263BF5.NASL", "OPENSUSE-2016-1056.NASL", "REDHAT-RHSA-2016-2045.NASL", "REDHAT-RHSA-2017-1548.NASL", "UBUNTU_USN-3177-1.NASL", "UBUNTU_USN-4557-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562311220171191", "OPENVAS:703720"]}, {"type": "oracle", "idList": ["ORACLE:CPUOCT2019-5072832"]}, {"type": "oraclelinux", "idList": ["ELSA-2016-2045"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:155873"]}, {"type": "redhat", "idList": ["RHSA-2016:1636", "RHSA-2016:2046"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-6794", "RH:CVE-2016-6797"]}, {"type": "suse", "idList": ["SUSE-SU-2016:3081-1"]}, {"type": "threatpost", "idList": ["THREATPOST:29907254311441DFE8331A9706EE7EFA"]}, {"type": "tomcat", "idList": ["TOMCAT:937E284FF802C2D5A6E9C8A59AB6C822"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2016-6794"]}, {"type": "zdt", "idList": ["1337DAY-ID-25464"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2016-0762", "epss": "0.001880000", "percentile": "0.546180000", "modified": "2023-03-14"}, {"cve": "CVE-2016-5018", "epss": "0.002340000", "percentile": "0.596950000", "modified": "2023-03-14"}, {"cve": "CVE-2016-5388", "epss": "0.948220000", "percentile": "0.987690000", "modified": "2023-03-14"}, {"cve": "CVE-2016-5425", "epss": "0.000640000", "percentile": "0.259510000", "modified": "2023-03-14"}, {"cve": "CVE-2016-6325", "epss": "0.000440000", "percentile": "0.083090000", "modified": "2023-03-14"}, {"cve": "CVE-2016-6794", "epss": "0.001300000", "percentile": "0.461570000", "modified": "2023-03-14"}, {"cve": "CVE-2016-6796", "epss": "0.001530000", "percentile": "0.497460000", "modified": "2023-03-14"}, {"cve": "CVE-2016-6797", "epss": "0.001610000", "percentile": "0.510300000", "modified": "2023-03-14"}], "vulnersScore": 0.0}, "_state": {"dependencies": 1684432139, "score": 1684432702, "epss": 0}, "_internal": {"score_hash": "06dcc9d219821ac20a619abe342915f2"}, "pluginID": "94747", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-4094bd4ad6.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94747);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-0762\", \"CVE-2016-5018\", \"CVE-2016-5388\", \"CVE-2016-5425\", \"CVE-2016-6325\", \"CVE-2016-6794\", \"CVE-2016-6796\", \"CVE-2016-6797\");\n script_xref(name:\"FEDORA\", value:\"2016-4094bd4ad6\");\n\n script_name(english:\"Fedora 23 : 1:tomcat (2016-4094bd4ad6) (httpoxy)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This updates includes a rebase from tomcat 8.0.36 up to 8.0.38 which\nresolves multiple CVEs and a problem that 8.0.37 introduces to \nfreeipa :\n\n - rhbz#1375581 - CVE-2016-5388 Tomcat: CGI sets\n environmental variable based on user supplied Proxy\n request header\n\n - rhbz#1390532 - CVE-2016-0762 CVE-2016-5018 CVE-2016-6794\n CVE-2016-6796 CVE-2016-6797 tomcat: various flaws\n\nand includes two additional CVE fixes along with one bug fix :\n\n - rhbz#1383210 - CVE-2016-5425 tomcat: Local privilege\n escalation via systemd-tmpfiles service\n\n - rhbz#1383216 - CVE-2016-6325 tomcat: tomcat writable\n config files allow privilege escalation\n\n - rhbz#1370262 - catalina.out is no longer in use in the\n main package, but still gets rotated\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-4094bd4ad6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 1:tomcat package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/14\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"tomcat-8.0.38-1.fc23\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:tomcat\");\n}\n", "naslFamily": "Fedora Local Security Checks", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:tomcat", "cpe:/o:fedoraproject:fedora:23"], "solution": "Update the affected 1:tomcat package.", "nessusSeverity": "High", "cvssScoreSource": "", "vendor_cvss2": {"score": 7.2, "vector": "CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "vendor_cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "vpr": {"risk factor": "High", "score": "7.4"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2016-11-12T00:00:00", "vulnerabilityPublicationDate": "2016-07-19T00:00:00", "exploitableWith": []}

{"fedora": [{"lastseen": "2020-12-21T08:17:53", "description": "Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License version 2.0. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world. ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2016-11-12T23:56:29", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: tomcat-8.0.38-1.fc24", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0762", "CVE-2016-5018", "CVE-2016-5388", "CVE-2016-5425", "CVE-2016-6325", "CVE-2016-6794", "CVE-2016-6796", "CVE-2016-6797"], "modified": "2016-11-12T23:56:29", "id": "FEDORA:C6B3F60776BE", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6WKLL2TYSF35YFKF6JOELFKM53BYL4JI/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "description": "Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License version 2.0. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world. ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2016-11-13T02:21:02", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: tomcat-8.0.38-1.fc23", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0762", "CVE-2016-5018", "CVE-2016-5388", "CVE-2016-5425", "CVE-2016-6325", "CVE-2016-6794", "CVE-2016-6796", "CVE-2016-6797"], "modified": "2016-11-13T02:21:02", "id": "FEDORA:1472760748FE", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/BZOEGHEDVEKGRMKYS6JG77SLPE77B55B/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "description": "Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License version 2.0. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world. ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2016-11-19T21:26:18", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: tomcat-8.0.38-1.fc25", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0762", "CVE-2016-5018", "CVE-2016-5388", "CVE-2016-5425", "CVE-2016-6325", "CVE-2016-6794", "CVE-2016-6796", "CVE-2016-6797"], "modified": "2016-11-19T21:26:18", "id": "FEDORA:2C5E66075D89", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/EFS2BJI4QFOEFD7TDDAJQCMXX77ZWNZ6/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:35:32", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-02T00:00:00", "type": "openvas", "title": "Fedora Update for tomcat FEDORA-2016-4094bd4ad6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6796", "CVE-2016-5425", "CVE-2016-6325", "CVE-2016-0762", "CVE-2016-5388", "CVE-2016-5018", "CVE-2016-6794", "CVE-2016-6797"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310810184", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810184", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tomcat FEDORA-2016-4094bd4ad6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810184\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-02 14:06:43 +0100 (Fri, 02 Dec 2016)\");\n script_cve_id(\"CVE-2016-5388\", \"CVE-2016-0762\", \"CVE-2016-5018\", \"CVE-2016-6794\",\n \"CVE-2016-6796\", \"CVE-2016-6797\", \"CVE-2016-5425\", \"CVE-2016-6325\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for tomcat FEDORA-2016-4094bd4ad6\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"tomcat on Fedora 23\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-4094bd4ad6\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOEGHEDVEKGRMKYS6JG77SLPE77B55B\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC23\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~8.0.38~1.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:09", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-02T00:00:00", "type": "openvas", "title": "Fedora Update for tomcat FEDORA-2016-c1b01b9278", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6796", "CVE-2016-5425", "CVE-2016-6325", "CVE-2016-0762", "CVE-2016-5388", "CVE-2016-5018", "CVE-2016-6794", "CVE-2016-6797"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310810182", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810182", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tomcat FEDORA-2016-c1b01b9278\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810182\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-02 14:04:29 +0100 (Fri, 02 Dec 2016)\");\n script_cve_id(\"CVE-2016-5388\", \"CVE-2016-0762\", \"CVE-2016-5018\", \"CVE-2016-6794\",\n \"CVE-2016-6796\", \"CVE-2016-6797\", \"CVE-2016-5425\", \"CVE-2016-6325\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for tomcat FEDORA-2016-c1b01b9278\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"tomcat on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-c1b01b9278\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WKLL2TYSF35YFKF6JOELFKM53BYL4JI\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~8.0.38~1.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:07", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-07T00:00:00", "type": "openvas", "title": "Fedora Update for tomcat FEDORA-2016-38e5b05260", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6796", "CVE-2016-5425", "CVE-2016-6325", "CVE-2016-0762", "CVE-2016-5388", "CVE-2016-5018", "CVE-2016-6794", "CVE-2016-6797"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310871971", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871971", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tomcat FEDORA-2016-38e5b05260\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871971\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-07 05:22:06 +0100 (Wed, 07 Dec 2016)\");\n script_cve_id(\"CVE-2016-5388\", \"CVE-2016-0762\", \"CVE-2016-5018\", \"CVE-2016-6794\", \"CVE-2016-6796\", \"CVE-2016-6797\", \"CVE-2016-5425\", \"CVE-2016-6325\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for tomcat FEDORA-2016-38e5b05260\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"tomcat on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-38e5b05260\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EFS2BJI4QFOEFD7TDDAJQCMXX77ZWNZ6\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~8.0.38~1.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-05T18:37:51", "description": "This host is installed with Apache Tomcat\n and is prone to security bypass and information disclosure vulnerabilities.", "cvss3": {}, "published": "2017-08-11T00:00:00", "type": "openvas", "title": "Apache Tomcat Security Bypass and Information Disclosure Vulnerabilities (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6796", "CVE-2016-0762", "CVE-2016-5018", "CVE-2016-6794", "CVE-2016-6797"], "modified": "2020-03-04T00:00:00", "id": "OPENVAS:1361412562310811298", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811298", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apache Tomcat Security Bypass and Information Disclosure Vulnerabilities (Windows)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:tomcat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811298\");\n script_version(\"2020-03-04T09:29:37+0000\");\n script_cve_id(\"CVE-2016-6794\", \"CVE-2016-0762\", \"CVE-2016-5018\", \"CVE-2016-6796\",\n \"CVE-2016-6797\");\n script_bugtraq_id(93940, 93944, 93939, 93942, 93943);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-03-04 09:29:37 +0000 (Wed, 04 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-08-11 14:49:43 +0530 (Fri, 11 Aug 2017)\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_name(\"Apache Tomcat Security Bypass and Information Disclosure Vulnerabilities (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apache Tomcat\n and is prone to security bypass and information disclosure vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - An error in the system property replacement feature for configuration files.\n\n - An error in the realm implementations in Apache Tomcat that does not process\n the supplied password if the supplied user name did not exist.\n\n - An error in the configured SecurityManager via a Tomcat utility method that\n is accessible to web applications.\n\n - An error in the configured SecurityManager via manipulation of the\n configuration parameters for the JSP Servlet.\n\n - An error in the ResourceLinkFactory implementation in Apache Tomcat that\n does not limit web application access to global JNDI resources to those\n resources explicitly linked to the web application.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to gain access to potentially sensitive information and bypass\n certain security restrictions.\");\n\n script_tag(name:\"affected\", value:\"Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9,\n Apache Tomcat versions 8.5.0 to 8.5.4,\n Apache Tomcat versions 8.0.0.RC1 to 8.0.36,\n Apache Tomcat versions 7.0.0 to 7.0.70, and\n Apache Tomcat versions 6.0.0 to 6.0.45 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apache Tomcat version 9.0.0.M10\n or 8.5.5 or 8.0.37 or 7.0.72 or 6.0.47 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.0.M10\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Web Servers\");\n script_dependencies(\"gb_apache_tomcat_consolidation.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"apache/tomcat/detected\", \"Host/runs_windows\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"revisions-lib.inc\");\ninclude(\"version_func.inc\");\n\nif(isnull(tomPort = get_app_port(cpe:CPE)))\n exit(0);\n\nif(!infos = get_app_version_and_location(cpe:CPE, port:tomPort, exit_no_version:TRUE))\n exit(0);\n\nappVer = infos[\"version\"];\npath = infos[\"location\"];\n\nif(appVer =~ \"^6\\.\")\n{\n if(revcomp(a: appVer, b: \"6.0.47\") < 0){\n fix = \"6.0.47\";\n }\n}\n\nelse if(appVer =~ \"^7\\.\")\n{\n if(revcomp(a: appVer, b: \"7.0.72\") < 0){\n fix = \"7.0.72\";\n }\n}\n\nelse if(appVer =~ \"^8\\.5\\.\")\n{\n if(revcomp(a: appVer, b: \"8.5.5\") < 0){\n fix = \"8.5.5\";\n }\n}\n\nelse if(appVer =~ \"^8\\.\")\n{\n if(revcomp(a: appVer, b: \"8.0.37\") < 0){\n fix = \"8.0.37\";\n }\n}\n\nelse if(appVer =~ \"^9\\.\")\n{\n if(revcomp(a: appVer, b: \"9.0.0.M10\") < 0){\n fix = \"9.0.0.M10\";\n }\n}\n\nif(fix)\n{\n report = report_fixed_ver(installed_version:appVer, fixed_version:fix, install_path:path);\n security_message(data:report, port:tomPort);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:17", "description": "Multiple security vulnerabilities have\nbeen discovered in the Tomcat servlet and JSP engine, which may result in possible\ntiming attacks to determine valid user names, bypass of the SecurityManager,\ndisclosure of system properties, unrestricted access to global resources, arbitrary\nfile overwrites, and potentially escalation of privileges.", "cvss3": {}, "published": "2016-11-21T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3720-1 (tomcat8 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6796", "CVE-2016-0762", "CVE-2016-5018", "CVE-2016-6794", "CVE-2016-6797"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703720", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703720", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3720.nasl 14279 2019-03-18 14:48:34Z cfischer $\n# Auto-generated from advisory DSA 3720-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703720\");\n script_version(\"$Revision: 14279 $\");\n script_cve_id(\"CVE-2016-0762\", \"CVE-2016-5018\", \"CVE-2016-6794\", \"CVE-2016-6796\",\n \"CVE-2016-6797\");\n script_name(\"Debian Security Advisory DSA 3720-1 (tomcat8 - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:48:34 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-11-21 00:00:00 +0100 (Mon, 21 Nov 2016)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2016/dsa-3720.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"tomcat8 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie),\nthese problems have been fixed in version 8.0.14-1+deb8u4.\n\nWe recommend that you upgrade your tomcat8 packages.\");\n script_tag(name:\"summary\", value:\"Multiple security vulnerabilities have\nbeen discovered in the Tomcat servlet and JSP engine, which may result in possible\ntiming attacks to determine valid user names, bypass of the SecurityManager,\ndisclosure of system properties, unrestricted access to global resources, arbitrary\nfile overwrites, and potentially escalation of privileges.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libservlet3.1-java\", ver:\"8.0.14-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libservlet3.1-java-doc\", ver:\"8.0.14-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtomcat8-java\", ver:\"8.0.14-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8\", ver:\"8.0.14-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8-admin\", ver:\"8.0.14-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8-common\", ver:\"8.0.14-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8-docs\", ver:\"8.0.14-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8-examples\", ver:\"8.0.14-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8-user\", ver:\"8.0.14-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:50", "description": "Multiple security vulnerabilities have been\ndiscovered in the Tomcat servlet and JSP engine, which may result in possible timing\nattacks to determine valid user names, bypass of the SecurityManager, disclosure of\nsystem properties, unrestricted access to global resources, arbitrary file overwrites,\nand potentially escalation of privileges.", "cvss3": {}, "published": "2016-11-21T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3721-1 (tomcat7 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6796", "CVE-2016-0762", "CVE-2016-5018", "CVE-2016-6794", "CVE-2016-6797"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703721", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703721", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3721.nasl 14279 2019-03-18 14:48:34Z cfischer $\n# Auto-generated from advisory DSA 3721-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703721\");\n script_version(\"$Revision: 14279 $\");\n script_cve_id(\"CVE-2016-0762\", \"CVE-2016-5018\", \"CVE-2016-6794\", \"CVE-2016-6796\",\n \"CVE-2016-6797\");\n script_name(\"Debian Security Advisory DSA 3721-1 (tomcat7 - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:48:34 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-11-21 00:00:00 +0100 (Mon, 21 Nov 2016)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2016/dsa-3721.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"tomcat7 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie), these\nproblems have been fixed in version 7.0.56-3+deb8u5.\n\nWe recommend that you upgrade your tomcat7 packages.\");\n script_tag(name:\"summary\", value:\"Multiple security vulnerabilities have been\ndiscovered in the Tomcat servlet and JSP engine, which may result in possible timing\nattacks to determine valid user names, bypass of the SecurityManager, disclosure of\nsystem properties, unrestricted access to global resources, arbitrary file overwrites,\nand potentially escalation of privileges.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libservlet3.0-java\", ver:\"7.0.56-3+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libservlet3.0-java-doc\", ver:\"7.0.56-3+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtomcat7-java\", ver:\"7.0.56-3+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7\", ver:\"7.0.56-3+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7-admin\", ver:\"7.0.56-3+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7-common\", ver:\"7.0.56-3+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7-docs\", ver:\"7.0.56-3+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7-examples\", ver:\"7.0.56-3+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7-user\", ver:\"7.0.56-3+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-03-14T18:40:06", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-08-04T00:00:00", "type": "openvas", "title": "RedHat Update for tomcat RHSA-2017:2247-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6796", "CVE-2016-0762", "CVE-2016-5018", "CVE-2016-6794", "CVE-2016-6797"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310871857", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871857", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871857\");\n script_version(\"2020-03-13T10:06:41+0000\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 10:06:41 +0000 (Fri, 13 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-08-04 12:46:46 +0530 (Fri, 04 Aug 2017)\");\n script_cve_id(\"CVE-2016-0762\", \"CVE-2016-5018\", \"CVE-2016-6794\", \"CVE-2016-6796\",\n \"CVE-2016-6797\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for tomcat RHSA-2017:2247-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Apache Tomcat is a servlet container for the\n Java Servlet and JavaServer Pages (JSP) technologies. The following packages\n have been upgraded to a later upstream version: tomcat (7.0.76). (BZ#1414895)\n Security Fix(es): * The Realm implementations did not process the supplied\n password if the supplied user name did not exist. This made a timing attack\n possible to determine valid user names. Note that the default configuration\n includes the LockOutRealm which makes exploitation of this vulnerability harder.\n (CVE-2016-0762) * It was discovered that a malicious web application could\n bypass a configured SecurityManager via a Tomcat utility method that was\n accessible to web applications. (CVE-2016-5018) * It was discovered that when a\n SecurityManager was configured, Tomcat's system property replacement feature for\n configuration files could be used by a malicious web application to bypass the\n SecurityManager and read system properties that should not be visible.\n (CVE-2016-6794) * It was discovered that a malicious web application could\n bypass a configured SecurityManager via manipulation of the configuration\n parameters for the JSP Servlet. (CVE-2016-6796) * It was discovered that it was\n possible for a web application to access any global JNDI resource whether an\n explicit ResourceLink had been configured or not. (CVE-2016-6797) Additional\n Changes: For detailed information on changes in this release, see the Red Hat\n Enterprise Linux 7.4 Release Notes linked from the References section.\");\n script_tag(name:\"affected\", value:\"tomcat on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2017:2247-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2017-August/msg00033.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~7.0.76~2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-admin-webapps\", rpm:\"tomcat-admin-webapps~7.0.76~2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-el-2.2-api\", rpm:\"tomcat-el-2.2-api~7.0.76~2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-jsp-2.2-api\", rpm:\"tomcat-jsp-2.2-api~7.0.76~2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-lib\", rpm:\"tomcat-lib~7.0.76~2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-servlet-3.0-api\", rpm:\"tomcat-servlet-3.0-api~7.0.76~2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-webapps\", rpm:\"tomcat-webapps~7.0.76~2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2017-09-04T14:19:06", "description": "Multiple security vulnerabilities have been\ndiscovered in the Tomcat servlet and JSP engine, which may result in possible timing\nattacks to determine valid user names, bypass of the SecurityManager, disclosure of\nsystem properties, unrestricted access to global resources, arbitrary file overwrites,\nand potentially escalation of privileges.", "cvss3": {}, "published": "2016-11-21T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3721-1 (tomcat7 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6796", "CVE-2016-0762", "CVE-2016-5018", "CVE-2016-6794", "CVE-2016-6797"], "modified": "2017-08-31T00:00:00", "id": "OPENVAS:703721", "href": "http://plugins.openvas.org/nasl.php?oid=703721", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3721.nasl 7026 2017-08-31 06:13:04Z asteins $\n# Auto-generated from advisory DSA 3721-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703721);\n script_version(\"$Revision: 7026 $\");\n script_cve_id(\"CVE-2016-0762\", \"CVE-2016-5018\", \"CVE-2016-6794\", \"CVE-2016-6796\",\n \"CVE-2016-6797\");\n script_name(\"Debian Security Advisory DSA 3721-1 (tomcat7 - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-08-31 08:13:04 +0200 (Thu, 31 Aug 2017) $\");\n script_tag(name: \"creation_date\", value: \"2016-11-21 00:00:00 +0100 (Mon, 21 Nov 2016)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3721.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"tomcat7 on Debian Linux\");\n script_tag(name: \"insight\", value: \"Apache Tomcat implements the Java Servlet\nand the JavaServer Pages (JSP) specifications from Sun Microsystems, and provides a\n'pure Java' HTTP web server environment for Java code to run.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie), these\nproblems have been fixed in version 7.0.56-3+deb8u5.\n\nWe recommend that you upgrade your tomcat7 packages.\");\n script_tag(name: \"summary\", value: \"Multiple security vulnerabilities have been\ndiscovered in the Tomcat servlet and JSP engine, which may result in possible timing\nattacks to determine valid user names, bypass of the SecurityManager, disclosure of\nsystem properties, unrestricted access to global resources, arbitrary file overwrites,\nand potentially escalation of privileges.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libservlet3.0-java\", ver:\"7.0.56-3+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libservlet3.0-java-doc\", ver:\"7.0.56-3+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtomcat7-java\", ver:\"7.0.56-3+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7\", ver:\"7.0.56-3+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7-admin\", ver:\"7.0.56-3+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7-common\", ver:\"7.0.56-3+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7-docs\", ver:\"7.0.56-3+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7-examples\", ver:\"7.0.56-3+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7-user\", ver:\"7.0.56-3+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-09-04T14:18:33", "description": "Multiple security vulnerabilities have\nbeen discovered in the Tomcat servlet and JSP engine, which may result in possible\ntiming attacks to determine valid user names, bypass of the SecurityManager,\ndisclosure of system properties, unrestricted access to global resources, arbitrary\nfile overwrites, and potentially escalation of privileges.", "cvss3": {}, "published": "2016-11-21T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3720-1 (tomcat8 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6796", "CVE-2016-0762", "CVE-2016-5018", "CVE-2016-6794", "CVE-2016-6797"], "modified": "2017-08-31T00:00:00", "id": "OPENVAS:703720", "href": "http://plugins.openvas.org/nasl.php?oid=703720", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3720.nasl 7026 2017-08-31 06:13:04Z asteins $\n# Auto-generated from advisory DSA 3720-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703720);\n script_version(\"$Revision: 7026 $\");\n script_cve_id(\"CVE-2016-0762\", \"CVE-2016-5018\", \"CVE-2016-6794\", \"CVE-2016-6796\",\n \"CVE-2016-6797\");\n script_name(\"Debian Security Advisory DSA 3720-1 (tomcat8 - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-08-31 08:13:04 +0200 (Thu, 31 Aug 2017) $\");\n script_tag(name: \"creation_date\", value: \"2016-11-21 00:00:00 +0100 (Mon, 21 Nov 2016)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3720.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"tomcat8 on Debian Linux\");\n script_tag(name: \"insight\", value: \"Apache Tomcat implements the Java\nServlet and the JavaServer Pages (JSP) specifications from Oracle, and provides\na 'pure Java' HTTP web server environment for Java code to run.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie),\nthese problems have been fixed in version 8.0.14-1+deb8u4.\n\nWe recommend that you upgrade your tomcat8 packages.\");\n script_tag(name: \"summary\", value: \"Multiple security vulnerabilities have\nbeen discovered in the Tomcat servlet and JSP engine, which may result in possible\ntiming attacks to determine valid user names, bypass of the SecurityManager,\ndisclosure of system properties, unrestricted access to global resources, arbitrary\nfile overwrites, and potentially escalation of privileges.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libservlet3.1-java\", ver:\"8.0.14-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libservlet3.1-java-doc\", ver:\"8.0.14-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtomcat8-java\", ver:\"8.0.14-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8\", ver:\"8.0.14-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8-admin\", ver:\"8.0.14-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8-common\", ver:\"8.0.14-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8-docs\", ver:\"8.0.14-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8-examples\", ver:\"8.0.14-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8-user\", ver:\"8.0.14-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2020-03-05T18:40:23", "description": "This host is installed with Apache Tomcat\n and is prone to security bypass and information disclosure vulnerabilities.", "cvss3": {}, "published": "2017-08-11T00:00:00", "type": "openvas", "title": "Apache Tomcat Security Bypass and Information Disclosure Vulnerabilities (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6796", "CVE-2016-0762", "CVE-2016-5018", "CVE-2016-6794", "CVE-2016-6797"], "modified": "2020-03-04T00:00:00", "id": "OPENVAS:1361412562310811703", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811703", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apache Tomcat Security Bypass and Information Disclosure Vulnerabilities (Linux)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:tomcat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811703\");\n script_version(\"2020-03-04T09:29:37+0000\");\n script_cve_id(\"CVE-2016-6794\", \"CVE-2016-0762\", \"CVE-2016-5018\", \"CVE-2016-6796\",\n \"CVE-2016-6797\");\n script_bugtraq_id(93940, 93944, 93939, 93942, 93943);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-03-04 09:29:37 +0000 (Wed, 04 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-08-11 16:00:24 +0530 (Fri, 11 Aug 2017)\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_name(\"Apache Tomcat Security Bypass and Information Disclosure Vulnerabilities (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apache Tomcat\n and is prone to security bypass and information disclosure vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - An error in the system property replacement feature for configuration files.\n\n - An error in the realm implementations in Apache Tomcat that does not process\n the supplied password if the supplied user name did not exist.\n\n - An error in the configured SecurityManager via a Tomcat utility method that\n is accessible to web applications.\n\n - An error in the configured SecurityManager via manipulation of the\n configuration parameters for the JSP Servlet.\n\n - An error in the ResourceLinkFactory implementation in Apache Tomcat that\n does not limit web application access to global JNDI resources to those\n resources explicitly linked to the web application.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to gain access to potentially sensitive information and bypass\n certain security restrictions.\");\n\n script_tag(name:\"affected\", value:\"Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9,\n Apache Tomcat versions 8.5.0 to 8.5.4,\n Apache Tomcat versions 8.0.0.RC1 to 8.0.36,\n Apache Tomcat versions 7.0.0 to 7.0.70, and\n Apache Tomcat versions 6.0.0 to 6.0.45 on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apache Tomcat version 9.0.0.M10\n or 8.5.5 or 8.0.37 or 7.0.72 or 6.0.47 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.0.M10\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Web Servers\");\n script_dependencies(\"gb_apache_tomcat_consolidation.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"apache/tomcat/detected\", \"Host/runs_unixoide\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"revisions-lib.inc\");\ninclude(\"version_func.inc\");\n\nif(isnull(tomPort = get_app_port(cpe:CPE)))\n exit(0);\n\nif(!infos = get_app_version_and_location(cpe:CPE, port:tomPort, exit_no_version:TRUE))\n exit(0);\n\nappVer = infos[\"version\"];\npath = infos[\"location\"];\n\nif(appVer =~ \"^6\\.\")\n{\n if(revcomp(a: appVer, b: \"6.0.47\") < 0){\n fix = \"6.0.47\";\n }\n}\n\nelse if(appVer =~ \"^7\\.\")\n{\n if(revcomp(a: appVer, b: \"7.0.72\") < 0){\n fix = \"7.0.72\";\n }\n}\n\nelse if(appVer =~ \"^8\\.5\\.\")\n{\n if(revcomp(a: appVer, b: \"8.5.5\") < 0){\n fix = \"8.5.5\";\n }\n}\n\nelse if(appVer =~ \"^8\\.\")\n{\n if(revcomp(a: appVer, b: \"8.0.37\") < 0){\n fix = \"8.0.37\";\n }\n}\n\nelse if(appVer =~ \"^9\\.\")\n{\n if(revcomp(a: appVer, b: \"9.0.0.M10\") < 0){\n fix = \"9.0.0.M10\";\n }\n}\n\nif(fix)\n{\n report = report_fixed_ver(installed_version:appVer, fixed_version:fix, install_path:path);\n security_message(data:report, port:tomPort);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-01-31T18:36:28", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-14T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for tomcat (openSUSE-SU-2016:3129-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6796", "CVE-2016-0762", "CVE-2016-6816", "CVE-2016-5018", "CVE-2016-8735", "CVE-2016-6794", "CVE-2016-6797"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851455", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851455", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851455\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-12-14 05:55:01 +0100 (Wed, 14 Dec 2016)\");\n script_cve_id(\"CVE-2016-0762\", \"CVE-2016-5018\", \"CVE-2016-6794\", \"CVE-2016-6796\",\n \"CVE-2016-6797\", \"CVE-2016-6816\", \"CVE-2016-8735\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for tomcat (openSUSE-SU-2016:3129-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for Tomcat provides the following fixes:\n\n Feature changes:\n\n The embedded Apache Commons DBCP component was updated to version 2.0.\n (bsc#1010893 fate#321029)\n\n Security fixes:\n\n - CVE-2016-0762: Realm Timing Attack (bsc#1007854)\n\n - CVE-2016-5018: Security Manager Bypass (bsc#1007855)\n\n - CVE-2016-6794: System Property Disclosure (bsc#1007857)\n\n - CVE-2016-6796: Manager Bypass (bsc#1007858)\n\n - CVE-2016-6797: Unrestricted Access to Global Resources (bsc#1007853)\n\n - CVE-2016-8735: Remote code execution vulnerability in\n JmxRemoteLifecycleListener (bsc#1011805)\n\n - CVE-2016-6816: HTTP Request smuggling vulnerability due to permitting\n invalid character in HTTP requests (bsc#1011812)\n\n Bugs fixed:\n\n - Fixed StringIndexOutOfBoundsException in WebAppClassLoaderBase.filter().\n (bsc#974407)\n\n - Fixed a deployment error in the examples webapp by changing the\n context.xml format to the new one introduced by Tomcat 8. (bsc#1004728)\n\n - Enabled optional setenv.sh script. See section '(3.4) Using the 'setenv'\n script' in the referenced documentation. (bsc#1002639)\n\n - Fixed regression caused by CVE-2016-6816.\n\n This update supplies the new packages apache-commons-pool2 and\n apache-commons-dbcp in version 2 to allow tomcat to use the DBCP 2.0\n interface.\n\n This update was imported from the SUSE:SLE-12-SP1:Update update project.\");\n\n script_tag(name:\"affected\", value:\"tomcat on openSUSE Leap 42.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:3129-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.1\");\n\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/tomcat-8.0-doc/RUNNING.txt\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"apache-commons-dbcp\", rpm:\"apache-commons-dbcp~2.1.1~2.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache-commons-dbcp-javadoc\", rpm:\"apache-commons-dbcp-javadoc~2.1.1~2.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache-commons-pool2\", rpm:\"apache-commons-pool2~2.4.2~2.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache-commons-pool2-javadoc\", rpm:\"apache-commons-pool2-javadoc~2.4.2~2.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~8.0.32~11.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-admin-webapps\", rpm:\"tomcat-admin-webapps~8.0.32~11.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-docs-webapp\", rpm:\"tomcat-docs-webapp~8.0.32~11.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-el-3_0-api\", rpm:\"tomcat-el-3_0-api~8.0.32~11.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-embed\", rpm:\"tomcat-embed~8.0.32~11.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-javadoc\", rpm:\"tomcat-javadoc~8.0.32~11.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-jsp-2_3-api\", rpm:\"tomcat-jsp-2_3-api~8.0.32~11.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-jsvc\", rpm:\"tomcat-jsvc~8.0.32~11.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-lib\", rpm:\"tomcat-lib~8.0.32~11.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-servlet-3_1-api\", rpm:\"tomcat-servlet-3_1-api~8.0.32~11.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-webapps\", rpm:\"tomcat-webapps~8.0.32~11.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-02-20T18:43:53", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for tomcat (EulerOS-SA-2017-1192)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6796", "CVE-2016-0762", "CVE-2016-5018", "CVE-2017-5664", "CVE-2017-5648", "CVE-2016-6794", "CVE-2016-6797"], "modified": "2020-02-18T00:00:00", "id": "OPENVAS:1361412562311220171192", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171192", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1192\");\n script_version(\"2020-02-18T11:13:49+0000\");\n script_cve_id(\"CVE-2016-0762\", \"CVE-2016-5018\", \"CVE-2016-6794\", \"CVE-2016-6796\", \"CVE-2016-6797\", \"CVE-2017-5648\", \"CVE-2017-5664\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-02-18 11:13:49 +0000 (Tue, 18 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 10:57:27 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for tomcat (EulerOS-SA-2017-1192)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1192\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1192\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'tomcat' package(s) announced via the EulerOS-SA-2017-1192 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The Realm implementations did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder. (CVE-2016-0762)\n\nIt was discovered that a malicious web application could bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications. (CVE-2016-5018)\n\nIt was discovered that when a SecurityManager was configured, Tomcat's system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible. (CVE-2016-6794)\n\nIt was discovered that a malicious web application could bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. (CVE-2016-6796)\n\nIt was discovered that it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not. (CVE-2016-6797)\n\nA vulnerability was discovered in tomcat. When running an untrusted application under a SecurityManager it was possible, under some circumstances, for that application to retain references to the request or response objects and thereby access and/or modify information associated with another web application.(CVE-2017-5648)\n\nA vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page.(CVE-2017-5664)\");\n\n script_tag(name:\"affected\", value:\"'tomcat' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~7.0.76~2\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-admin-webapps\", rpm:\"tomcat-admin-webapps~7.0.76~2\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-el-2.2-api\", rpm:\"tomcat-el-2.2-api~7.0.76~2\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-jsp-2.2-api\", rpm:\"tomcat-jsp-2.2-api~7.0.76~2\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-lib\", rpm:\"tomcat-lib~7.0.76~2\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-servlet-3.0-api\", rpm:\"tomcat-servlet-3.0-api~7.0.76~2\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-webapps\", rpm:\"tomcat-webapps~7.0.76~2\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-02-20T18:49:17", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for tomcat (EulerOS-SA-2017-1191)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6796", "CVE-2016-0762", "CVE-2016-5018", "CVE-2017-5664", "CVE-2017-5648", "CVE-2016-6794", "CVE-2016-6797"], "modified": "2020-02-18T00:00:00", "id": "OPENVAS:1361412562311220171191", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171191", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1191\");\n script_version(\"2020-02-18T11:13:49+0000\");\n script_cve_id(\"CVE-2016-0762\", \"CVE-2016-5018\", \"CVE-2016-6794\", \"CVE-2016-6796\", \"CVE-2016-6797\", \"CVE-2017-5648\", \"CVE-2017-5664\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-02-18 11:13:49 +0000 (Tue, 18 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 10:57:19 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for tomcat (EulerOS-SA-2017-1191)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1191\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1191\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'tomcat' package(s) announced via the EulerOS-SA-2017-1191 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The Realm implementations did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder. (CVE-2016-0762)\n\nIt was discovered that a malicious web application could bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications. (CVE-2016-5018)\n\nIt was discovered that when a SecurityManager was configured, Tomcat's system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible. (CVE-2016-6794)\n\nIt was discovered that a malicious web application could bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. (CVE-2016-6796)\n\nIt was discovered that it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not. (CVE-2016-6797)\n\nA vulnerability was discovered in tomcat. When running an untrusted application under a SecurityManager it was possible, under some circumstances, for that application to retain references to the request or response objects and thereby access and/or modify information associated with another web application.(CVE-2017-5648)\n\nA vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page.(CVE-2017-5664)\");\n\n script_tag(name:\"affected\", value:\"'tomcat' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~7.0.76~2\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-admin-webapps\", rpm:\"tomcat-admin-webapps~7.0.76~2\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-el-2.2-api\", rpm:\"tomcat-el-2.2-api~7.0.76~2\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-jsp-2.2-api\", rpm:\"tomcat-jsp-2.2-api~7.0.76~2\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-lib\", rpm:\"tomcat-lib~7.0.76~2\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-servlet-3.0-api\", rpm:\"tomcat-servlet-3.0-api~7.0.76~2\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-webapps\", rpm:\"tomcat-webapps~7.0.76~2\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-01-31T18:28:14", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-02-22T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for tomcat (openSUSE-SU-2016:3144-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6796", "CVE-2016-0762", "CVE-2016-6816", "CVE-2016-5018", "CVE-2016-8735", "CVE-2016-6794", "CVE-2016-6797"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851503", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851503", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851503\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-02-22 15:16:02 +0100 (Wed, 22 Feb 2017)\");\n script_cve_id(\"CVE-2016-0762\", \"CVE-2016-5018\", \"CVE-2016-6794\", \"CVE-2016-6796\",\n \"CVE-2016-6797\", \"CVE-2016-6816\", \"CVE-2016-8735\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for tomcat (openSUSE-SU-2016:3144-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for tomcat fixes the following issues:\n\n Feature changes:\n\n The embedded Apache Commons DBCP component was updated to version 2.0.\n (bsc#1010893 fate#321029)\n\n Security fixes:\n\n - CVE-2016-0762: Realm Timing Attack (bsc#1007854)\n\n - CVE-2016-5018: Security Manager Bypass (bsc#1007855)\n\n - CVE-2016-6794: System Property Disclosure (bsc#1007857)\n\n - CVE-2016-6796: Security Manager Bypass (bsc#1007858)\n\n - CVE-2016-6797: Unrestricted Access to Global Resources (bsc#1007853)\n\n - CVE-2016-8735: Remote code execution vulnerability in\n JmxRemoteLifecycleListener (bsc#1011805)\n\n - CVE-2016-6816: HTTP Request smuggling vulnerability due to permitting\n invalid character in HTTP requests (bsc#1011812)\n\n Bug fixes:\n\n - Enabled optional setenv.sh script. See section '(3.4) Using the 'setenv'\n script' in the linked documentation. (bsc#1002639)\n\n This update supplies the new packages apache-commons-pool2 and\n apache-commons-dbcp in version 2 to allow tomcat to use the DBCP 2.0\n interface.\n\n This update was imported from the SUSE:SLE-12-SP2:Update update project.\");\n\n script_tag(name:\"affected\", value:\"tomcat on openSUSE Leap 42.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:3144-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.2\");\n\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/tomcat-8.0-doc/RUNNING.txt\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.2\") {\n if(!isnull(res = isrpmvuln(pkg:\"apache-commons-dbcp\", rpm:\"apache-commons-dbcp~2.1.1~2.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache-commons-dbcp-javadoc\", rpm:\"apache-commons-dbcp-javadoc~2.1.1~2.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache-commons-pool2\", rpm:\"apache-commons-pool2~2.4.2~2.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache-commons-pool2-javadoc\", rpm:\"apache-commons-pool2-javadoc~2.4.2~2.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~8.0.36~4.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-admin-webapps\", rpm:\"tomcat-admin-webapps~8.0.36~4.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-docs-webapp\", rpm:\"tomcat-docs-webapp~8.0.36~4.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-el-3_0-api\", rpm:\"tomcat-el-3_0-api~8.0.36~4.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-embed\", rpm:\"tomcat-embed~8.0.36~4.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-javadoc\", rpm:\"tomcat-javadoc~8.0.36~4.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-jsp-2_3-api\", rpm:\"tomcat-jsp-2_3-api~8.0.36~4.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-jsvc\", rpm:\"tomcat-jsvc~8.0.36~4.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-lib\", rpm:\"tomcat-lib~8.0.36~4.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-servlet-3_1-api\", rpm:\"tomcat-servlet-3_1-api~8.0.36~4.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-webapps\", rpm:\"tomcat-webapps~8.0.36~4.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:03", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-02-03T00:00:00", "type": "openvas", "title": "Ubuntu Update for tomcat7 USN-3177-2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9774", "CVE-2016-6796", "CVE-2016-8745", "CVE-2016-0762", "CVE-2016-6816", "CVE-2016-5388", "CVE-2016-5018", "CVE-2016-9775", "CVE-2016-8735", "CVE-2016-6794", "CVE-2016-6797"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843035", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843035", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for tomcat7 USN-3177-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843035\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-02-03 05:48:02 +0100 (Fri, 03 Feb 2017)\");\n script_cve_id(\"CVE-2016-0762\", \"CVE-2016-5018\", \"CVE-2016-5388\", \"CVE-2016-6794\",\n\t\t\"CVE-2016-6796\", \"CVE-2016-6797\", \"CVE-2016-6816\", \"CVE-2016-8735\",\n\t\t\"CVE-2016-8745\", \"CVE-2016-9774\", \"CVE-2016-9775\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for tomcat7 USN-3177-2\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat7'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"USN-3177-1 fixed vulnerabilities in Tomcat.\n The update introduced a regression in environments where Tomcat is started with\n a security manager. This update fixes the problem.\n\nOriginal advisory details:\n\nIt was discovered that the Tomcat realm implementations incorrectly handled\npasswords when a username didn't exist. A remote attacker could possibly\nuse this issue to enumerate usernames. This issue only applied to Ubuntu\n12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-0762)\nAlvaro Munoz and Alexander Mirosh discovered that Tomcat incorrectly\nlimited use of a certain utility method. A malicious application could\npossibly use this to bypass Security Manager restrictions. This issue only\napplied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.\n(CVE-2016-5018)\nIt was discovered that Tomcat did not protect applications from untrusted\ndata in the HTTP_PROXY environment variable. A remote attacker could\npossibly use this issue to redirect outbound traffic to an arbitrary proxy\nserver. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and\nUbuntu 16.04 LTS. (CVE-2016-5388)\nIt was discovered that Tomcat incorrectly controlled reading system\nproperties. A malicious application could possibly use this to bypass\nSecurity Manager restrictions. This issue only applied to Ubuntu 12.04 LTS,\nUbuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6794)\nIt was discovered that Tomcat incorrectly controlled certain configuration\nparameters. A malicious application could possibly use this to bypass\nSecurity Manager restrictions. This issue only applied to Ubuntu 12.04 LTS,\nUbuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6796)\nIt was discovered that Tomcat incorrectly limited access to global JNDI\nresources. A malicious application could use this to access any global JNDI\nresource without an explicit ResourceLink. This issue only applied to\nUbuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6797)\nRegis Leroy discovered that Tomcat incorrectly filtered certain invalid\ncharacters from the HTTP request line. A remote attacker could possibly\nuse this issue to inject data into HTTP responses. (CVE-2016-6816)\nPierre Ernst discovered that the Tomcat JmxRemoteLifecycleListener did not\nimplement a recommended fix. A remote attacker could possibly use this\nissue to execute arbitrary code. (CVE-2016-8735)\nIt was discovered that Tomcat incorrectly handled error handling in the\nsend file code. A remote attacker could possibly use this issue to access\ninformation from other requests. (CVE-2016-8745)\nPaul Szabo discovered that the Tomcat package incorrectly handled upgrades\nand removals. A local attacker could possibly use this issue to obtain\nroot privileges. (CVE-2016-9774, CVE-2016-9775)\");\n script_tag(name:\"affected\", value:\"tomcat7 on Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3177-2\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3177-2/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtomcat7-java\", ver:\"7.0.52-1ubuntu0.9\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat7\", ver:\"7.0.52-1ubuntu0.9\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.35-1ubuntu3.10\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6\", ver:\"6.0.35-1ubuntu3.10\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:14", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-01-24T00:00:00", "type": "openvas", "title": "Ubuntu Update for tomcat8 USN-3177-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9774", "CVE-2016-6796", "CVE-2016-8745", "CVE-2016-0762", "CVE-2016-6816", "CVE-2016-5388", "CVE-2016-5018", "CVE-2016-9775", "CVE-2016-8735", "CVE-2016-6794", "CVE-2016-6797"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843024", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843024", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for tomcat8 USN-3177-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843024\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-01-24 10:19:27 +0100 (Tue, 24 Jan 2017)\");\n script_cve_id(\"CVE-2016-0762\", \"CVE-2016-5018\", \"CVE-2016-5388\", \"CVE-2016-6794\",\n\t\t\"CVE-2016-6796\", \"CVE-2016-6797\", \"CVE-2016-6816\", \"CVE-2016-8735\",\n\t\t\"CVE-2016-8745\", \"CVE-2016-9774\", \"CVE-2016-9775\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for tomcat8 USN-3177-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat8'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that the Tomcat realm implementations incorrectly handled\npasswords when a username didn't exist. A remote attacker could possibly\nuse this issue to enumerate usernames. This issue only applied to Ubuntu\n12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-0762)\n\nAlvaro Munoz and Alexander Mirosh discovered that Tomcat incorrectly\nlimited use of a certain utility method. A malicious application could\npossibly use this to bypass Security Manager restrictions. This issue only\napplied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.\n(CVE-2016-5018)\n\nIt was discovered that Tomcat did not protect applications from untrusted\ndata in the HTTP_PROXY environment variable. A remote attacker could\npossibly use this issue to redirect outbound traffic to an arbitrary proxy\nserver. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and\nUbuntu 16.04 LTS. (CVE-2016-5388)\n\nIt was discovered that Tomcat incorrectly controlled reading system\nproperties. A malicious application could possibly use this to bypass\nSecurity Manager restrictions. This issue only applied to Ubuntu 12.04 LTS,\nUbuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6794)\n\nIt was discovered that Tomcat incorrectly controlled certain configuration\nparameters. A malicious application could possibly use this to bypass\nSecurity Manager restrictions. This issue only applied to Ubuntu 12.04 LTS,\nUbuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6796)\n\nIt was discovered that Tomcat incorrectly limited access to global JNDI\nresources. A malicious application could use this to access any global JNDI\nresource without an explicit ResourceLink. This issue only applied to\nUbuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6797)\n\nRegis Leroy discovered that Tomcat incorrectly filtered certain invalid\ncharacters from the HTTP request line. A remote attacker could possibly\nuse this issue to inject data into HTTP responses. (CVE-2016-6816)\n\nPierre Ernst discovered that the Tomcat JmxRemoteLifecycleListener did not\nimplement a recommended fix. A remote attacker could possibly use this\nissue to execute arbitrary code. (CVE-2016-8735)\n\nIt was discovered that Tomcat incorrectly handled error handling in the\nsend file code. A remote attacker could possibly use this issue to access\ninformation from other requests. (CVE-2016-8745)\n\nPaul Szabo discovered that the Tomcat package incorrectly handled upgrades\nand removals. A local attacker could possibly use this issue to obtain\nroot privileges. (CVE-2016-9774, CVE-2016-9775)\");\n script_tag(name:\"affected\", value:\"tomcat8 on Ubuntu 16.10,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3177-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3177-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|16\\.10|12\\.04 LTS|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtomcat7-java\", ver:\"7.0.52-1ubuntu0.8\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat7\", ver:\"7.0.52-1ubuntu0.8\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtomcat8-java\", ver:\"8.0.37-1ubuntu0.1\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat8\", ver:\"8.0.37-1ubuntu0.1\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.35-1ubuntu3.9\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6\", ver:\"6.0.35-1ubuntu3.9\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtomcat8-java\", ver:\"8.0.32-1ubuntu1.3\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat8\", ver:\"8.0.32-1ubuntu1.3\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-14T18:57:05", "description": "Check the version of tomcat", "cvss3": {}, "published": "2016-10-12T00:00:00", "type": "openvas", "title": "CentOS Update for tomcat CESA-2016:2046 centos7", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5425", "CVE-2016-6325", "CVE-2016-5388", "CVE-2015-5346", "CVE-2014-7810"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310882575", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882575", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882575\");\n script_version(\"2020-03-13T10:06:41+0000\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 10:06:41 +0000 (Fri, 13 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-10-12 05:44:31 +0200 (Wed, 12 Oct 2016)\");\n script_cve_id(\"CVE-2014-7810\", \"CVE-2015-5346\", \"CVE-2016-5388\", \"CVE-2016-5425\", \"CVE-2016-6325\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for tomcat CESA-2016:2046 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of tomcat\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Apache Tomcat is a servlet container for\nthe Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n * It was discovered that the Tomcat packages installed configuration file\n/usr/lib/tmpfiles.d/tomcat.conf writeable to the tomcat group. A member of\nthe group or a malicious web application deployed on Tomcat could use this\nflaw to escalate their privileges. (CVE-2016-5425)\n\n * It was discovered that the Tomcat packages installed certain\nconfiguration files read by the Tomcat initialization script as writeable\nto the tomcat group. A member of the group or a malicious web application\ndeployed on Tomcat could use this flaw to escalate their privileges.\n(CVE-2016-6325)\n\n * It was found that the expression language resolver evaluated expressions\nwithin a privileged code section. A malicious web application could use\nthis flaw to bypass security manager protections. (CVE-2014-7810)\n\n * It was discovered that tomcat used the value of the Proxy header from\nHTTP requests to initialize the HTTP_PROXY environment variable for CGI\nscripts, which in turn was incorrectly used by certain HTTP client\nimplementations to configure the proxy for outgoing HTTP requests. A remote\nattacker could possibly use this flaw to redirect HTTP requests performed\nby a CGI script to an attacker-controlled proxy via a malicious HTTP\nrequest. (CVE-2016-5388)\n\n * A session fixation flaw was found in the way Tomcat recycled the\nrequestedSessionSSL field. If at least one web application was configured\nto use the SSL session ID as the HTTP session ID, an attacker could reuse a\npreviously used session ID for further requests. (CVE-2015-5346)\n\nRed Hat would like to thank Dawid Golunski ('legalhackers.com') for\nreporting CVE-2016-5425 and Scott Geary (VendHQ) for reporting\nCVE-2016-5388. The CVE-2016-6325 issue was discovered by Red Hat Product\nSecurity.\");\n script_tag(name:\"affected\", value:\"tomcat on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:2046\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-October/022121.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~7.0.54~8.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-admin-webapps\", rpm:\"tomcat-admin-webapps~7.0.54~8.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-docs-webapp\", rpm:\"tomcat-docs-webapp~7.0.54~8.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-el-2.2-api\", rpm:\"tomcat-el-2.2-api~7.0.54~8.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-javadoc\", rpm:\"tomcat-javadoc~7.0.54~8.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-jsp-2.2-api\", rpm:\"tomcat-jsp-2.2-api~7.0.54~8.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-jsvc\", rpm:\"tomcat-jsvc~7.0.54~8.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-lib\", rpm:\"tomcat-lib~7.0.54~8.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-servlet-3.0-api\", rpm:\"tomcat-servlet-3.0-api~7.0.54~8.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-webapps\", rpm:\"tomcat-webapps~7.0.54~8.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-14T18:56:09", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-10-11T00:00:00", "type": "openvas", "title": "RedHat Update for tomcat RHSA-2016:2046-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5425", "CVE-2016-6325", "CVE-2016-5388", "CVE-2015-5346", "CVE-2014-7810"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310871670", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871670", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871670\");\n script_version(\"2020-03-13T10:06:41+0000\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 10:06:41 +0000 (Fri, 13 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-10-11 06:32:10 +0200 (Tue, 11 Oct 2016)\");\n script_cve_id(\"CVE-2014-7810\", \"CVE-2015-5346\", \"CVE-2016-5388\", \"CVE-2016-5425\",\n \"CVE-2016-6325\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for tomcat RHSA-2016:2046-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Apache Tomcat is a servlet container for\nthe Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n * It was discovered that the Tomcat packages installed configuration file\n/usr/lib/tmpfiles.d/tomcat.conf writeable to the tomcat group. A member of\nthe group or a malicious web application deployed on Tomcat could use this\nflaw to escalate their privileges. (CVE-2016-5425)\n\n * It was discovered that the Tomcat packages installed certain\nconfiguration files read by the Tomcat initialization script as writeable\nto the tomcat group. A member of the group or a malicious web application\ndeployed on Tomcat could use this flaw to escalate their privileges.\n(CVE-2016-6325)\n\n * It was found that the expression language resolver evaluated expressions\nwithin a privileged code section. A malicious web application could use\nthis flaw to bypass security manager protections. (CVE-2014-7810)\n\n * It was discovered that tomcat used the value of the Proxy header from\nHTTP requests to initialize the HTTP_PROXY environment variable for CGI\nscripts, which in turn was incorrectly used by certain HTTP client\nimplementations to configure the proxy for outgoing HTTP requests. A remote\nattacker could possibly use this flaw to redirect HTTP requests performed\nby a CGI script to an attacker-controlled proxy via a malicious HTTP\nrequest. (CVE-2016-5388)\n\n * A session fixation flaw was found in the way Tomcat recycled the\nrequestedSessionSSL field. If at least one web application was configured\nto use the SSL session ID as the HTTP session ID, an attacker could reuse a\npreviously used session ID for further requests. (CVE-2015-5346)\n\nRed Hat would like to thank Dawid Golunski for\nreporting CVE-2016-5425 and Scott Geary (VendHQ) for reporting\nCVE-2016-5388. The CVE-2016-6325 issue was discovered by Red Hat Product\nSecurity.\");\n script_tag(name:\"affected\", value:\"tomcat on\n Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2016:2046-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2016-October/msg00019.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~7.0.54~8.el7_2\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-admin-webapps\", rpm:\"tomcat-admin-webapps~7.0.54~8.el7_2\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-el-2.2-api\", rpm:\"tomcat-el-2.2-api~7.0.54~8.el7_2\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-jsp-2.2-api\", rpm:\"tomcat-jsp-2.2-api~7.0.54~8.el7_2\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-lib\", rpm:\"tomcat-lib~7.0.54~8.el7_2\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-servlet-3.0-api\", rpm:\"tomcat-servlet-3.0-api~7.0.54~8.el7_2\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-webapps\", rpm:\"tomcat-webapps~7.0.54~8.el7_2\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-02-20T18:47:39", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for tomcat (EulerOS-SA-2016-1049)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5425", "CVE-2016-6325", "CVE-2016-5388", "CVE-2015-5346", "CVE-2014-7810"], "modified": "2020-02-18T00:00:00", "id": "OPENVAS:1361412562311220161049", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220161049", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2016.1049\");\n script_version(\"2020-02-18T11:13:49+0000\");\n script_cve_id(\"CVE-2014-7810\", \"CVE-2015-5346\", \"CVE-2016-5388\", \"CVE-2016-5425\", \"CVE-2016-6325\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-02-18 11:13:49 +0000 (Tue, 18 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 10:40:59 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for tomcat (EulerOS-SA-2016-1049)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2016-1049\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2016-1049\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'tomcat' package(s) announced via the EulerOS-SA-2016-1049 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.(CVE-2014-7810)\n\nSession fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the same web application, might allow remote attackers to hijack web sessions by leveraging use of a requestedSessionSSL field for an unintended request, related to CoyoteAdapter.java and Request.java.(CVE-2015-5346)\n\nApache Tomcat through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an 'httpoxy' issue. NOTE: the vendor states 'A mitigation is planned for future releases of Tomcat, tracked as CVE-2016-5388', in other words, this is not a CVE ID for a vulnerability.(CVE-2016-5388)\n\nIt was discovered that the Tomcat packages installed configuration file /usr/lib/tmpfiles.d/tomcat.conf writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges.(CVE-2016-5425)\n\nIt was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges.(CVE-2016-6325)\");\n\n script_tag(name:\"affected\", value:\"'tomcat' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~7.0.54~8\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-admin-webapps\", rpm:\"tomcat-admin-webapps~7.0.54~8\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-el-2.2-api\", rpm:\"tomcat-el-2.2-api~7.0.54~8\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-jsp-2.2-api\", rpm:\"tomcat-jsp-2.2-api~7.0.54~8\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-lib\", rpm:\"tomcat-lib~7.0.54~8\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-servlet-3.0-api\", rpm:\"tomcat-servlet-3.0-api~7.0.54~8\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-webapps\", rpm:\"tomcat-webapps~7.0.54~8\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-17T22:56:45", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2016-10-26T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2016-722)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5388"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120711", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120711", "sourceData": "# Copyright (C) 2016 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120711\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2016-10-26 15:38:15 +0300 (Wed, 26 Oct 2016)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2016-722)\");\n script_tag(name:\"insight\", value:\"Tomcat's CGI support used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request (known as the httpoxy class of vulnerabilities).\");\n script_tag(name:\"solution\", value:\"Run yum update tomcat6 to update your system.\n\n Run yum update tomcat7 to update your system.\n\n Run yum update tomcat8 to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2016-722.html\");\n script_cve_id(\"CVE-2016-5388\");\n script_tag(name:\"cvss_base\", value:\"5.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2016 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"tomcat6-lib\", rpm:\"tomcat6-lib~6.0.45~1.5.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat6-servlet-2.5-api\", rpm:\"tomcat6-servlet-2.5-api~6.0.45~1.5.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat6-admin-webapps\", rpm:\"tomcat6-admin-webapps~6.0.45~1.5.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat6-webapps\", rpm:\"tomcat6-webapps~6.0.45~1.5.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat6-docs-webapp\", rpm:\"tomcat6-docs-webapp~6.0.45~1.5.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat6-jsp-2.1-api\", rpm:\"tomcat6-jsp-2.1-api~6.0.45~1.5.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat6-el-2.1-api\", rpm:\"tomcat6-el-2.1-api~6.0.45~1.5.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat6-javadoc\", rpm:\"tomcat6-javadoc~6.0.45~1.5.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat7-el-2.2-api\", rpm:\"tomcat7-el-2.2-api~7.0.69~1.17.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat7-admin-webapps\", rpm:\"tomcat7-admin-webapps~7.0.69~1.17.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat7-log4j\", rpm:\"tomcat7-log4j~7.0.69~1.17.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat7-lib\", rpm:\"tomcat7-lib~7.0.69~1.17.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat7-javadoc\", rpm:\"tomcat7-javadoc~7.0.69~1.17.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat7-webapps\", rpm:\"tomcat7-webapps~7.0.69~1.17.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat7-docs-webapp\", rpm:\"tomcat7-docs-webapp~7.0.69~1.17.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat7-servlet-3.0-api\", rpm:\"tomcat7-servlet-3.0-api~7.0.69~1.17.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat7-jsp-2.2-api\", rpm:\"tomcat7-jsp-2.2-api~7.0.69~1.17.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat8-jsp-2.3-api\", rpm:\"tomcat8-jsp-2.3-api~8.0.35~1.61.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat8-javadoc\", rpm:\"tomcat8-javadoc~8.0.35~1.61.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat8-admin-webapps\", rpm:\"tomcat8-admin-webapps~8.0.35~1.61.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat8-lib\", rpm:\"tomcat8-lib~8.0.35~1.61.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat8-servlet-3.1-api\", rpm:\"tomcat8-servlet-3.1-api~8.0.35~1.61.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat8-el-3.0-api\", rpm:\"tomcat8-el-3.0-api~8.0.35~1.61.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat8-webapps\", rpm:\"tomcat8-webapps~8.0.35~1.61.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat8-docs-webapp\", rpm:\"tomcat8-docs-webapp~8.0.35~1.61.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat8-log4j\", rpm:\"tomcat8-log4j~8.0.35~1.61.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:01", "description": "This host is installed with Apache Tomcat\n and is prone to man in the middle attack vulnerability.", "cvss3": {}, "published": "2016-08-02T00:00:00", "type": "openvas", "title": "Apache Tomcat 'CGI Servlet' Man-in-the-Middle Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5388"], "modified": "2019-05-10T00:00:00", "id": "OPENVAS:1361412562310808629", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808629", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_tomcat_cgi_servlet_mitm_vuln.nasl 61457 2016-08-02 11:10:26Z Aug$\n#\n# Apache Tomcat 'CGI Servlet' Man-in-the-Middle Vulnerability\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:tomcat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808629\");\n script_version(\"2019-05-10T11:41:35+0000\");\n script_cve_id(\"CVE-2016-5388\");\n script_bugtraq_id(91818);\n script_tag(name:\"cvss_base\", value:\"5.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-10 11:41:35 +0000 (Fri, 10 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-08-02 11:10:26 +0530 (Tue, 02 Aug 2016)\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_name(\"Apache Tomcat 'CGI Servlet' Man-in-the-Middle Vulnerability\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apache Tomcat\n and is prone to man in the middle attack vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to 'CGI Servlet' does\n not protect applications from the presence of untrusted client data in\n the 'HTTP_PROXY' environment variable.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to conduct MITM attacks on internal server subrequests or direct\n the server to initiate connections to arbitrary hosts.\");\n\n script_tag(name:\"affected\", value:\"Apache Tomcat versions 8.5.4 and prior.\");\n\n script_tag(name:\"solution\", value:\"Information is available and linked in the references\n about a configuration or deployment scenario that helps to reduce the risk of the\n vulnerability.\");\n\n script_tag(name:\"solution_type\", value:\"Mitigation\");\n\n script_xref(name:\"URL\", value:\"http://www.kb.cert.org/vuls/id/BLUU-ABSLHW\");\n script_xref(name:\"URL\", value:\"https://www.apache.org/security/asf-httpoxy-response.txt\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Web Servers\");\n script_dependencies(\"gb_apache_tomcat_consolidation.nasl\");\n script_mandatory_keys(\"apache/tomcat/detected\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( isnull( appPort = get_app_port( cpe:CPE ) ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_location( cpe:CPE, port:appPort, exit_no_version:TRUE ) )\n exit( 0 );\n\nappVer = infos[\"version\"];\npath = infos[\"location\"];\n\nif(version_is_less_equal(version:appVer, test_version:\"8.5.4\")) {\n report = report_fixed_ver(installed_version:appVer, fixed_version:\"Mitigation\", install_path:path);\n security_message(data:report, port:appPort);\n exit(0);\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-14T18:56:03", "description": "Check the version of tomcat6", "cvss3": {}, "published": "2016-10-12T00:00:00", "type": "openvas", "title": "CentOS Update for tomcat6 CESA-2016:2045 centos6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0714", "CVE-2015-5345", "CVE-2016-6325", "CVE-2016-5388", "CVE-2015-5174", "CVE-2016-0706"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310882576", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882576", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882576\");\n script_version(\"2020-03-13T10:06:41+0000\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 10:06:41 +0000 (Fri, 13 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-10-12 05:45:01 +0200 (Wed, 12 Oct 2016)\");\n script_cve_id(\"CVE-2015-5174\", \"CVE-2015-5345\", \"CVE-2016-0706\", \"CVE-2016-0714\",\n \"CVE-2016-5388\", \"CVE-2016-6325\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for tomcat6 CESA-2016:2045 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of tomcat6\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Apache Tomcat is a servlet container for\nthe Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n * It was discovered that the Tomcat packages installed certain\nconfiguration files read by the Tomcat initialization script as writeable\nto the tomcat group. A member of the group or a malicious web application\ndeployed on Tomcat could use this flaw to escalate their privileges.\n(CVE-2016-6325)\n\n * It was found that several Tomcat session persistence mechanisms could\nallow a remote, authenticated user to bypass intended SecurityManager\nrestrictions and execute arbitrary code in a privileged context via a web\napplication that placed a crafted object in a session. (CVE-2016-0714)\n\n * It was discovered that tomcat used the value of the Proxy header from\nHTTP requests to initialize the HTTP_PROXY environment variable for CGI\nscripts, which in turn was incorrectly used by certain HTTP client\nimplementations to configure the proxy for outgoing HTTP requests. A remote\nattacker could possibly use this flaw to redirect HTTP requests performed\nby a CGI script to an attacker-controlled proxy via a malicious HTTP\nrequest. (CVE-2016-5388)\n\n * A directory traversal flaw was found in Tomcat's RequestUtil.java. A\nremote, authenticated user could use this flaw to bypass intended\nSecurityManager restrictions and list a parent directory via a '/..' in a\npathname used by a web application in a getResource, getResourceAsStream,\nor getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps\ndirectory. (CVE-2015-5174)\n\n * It was found that Tomcat could reveal the presence of a directory even\nwhen that directory was protected by a security constraint. A user could\nmake a request to a directory via a URL not ending with a slash and,\ndepending on whether Tomcat redirected that request, could confirm whether\nthat directory existed. (CVE-2015-5345)\n\n * It was found that Tomcat allowed the StatusManagerServlet to be loaded by\na web application when a security manager was configured. This allowed a\nweb application to list all deployed web applications and expose sensitive\ninformation such as session IDs. (CVE-2016-0706)\n\nRed Hat would like to thank Scott Geary (VendHQ) for reporting\nCVE-2016-5388. The CVE-2016-6325 issue was discovered by Red Hat Product\nSecurity.\n\nBug Fix(es):\n\n * Due to a bug in the tomcat6 spec file, the catalina.out file's md5sum,\nsize, and mtime attributes were compared to the file's attributes at\ninstallation time. Because these attributes change after the service is\nstarted, the 'rpm -V' command previously failed. With this update, the\nattributes mentioned above are ignored in the RPM verification and the\ncatalina.out file now passes the verification check. (BZ#1357123)\");\n script_tag(name:\"affected\", value:\"tomcat6 on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:2045\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-October/022119.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.24~98.el6_8\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-admin-webapps\", rpm:\"tomcat6-admin-webapps~6.0.24~98.el6_8\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-docs-webapp\", rpm:\"tomcat6-docs-webapp~6.0.24~98.el6_8\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-el-2.1-api\", rpm:\"tomcat6-el-2.1-api~6.0.24~98.el6_8\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-javadoc\", rpm:\"tomcat6-javadoc~6.0.24~98.el6_8\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-jsp-2.1-api\", rpm:\"tomcat6-jsp-2.1-api~6.0.24~98.el6_8\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-lib\", rpm:\"tomcat6-lib~6.0.24~98.el6_8\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-servlet-2.5-api\", rpm:\"tomcat6-servlet-2.5-api~6.0.24~98.el6_8\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-webapps\", rpm:\"tomcat6-webapps~6.0.24~98.el6_8\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-14T18:56:17", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-10-11T00:00:00", "type": "openvas", "title": "RedHat Update for tomcat6 RHSA-2016:2045-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0714", "CVE-2015-5345", "CVE-2016-6325", "CVE-2016-5388", "CVE-2015-5174", "CVE-2016-0706"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310871669", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871669", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871669\");\n script_version(\"2020-03-13T10:06:41+0000\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 10:06:41 +0000 (Fri, 13 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-10-11 06:32:01 +0200 (Tue, 11 Oct 2016)\");\n script_cve_id(\"CVE-2015-5174\", \"CVE-2015-5345\", \"CVE-2016-0706\", \"CVE-2016-0714\",\n \"CVE-2016-5388\", \"CVE-2016-6325\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for tomcat6 RHSA-2016:2045-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat6'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Apache Tomcat is a servlet container for\nthe Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n * It was discovered that the Tomcat packages installed certain\nconfiguration files read by the Tomcat initialization script as writeable\nto the tomcat group. A member of the group or a malicious web application\ndeployed on Tomcat could use this flaw to escalate their privileges.\n(CVE-2016-6325)\n\n * It was found that several Tomcat session persistence mechanisms could\nallow a remote, authenticated user to bypass intended SecurityManager\nrestrictions and execute arbitrary code in a privileged context via a web\napplication that placed a crafted object in a session. (CVE-2016-0714)\n\n * It was discovered that tomcat used the value of the Proxy header from\nHTTP requests to initialize the HTTP_PROXY environment variable for CGI\nscripts, which in turn was incorrectly used by certain HTTP client\nimplementations to configure the proxy for outgoing HTTP requests. A remote\nattacker could possibly use this flaw to redirect HTTP requests performed\nby a CGI script to an attacker-controlled proxy via a malicious HTTP\nrequest. (CVE-2016-5388)\n\n * A directory traversal flaw was found in Tomcat's RequestUtil.java. A\nremote, authenticated user could use this flaw to bypass intended\nSecurityManager restrictions and list a parent directory via a '/..' in a\npathname used by a web application in a getResource, getResourceAsStream,\nor getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps\ndirectory. (CVE-2015-5174)\n\n * It was found that Tomcat could reveal the presence of a directory even\nwhen that directory was protected by a security constraint. A user could\nmake a request to a directory via a URL not ending with a slash and,\ndepending on whether Tomcat redirected that request, could confirm whether\nthat directory existed. (CVE-2015-5345)\n\n * It was found that Tomcat allowed the StatusManagerServlet to be loaded by\na web application when a security manager was configured. This allowed a\nweb application to list all deployed web applications and expose sensitive\ninformation such as session IDs. (CVE-2016-0706)\n\nRed Hat would like to thank Scott Geary (VendHQ) for reporting\nCVE-2016-5388. The CVE-2016-6325 issue was discovered by Red Hat Product\nSecurity.\n\nBug Fix(es):\n\n * Due to a bug in the tomcat6 spec file, the catalina.out file's md5sum,\nsize, and mtime attributes were compared to the file's attributes at\ninstallation time. Because these attributes change after the service i ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"tomcat6 on\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2016:2045-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2016-October/msg00018.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.24~98.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-admin-webapps\", rpm:\"tomcat6-admin-webapps~6.0.24~98.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-docs-webapp\", rpm:\"tomcat6-docs-webapp~6.0.24~98.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-el-2.1-api\", rpm:\"tomcat6-el-2.1-api~6.0.24~98.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-javadoc\", rpm:\"tomcat6-javadoc~6.0.24~98.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-jsp-2.1-api\", rpm:\"tomcat6-jsp-2.1-api~6.0.24~98.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-lib\", rpm:\"tomcat6-lib~6.0.24~98.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-servlet-2.5-api\", rpm:\"tomcat6-servlet-2.5-api~6.0.24~98.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-webapps\", rpm:\"tomcat6-webapps~6.0.24~98.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-05-18T14:30:28", "description": "This updates includes a rebase from tomcat 8.0.36 up to 8.0.38 which resolves multiple CVEs and a problem that 8.0.37 introduces to freeipa :\n\n - rhbz#1375581 - CVE-2016-5388 Tomcat: CGI sets environmental variable based on user supplied Proxy request header\n\n - rhbz#1390532 - CVE-2016-0762 CVE-2016-5018 CVE-2016-6794 CVE-2016-6796 CVE-2016-6797 tomcat: various flaws\n\nand includes two additional CVE fixes along with one bug fix :\n\n - rhbz#1383210 - CVE-2016-5425 tomcat: Local privilege escalation via systemd-tmpfiles service\n\n - rhbz#1383216 - CVE-2016-6325 tomcat: tomcat writable config files allow privilege escalation\n\n - rhbz#1370262 - catalina.out is no longer in use in the main package, but still gets rotated\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-11-21T00:00:00", "type": "nessus", "title": "Fedora 25 : 1:tomcat (2016-38e5b05260) (httpoxy)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0762", "CVE-2016-5018", "CVE-2016-5388", "CVE-2016-5425", "CVE-2016-6325", "CVE-2016-6794", "CVE-2016-6796", "CVE-2016-6797"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:tomcat", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2016-38E5B05260.NASL", "href": "https://www.tenable.com/plugins/nessus/94997", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-38e5b05260.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94997);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-0762\", \"CVE-2016-5018\", \"CVE-2016-5388\", \"CVE-2016-5425\", \"CVE-2016-6325\", \"CVE-2016-6794\", \"CVE-2016-6796\", \"CVE-2016-6797\");\n script_xref(name:\"FEDORA\", value:\"2016-38e5b05260\");\n\n script_name(english:\"Fedora 25 : 1:tomcat (2016-38e5b05260) (httpoxy)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This updates includes a rebase from tomcat 8.0.36 up to 8.0.38 which\nresolves multiple CVEs and a problem that 8.0.37 introduces to \nfreeipa :\n\n - rhbz#1375581 - CVE-2016-5388 Tomcat: CGI sets\n environmental variable based on user supplied Proxy\n request header\n\n - rhbz#1390532 - CVE-2016-0762 CVE-2016-5018 CVE-2016-6794\n CVE-2016-6796 CVE-2016-6797 tomcat: various flaws\n\nand includes two additional CVE fixes along with one bug fix :\n\n - rhbz#1383210 - CVE-2016-5425 tomcat: Local privilege\n escalation via systemd-tmpfiles service\n\n - rhbz#1383216 - CVE-2016-6325 tomcat: tomcat writable\n config files allow privilege escalation\n\n - rhbz#1370262 - catalina.out is no longer in use in the\n main package, but still gets rotated\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-38e5b05260\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 1:tomcat package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/21\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"tomcat-8.0.38-1.fc25\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:tomcat\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:11:46", "description": "This updates includes a rebase from tomcat 8.0.36 up to 8.0.38 which resolves multiple CVEs and a problem that 8.0.37 introduces to freeipa :\n\n - rhbz#1375581 - CVE-2016-5388 Tomcat: CGI sets environmental variable based on user supplied Proxy request header\n\n - rhbz#1390532 - CVE-2016-0762 CVE-2016-5018 CVE-2016-6794 CVE-2016-6796 CVE-2016-6797 tomcat: various flaws\n\nand includes two additional CVE fixes along with one bug fix :\n\n - rhbz#1383210 - CVE-2016-5425 tomcat: Local privilege escalation via systemd-tmpfiles service\n\n - rhbz#1383216 - CVE-2016-6325 tomcat: tomcat writable config files allow privilege escalation\n\n - rhbz#1370262 - catalina.out is no longer in use in the main package, but still gets rotated\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-11-14T00:00:00", "type": "nessus", "title": "Fedora 24 : 1:tomcat (2016-c1b01b9278) (httpoxy)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0762", "CVE-2016-5018", "CVE-2016-5388", "CVE-2016-5425", "CVE-2016-6325", "CVE-2016-6794", "CVE-2016-6796", "CVE-2016-6797"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:tomcat", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2016-C1B01B9278.NASL", "href": "https://www.tenable.com/plugins/nessus/94748", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-c1b01b9278.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94748);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-0762\", \"CVE-2016-5018\", \"CVE-2016-5388\", \"CVE-2016-5425\", \"CVE-2016-6325\", \"CVE-2016-6794\", \"CVE-2016-6796\", \"CVE-2016-6797\");\n script_xref(name:\"FEDORA\", value:\"2016-c1b01b9278\");\n\n script_name(english:\"Fedora 24 : 1:tomcat (2016-c1b01b9278) (httpoxy)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This updates includes a rebase from tomcat 8.0.36 up to 8.0.38 which\nresolves multiple CVEs and a problem that 8.0.37 introduces to \nfreeipa :\n\n - rhbz#1375581 - CVE-2016-5388 Tomcat: CGI sets\n environmental variable based on user supplied Proxy\n request header\n\n - rhbz#1390532 - CVE-2016-0762 CVE-2016-5018 CVE-2016-6794\n CVE-2016-6796 CVE-2016-6797 tomcat: various flaws\n\nand includes two additional CVE fixes along with one bug fix :\n\n - rhbz#1383210 - CVE-2016-5425 tomcat: Local privilege\n escalation via systemd-tmpfiles service\n\n - rhbz#1383216 - CVE-2016-6325 tomcat: tomcat writable\n config files allow privilege escalation\n\n - rhbz#1370262 - catalina.out is no longer in use in the\n main package, but still gets rotated\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-c1b01b9278\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 1:tomcat package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/14\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"tomcat-8.0.38-1.fc24\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:tomcat\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-23T14:19:39", "description": "It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. (CVE-2016-6325)\n\nA malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications. (CVE-2016-5018)\n\nThe Realm implementations did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder. (CVE-2016-0762)\n\nWhen a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager.\nTomcat's system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible.\n(CVE-2016-6794)\n\nA malicious web application was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. (CVE-2016-6796)\n\nThe ResourceLinkFactory did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not. (CVE-2016-6797)", "cvss3": {}, "published": "2016-11-11T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : tomcat6 / tomcat7,tomcat8 (ALAS-2016-764)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0762", "CVE-2016-5018", "CVE-2016-6325", "CVE-2016-6794", "CVE-2016-6796", "CVE-2016-6797"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:tomcat6", "p-cpe:/a:amazon:linux:tomcat6-admin-webapps", "p-cpe:/a:amazon:linux:tomcat6-docs-webapp", "p-cpe:/a:amazon:linux:tomcat6-el-2.1-api", "p-cpe:/a:amazon:linux:tomcat6-javadoc", "p-cpe:/a:amazon:linux:tomcat6-jsp-2.1-api", "p-cpe:/a:amazon:linux:tomcat6-lib", "p-cpe:/a:amazon:linux:tomcat6-servlet-2.5-api", "p-cpe:/a:amazon:linux:tomcat6-webapps", "p-cpe:/a:amazon:linux:tomcat7", "p-cpe:/a:amazon:linux:tomcat7-admin-webapps", "p-cpe:/a:amazon:linux:tomcat7-docs-webapp", "p-cpe:/a:amazon:linux:tomcat7-el-2.2-api", "p-cpe:/a:amazon:linux:tomcat7-javadoc", "p-cpe:/a:amazon:linux:tomcat7-jsp-2.2-api", "p-cpe:/a:amazon:linux:tomcat7-lib", "p-cpe:/a:amazon:linux:tomcat7-log4j", "p-cpe:/a:amazon:linux:tomcat7-servlet-3.0-api", "p-cpe:/a:amazon:linux:tomcat7-webapps", "p-cpe:/a:amazon:linux:tomcat8", "p-cpe:/a:amazon:linux:tomcat8-admin-webapps", "p-cpe:/a:amazon:linux:tomcat8-docs-webapp", "p-cpe:/a:amazon:linux:tomcat8-el-3.0-api", "p-cpe:/a:amazon:linux:tomcat8-javadoc", "p-cpe:/a:amazon:linux:tomcat8-jsp-2.3-api", "p-cpe:/a:amazon:linux:tomcat8-lib", "p-cpe:/a:amazon:linux:tomcat8-log4j", "p-cpe:/a:amazon:linux:tomcat8-servlet-3.1-api", "p-cpe:/a:amazon:linux:tomcat8-webapps", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2016-764.NASL", "href": "https://www.tenable.com/plugins/nessus/94684", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2016-764.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94684);\n script_version(\"2.4\");\n script_cvs_date(\"Date: 2018/04/18 15:09:36\");\n\n script_cve_id(\"CVE-2016-0762\", \"CVE-2016-5018\", \"CVE-2016-6325\", \"CVE-2016-6794\", \"CVE-2016-6796\", \"CVE-2016-6797\");\n script_xref(name:\"ALAS\", value:\"2016-764\");\n\n script_name(english:\"Amazon Linux AMI : tomcat6 / tomcat7,tomcat8 (ALAS-2016-764)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the Tomcat packages installed certain\nconfiguration files read by the Tomcat initialization script as\nwriteable to the tomcat group. A member of the group or a malicious\nweb application deployed on Tomcat could use this flaw to escalate\ntheir privileges. (CVE-2016-6325)\n\nA malicious web application was able to bypass a configured\nSecurityManager via a Tomcat utility method that was accessible to web\napplications. (CVE-2016-5018)\n\nThe Realm implementations did not process the supplied password if the\nsupplied user name did not exist. This made a timing attack possible\nto determine valid user names. Note that the default configuration\nincludes the LockOutRealm which makes exploitation of this\nvulnerability harder. (CVE-2016-0762)\n\nWhen a SecurityManager is configured, a web application's ability to\nread system properties should be controlled by the SecurityManager.\nTomcat's system property replacement feature for configuration files\ncould be used by a malicious web application to bypass the\nSecurityManager and read system properties that should not be visible.\n(CVE-2016-6794)\n\nA malicious web application was able to bypass a configured\nSecurityManager via manipulation of the configuration parameters for\nthe JSP Servlet. (CVE-2016-6796)\n\nThe ResourceLinkFactory did not limit web application access to global\nJNDI resources to those resources explicitly linked to the web\napplication. Therefore, it was possible for a web application to\naccess any global JNDI resource whether an explicit ResourceLink had\nbeen configured or not. (CVE-2016-6797)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2016-764.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Run 'yum update tomcat6' to update your system.\n\nRun 'yum update tomcat7' to update your system.\n\nRun 'yum update tomcat8' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-el-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-jsp-2.3-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-servlet-3.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-6.0.47-1.7.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-admin-webapps-6.0.47-1.7.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-docs-webapp-6.0.47-1.7.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-el-2.1-api-6.0.47-1.7.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-javadoc-6.0.47-1.7.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-jsp-2.1-api-6.0.47-1.7.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-lib-6.0.47-1.7.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-servlet-2.5-api-6.0.47-1.7.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-webapps-6.0.47-1.7.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-7.0.72-1.21.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-admin-webapps-7.0.72-1.21.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-docs-webapp-7.0.72-1.21.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-el-2.2-api-7.0.72-1.21.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-javadoc-7.0.72-1.21.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-jsp-2.2-api-7.0.72-1.21.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-lib-7.0.72-1.21.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-log4j-7.0.72-1.21.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-servlet-3.0-api-7.0.72-1.21.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-webapps-7.0.72-1.21.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-8.0.38-1.65.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-admin-webapps-8.0.38-1.65.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-docs-webapp-8.0.38-1.65.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-el-3.0-api-8.0.38-1.65.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-javadoc-8.0.38-1.65.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-jsp-2.3-api-8.0.38-1.65.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-lib-8.0.38-1.65.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-log4j-8.0.38-1.65.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-servlet-3.1-api-8.0.38-1.65.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-webapps-8.0.38-1.65.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:17:39", "description": "An update for tomcat is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nThe following packages have been upgraded to a later upstream version:\ntomcat (7.0.76). (BZ#1414895)\n\nSecurity Fix(es) :\n\n* The Realm implementations did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder. (CVE-2016-0762)\n\n* It was discovered that a malicious web application could bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications. (CVE-2016-5018)\n\n* It was discovered that when a SecurityManager was configured, Tomcat's system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible.\n(CVE-2016-6794)\n\n* It was discovered that a malicious web application could bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. (CVE-2016-6796)\n\n* It was discovered that it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not. (CVE-2016-6797)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.", "cvss3": {}, "published": "2017-08-02T00:00:00", "type": "nessus", "title": "RHEL 7 : tomcat (RHSA-2017:2247)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0762", "CVE-2016-5018", "CVE-2016-6794", "CVE-2016-6796", "CVE-2016-6797"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:tomcat", "p-cpe:/a:redhat:enterprise_linux:tomcat-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat-docs-webapp", "p-cpe:/a:redhat:enterprise_linux:tomcat-el-2.2-api", "p-cpe:/a:redhat:enterprise_linux:tomcat-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat-jsp-2.2-api", "p-cpe:/a:redhat:enterprise_linux:tomcat-jsvc", "p-cpe:/a:redhat:enterprise_linux:tomcat-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat-servlet-3.0-api", "p-cpe:/a:redhat:enterprise_linux:tomcat-webapps", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2017-2247.NASL", "href": "https://www.tenable.com/plugins/nessus/102115", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:2247. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(102115);\n script_version(\"3.11\");\n script_cvs_date(\"Date: 2019/10/24 15:35:43\");\n\n script_cve_id(\"CVE-2016-0762\", \"CVE-2016-5018\", \"CVE-2016-6794\", \"CVE-2016-6796\", \"CVE-2016-6797\");\n script_xref(name:\"RHSA\", value:\"2017:2247\");\n\n script_name(english:\"RHEL 7 : tomcat (RHSA-2017:2247)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for tomcat is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Low. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link (s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nThe following packages have been upgraded to a later upstream version:\ntomcat (7.0.76). (BZ#1414895)\n\nSecurity Fix(es) :\n\n* The Realm implementations did not process the supplied password if\nthe supplied user name did not exist. This made a timing attack\npossible to determine valid user names. Note that the default\nconfiguration includes the LockOutRealm which makes exploitation of\nthis vulnerability harder. (CVE-2016-0762)\n\n* It was discovered that a malicious web application could bypass a\nconfigured SecurityManager via a Tomcat utility method that was\naccessible to web applications. (CVE-2016-5018)\n\n* It was discovered that when a SecurityManager was configured,\nTomcat's system property replacement feature for configuration files\ncould be used by a malicious web application to bypass the\nSecurityManager and read system properties that should not be visible.\n(CVE-2016-6794)\n\n* It was discovered that a malicious web application could bypass a\nconfigured SecurityManager via manipulation of the configuration\nparameters for the JSP Servlet. (CVE-2016-6796)\n\n* It was discovered that it was possible for a web application to\naccess any global JNDI resource whether an explicit ResourceLink had\nbeen configured or not. (CVE-2016-6797)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.4 Release Notes linked from the References section.\"\n );\n # https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3395ff0b\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:2247\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0762\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5018\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6794\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6796\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6797\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:2247\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-7.0.76-2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-admin-webapps-7.0.76-2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-docs-webapp-7.0.76-2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-el-2.2-api-7.0.76-2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-javadoc-7.0.76-2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-jsp-2.2-api-7.0.76-2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-jsvc-7.0.76-2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-lib-7.0.76-2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-servlet-3.0-api-7.0.76-2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-webapps-7.0.76-2.el7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:16:26", "description": "From Red Hat Security Advisory 2017:2247 :\n\nAn update for tomcat is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nThe following packages have been upgraded to a later upstream version:\ntomcat (7.0.76). (BZ#1414895)\n\nSecurity Fix(es) :\n\n* The Realm implementations did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder. (CVE-2016-0762)\n\n* It was discovered that a malicious web application could bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications. (CVE-2016-5018)\n\n* It was discovered that when a SecurityManager was configured, Tomcat's system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible.\n(CVE-2016-6794)\n\n* It was discovered that a malicious web application could bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. (CVE-2016-6796)\n\n* It was discovered that it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not. (CVE-2016-6797)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.", "cvss3": {}, "published": "2017-08-09T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : tomcat (ELSA-2017-2247)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0762", "CVE-2016-5018", "CVE-2016-6794", "CVE-2016-6796", "CVE-2016-6797"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:tomcat-admin-webapps", "p-cpe:/a:oracle:linux:tomcat-docs-webapp", "p-cpe:/a:oracle:linux:tomcat-el-2.2-api", "p-cpe:/a:oracle:linux:tomcat-javadoc", "p-cpe:/a:oracle:linux:tomcat-jsp-2.2-api", "p-cpe:/a:oracle:linux:tomcat-jsvc", "p-cpe:/a:oracle:linux:tomcat-lib", "p-cpe:/a:oracle:linux:tomcat-servlet-3.0-api", "p-cpe:/a:oracle:linux:tomcat-webapps", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:tomcat"], "id": "ORACLELINUX_ELSA-2017-2247.NASL", "href": "https://www.tenable.com/plugins/nessus/102300", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2017:2247 and \n# Oracle Linux Security Advisory ELSA-2017-2247 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102300);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-0762\", \"CVE-2016-5018\", \"CVE-2016-6794\", \"CVE-2016-6796\", \"CVE-2016-6797\");\n script_xref(name:\"RHSA\", value:\"2017:2247\");\n\n script_name(english:\"Oracle Linux 7 : tomcat (ELSA-2017-2247)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2017:2247 :\n\nAn update for tomcat is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Low. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link (s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nThe following packages have been upgraded to a later upstream version:\ntomcat (7.0.76). (BZ#1414895)\n\nSecurity Fix(es) :\n\n* The Realm implementations did not process the supplied password if\nthe supplied user name did not exist. This made a timing attack\npossible to determine valid user names. Note that the default\nconfiguration includes the LockOutRealm which makes exploitation of\nthis vulnerability harder. (CVE-2016-0762)\n\n* It was discovered that a malicious web application could bypass a\nconfigured SecurityManager via a Tomcat utility method that was\naccessible to web applications. (CVE-2016-5018)\n\n* It was discovered that when a SecurityManager was configured,\nTomcat's system property replacement feature for configuration files\ncould be used by a malicious web application to bypass the\nSecurityManager and read system properties that should not be visible.\n(CVE-2016-6794)\n\n* It was discovered that a malicious web application could bypass a\nconfigured SecurityManager via manipulation of the configuration\nparameters for the JSP Servlet. (CVE-2016-6796)\n\n* It was discovered that it was possible for a web application to\naccess any global JNDI resource whether an explicit ResourceLink had\nbeen configured or not. (CVE-2016-6797)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.4 Release Notes linked from the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2017-August/007093.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-7.0.76-2.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-admin-webapps-7.0.76-2.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-docs-webapp-7.0.76-2.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-el-2.2-api-7.0.76-2.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-javadoc-7.0.76-2.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-jsp-2.2-api-7.0.76-2.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-jsvc-7.0.76-2.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-lib-7.0.76-2.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-servlet-3.0-api-7.0.76-2.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-webapps-7.0.76-2.el7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:16:54", "description": "The following packages have been upgraded to a later upstream version:\ntomcat (7.0.76).\n\nSecurity Fix(es) :\n\n - The Realm implementations did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder. (CVE-2016-0762)\n\n - It was discovered that a malicious web application could bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications.\n (CVE-2016-5018)\n\n - It was discovered that when a SecurityManager was configured, Tomcat's system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible.\n (CVE-2016-6794)\n\n - It was discovered that a malicious web application could bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet.\n (CVE-2016-6796)\n\n - It was discovered that it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not.\n (CVE-2016-6797)", "cvss3": {}, "published": "2017-08-22T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : tomcat on SL7.x (noarch) (20170802)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0762", "CVE-2016-5018", "CVE-2016-6794", "CVE-2016-6796", "CVE-2016-6797"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:tomcat", "p-cpe:/a:fermilab:scientific_linux:tomcat-admin-webapps", "p-cpe:/a:fermilab:scientific_linux:tomcat-docs-webapp", "p-cpe:/a:fermilab:scientific_linux:tomcat-el-2.2-api", "p-cpe:/a:fermilab:scientific_linux:tomcat-javadoc", "p-cpe:/a:fermilab:scientific_linux:tomcat-jsp-2.2-api", "p-cpe:/a:fermilab:scientific_linux:tomcat-jsvc", "p-cpe:/a:fermilab:scientific_linux:tomcat-lib", "p-cpe:/a:fermilab:scientific_linux:tomcat-servlet-3.0-api", "p-cpe:/a:fermilab:scientific_linux:tomcat-webapps", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20170802_TOMCAT_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/102664", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102664);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-0762\", \"CVE-2016-5018\", \"CVE-2016-6794\", \"CVE-2016-6796\", \"CVE-2016-6797\");\n\n script_name(english:\"Scientific Linux Security Update : tomcat on SL7.x (noarch) (20170802)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The following packages have been upgraded to a later upstream version:\ntomcat (7.0.76).\n\nSecurity Fix(es) :\n\n - The Realm implementations did not process the supplied\n password if the supplied user name did not exist. This\n made a timing attack possible to determine valid user\n names. Note that the default configuration includes the\n LockOutRealm which makes exploitation of this\n vulnerability harder. (CVE-2016-0762)\n\n - It was discovered that a malicious web application could\n bypass a configured SecurityManager via a Tomcat utility\n method that was accessible to web applications.\n (CVE-2016-5018)\n\n - It was discovered that when a SecurityManager was\n configured, Tomcat's system property replacement feature\n for configuration files could be used by a malicious web\n application to bypass the SecurityManager and read\n system properties that should not be visible.\n (CVE-2016-6794)\n\n - It was discovered that a malicious web application could\n bypass a configured SecurityManager via manipulation of\n the configuration parameters for the JSP Servlet.\n (CVE-2016-6796)\n\n - It was discovered that it was possible for a web\n application to access any global JNDI resource whether\n an explicit ResourceLink had been configured or not.\n (CVE-2016-6797)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1708&L=scientific-linux-errata&F=&S=&P=8410\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a41e7848\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", reference:\"tomcat-7.0.76-2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"tomcat-admin-webapps-7.0.76-2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"tomcat-docs-webapp-7.0.76-2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"tomcat-el-2.2-api-7.0.76-2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"tomcat-javadoc-7.0.76-2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"tomcat-jsp-2.2-api-7.0.76-2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"tomcat-jsvc-7.0.76-2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"tomcat-lib-7.0.76-2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"tomcat-servlet-3.0-api-7.0.76-2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"tomcat-webapps-7.0.76-2.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:07:52", "description": "The Apache Software Foundation reports :\n\nLow: Unrestricted Access to Global Resources CVE-2016-6797\n\nLow: Security Manager Bypass CVE-2016-6796\n\nLow: System Property Disclosure CVE-2016-6794\n\nLow: Security Manager Bypass CVE-2016-5018\n\nLow: Timing Attack CVE-2016-0762", "cvss3": {}, "published": "2017-01-10T00:00:00", "type": "nessus", "title": "FreeBSD : tomcat -- multiple vulnerabilities (3ae106e2-d521-11e6-ae1b-002590263bf5)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0762", "CVE-2016-5018", "CVE-2016-6794", "CVE-2016-6796", "CVE-2016-6797"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:tomcat", "p-cpe:/a:freebsd:freebsd:tomcat7", "p-cpe:/a:freebsd:freebsd:tomcat8", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_3AE106E2D52111E6AE1B002590263BF5.NASL", "href": "https://www.tenable.com/plugins/nessus/96366", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96366);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-0762\", \"CVE-2016-5018\", \"CVE-2016-6794\", \"CVE-2016-6796\", \"CVE-2016-6797\");\n\n script_name(english:\"FreeBSD : tomcat -- multiple vulnerabilities (3ae106e2-d521-11e6-ae1b-002590263bf5)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Apache Software Foundation reports :\n\nLow: Unrestricted Access to Global Resources CVE-2016-6797\n\nLow: Security Manager Bypass CVE-2016-6796\n\nLow: System Property Disclosure CVE-2016-6794\n\nLow: Security Manager Bypass CVE-2016-5018\n\nLow: Timing Attack CVE-2016-0762\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72\"\n );\n # http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?43d64fe7\"\n );\n # https://vuxml.freebsd.org/freebsd/3ae106e2-d521-11e6-ae1b-002590263bf5.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?13a2e8c4\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tomcat8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"tomcat<6.0.47\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"tomcat7<7.0.72\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"tomcat8<8.0.37\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:29:18", "description": "According to its self-reported version number, the Apache Tomcat service running on the remote host is 6.0.x prior to 6.0.47, 7.0.x prior to 7.0.72, 8.0.x prior to 8.0.37. It is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists due to a failure to process passwords when paired with a non-existent username. An unauthenticated, remote attacker can exploit this, via a timing attack, to enumerate user account names. (CVE-2016-0762)\n\n - A security bypass vulnerability exists that allows a local attacker to bypass a configured SecurityManager via a utility method that is accessible to web applications. (CVE-2016-5018)\n\n - An information disclosure vulnerability exists in the SecurityManager component due to a failure to properly restrict access to system properties for the configuration files system property replacement feature.\nAn attacker can exploit this, via a specially crafted web application, to bypass SecurityManager restrictions and disclose system properties. (CVE-2016-6794)\n\n - A security bypass vulnerability exists that allows a local attacker to bypass a configured SecurityManager by changing the configuration parameters for a JSP servlet. (CVE-2016-6796)\n\n - A security bypass vulnerability exists due to a failure to limit web application access to global JNDI resources. A local attacker can exploit this to gain unauthorized access to resources. (CVE-2016-6797)\n\nNote that Nessus iNetwork Monitor has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2016-11-04T00:00:00", "type": "nessus", "title": "Apache Tomcat 8.5.x < 8.5.5 / 9.0.0.x < 9.0.0.M10 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0762", "CVE-2016-5018", "CVE-2016-6794", "CVE-2016-6796", "CVE-2016-6797"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "9721.PASL", "href": "https://www.tenable.com/plugins/nnm/9721", "sourceData": "Binary data 9721.pasl", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:12:00", "description": "Multiple security vulnerabilities have been discovered in the Tomcat servlet and JSP engine, which may result in possible timing attacks to determine valid user names, bypass of the SecurityManager, disclosure of system properties, unrestricted access to global resources, arbitrary file overwrites, and potentially escalation of privileges.", "cvss3": {}, "published": "2016-11-22T00:00:00", "type": "nessus", "title": "Debian DSA-3721-1 : tomcat7 - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0762", "CVE-2016-5018", "CVE-2016-6794", "CVE-2016-6796", "CVE-2016-6797"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:tomcat7", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3721.NASL", "href": "https://www.tenable.com/plugins/nessus/95034", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3721. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95034);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-0762\", \"CVE-2016-5018\", \"CVE-2016-6794\", \"CVE-2016-6796\", \"CVE-2016-6797\");\n script_xref(name:\"DSA\", value:\"3721\");\n\n script_name(english:\"Debian DSA-3721-1 : tomcat7 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security vulnerabilities have been discovered in the Tomcat\nservlet and JSP engine, which may result in possible timing attacks to\ndetermine valid user names, bypass of the SecurityManager, disclosure\nof system properties, unrestricted access to global resources,\narbitrary file overwrites, and potentially escalation of privileges.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=841655\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842662\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842663\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842664\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842665\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/tomcat7\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2016/dsa-3721\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the tomcat7 packages.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 7.0.56-3+deb8u5.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libservlet3.0-java\", reference:\"7.0.56-3+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libservlet3.0-java-doc\", reference:\"7.0.56-3+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libtomcat7-java\", reference:\"7.0.56-3+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat7\", reference:\"7.0.56-3+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat7-admin\", reference:\"7.0.56-3+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat7-common\", reference:\"7.0.56-3+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat7-docs\", reference:\"7.0.56-3+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat7-examples\", reference:\"7.0.56-3+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat7-user\", reference:\"7.0.56-3+deb8u5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:11:59", "description": "Multiple security vulnerabilities have been discovered in the Tomcat servlet and JSP engine, which may result in possible timing attacks to determine valid user names, bypass of the SecurityManager, disclosure of system properties, unrestricted access to global resources, arbitrary file overwrites, and potentially escalation of privileges.", "cvss3": {}, "published": "2016-11-22T00:00:00", "type": "nessus", "title": "Debian DSA-3720-1 : tomcat8 - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0762", "CVE-2016-5018", "CVE-2016-6794", "CVE-2016-6796", "CVE-2016-6797"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:tomcat8", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3720.NASL", "href": "https://www.tenable.com/plugins/nessus/95033", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3720. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95033);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-0762\", \"CVE-2016-5018\", \"CVE-2016-6794\", \"CVE-2016-6796\", \"CVE-2016-6797\");\n script_xref(name:\"DSA\", value:\"3720\");\n\n script_name(english:\"Debian DSA-3720-1 : tomcat8 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security vulnerabilities have been discovered in the Tomcat\nservlet and JSP engine, which may result in possible timing attacks to\ndetermine valid user names, bypass of the SecurityManager, disclosure\nof system properties, unrestricted access to global resources,\narbitrary file overwrites, and potentially escalation of privileges.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840685\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/tomcat8\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2016/dsa-3720\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the tomcat8 packages.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 8.0.14-1+deb8u4.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libservlet3.1-java\", reference:\"8.0.14-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libservlet3.1-java-doc\", reference:\"8.0.14-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libtomcat8-java\", reference:\"8.0.14-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat8\", reference:\"8.0.14-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat8-admin\", reference:\"8.0.14-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat8-common\", reference:\"8.0.14-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat8-docs\", reference:\"8.0.14-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat8-examples\", reference:\"8.0.14-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat8-user\", reference:\"8.0.14-1+deb8u4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:40:38", "description": "An update for tomcat is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nThe following packages have been upgraded to a later upstream version:\ntomcat (7.0.76). (BZ#1414895)\n\nSecurity Fix(es) :\n\n* The Realm implementations did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder. (CVE-2016-0762)\n\n* It was discovered that a malicious web application could bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications. (CVE-2016-5018)\n\n* It was discovered that when a SecurityManager was configured, Tomcat's system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible.\n(CVE-2016-6794)\n\n* It was discovered that a malicious web application could bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. (CVE-2016-6796)\n\n* It was discovered that it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not. (CVE-2016-6797)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.", "cvss3": {}, "published": "2017-08-25T00:00:00", "type": "nessus", "title": "CentOS 7 : tomcat (CESA-2017:2247)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0762", "CVE-2016-5018", "CVE-2016-6794", "CVE-2016-6796", "CVE-2016-6797"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:tomcat", "p-cpe:/a:centos:centos:tomcat-admin-webapps", "p-cpe:/a:centos:centos:tomcat-docs-webapp", "p-cpe:/a:centos:centos:tomcat-el-2.2-api", "p-cpe:/a:centos:centos:tomcat-javadoc", "p-cpe:/a:centos:centos:tomcat-jsp-2.2-api", "p-cpe:/a:centos:centos:tomcat-jsvc", "p-cpe:/a:centos:centos:tomcat-lib", "p-cpe:/a:centos:centos:tomcat-servlet-3.0-api", "p-cpe:/a:centos:centos:tomcat-webapps", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2017-2247.NASL", "href": "https://www.tenable.com/plugins/nessus/102756", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:2247 and \n# CentOS Errata and Security Advisory 2017:2247 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102756);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-0762\", \"CVE-2016-5018\", \"CVE-2016-6794\", \"CVE-2016-6796\", \"CVE-2016-6797\");\n script_xref(name:\"RHSA\", value:\"2017:2247\");\n\n script_name(english:\"CentOS 7 : tomcat (CESA-2017:2247)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for tomcat is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Low. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link (s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nThe following packages have been upgraded to a later upstream version:\ntomcat (7.0.76). (BZ#1414895)\n\nSecurity Fix(es) :\n\n* The Realm implementations did not process the supplied password if\nthe supplied user name did not exist. This made a timing attack\npossible to determine valid user names. Note that the default\nconfiguration includes the LockOutRealm which makes exploitation of\nthis vulnerability harder. (CVE-2016-0762)\n\n* It was discovered that a malicious web application could bypass a\nconfigured SecurityManager via a Tomcat utility method that was\naccessible to web applications. (CVE-2016-5018)\n\n* It was discovered that when a SecurityManager was configured,\nTomcat's system property replacement feature for configuration files\ncould be used by a malicious web application to bypass the\nSecurityManager and read system properties that should not be visible.\n(CVE-2016-6794)\n\n* It was discovered that a malicious web application could bypass a\nconfigured SecurityManager via manipulation of the configuration\nparameters for the JSP Servlet. (CVE-2016-6796)\n\n* It was discovered that it was possible for a web application to\naccess any global JNDI resource whether an explicit ResourceLink had\nbeen configured or not. (CVE-2016-6797)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.4 Release Notes linked from the References section.\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2017-August/004575.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c0d60064\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-5018\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-7.0.76-2.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-admin-webapps-7.0.76-2.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-docs-webapp-7.0.76-2.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-el-2.2-api-7.0.76-2.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-javadoc-7.0.76-2.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-jsp-2.2-api-7.0.76-2.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-jsvc-7.0.76-2.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-lib-7.0.76-2.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-servlet-3.0-api-7.0.76-2.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-webapps-7.0.76-2.el7\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:30:18", "description": "According to its self-reported version number, the Apache Tomcat service running on the remote host is 6.0.x prior to 6.0.47, 7.0.x prior to 7.0.72, 8.0.x prior to 8.0.37, 8.5.x prior to 8.5.5 or 9.0.x prior to 9.0.0.M10. It is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists due to a failure to process passwords when paired with a non-existent username. An unauthenticated, remote attacker can exploit this, via a timing attack, to enumerate user account names. (CVE-2016-0762)\n\n - A security bypass vulnerability exists that allows a local attacker to bypass a configured SecurityManager via a utility method that is accessible to web applications. (CVE-2016-5018)\n\n - An information disclosure vulnerability exists in the SecurityManager component due to a failure to properly restrict access to system properties for the configuration files system property replacement feature.\n An attacker can exploit this, via a specially crafted web application, to bypass SecurityManager restrictions and disclose system properties. (CVE-2016-6794)\n\n - A security bypass vulnerability exists that allows a local attacker to bypass a configured SecurityManager by changing the configuration parameters for a JSP servlet.\n (CVE-2016-6796)\n\n - A security bypass vulnerability exists due to a failure to limit web application access to global JNDI resources. A local attacker can exploit this to gain unauthorized access to resources. (CVE-2016-6797)\n\nNote that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2016-11-04T00:00:00", "type": "nessus", "title": "Apache Tomcat 6.0.x < 6.0.47 / 7.0.x < 7.0.72 / 8.0.x < 8.0.37 / 8.5.x < 8.5.5 / 9.0.x < 9.0.0.M10 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0762", "CVE-2016-5018", "CVE-2016-6794", "CVE-2016-6796", "CVE-2016-6797"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_8_5_5.NASL", "href": "https://www.tenable.com/plugins/nessus/94578", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94578);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2016-0762\",\n \"CVE-2016-5018\",\n \"CVE-2016-6794\",\n \"CVE-2016-6796\",\n \"CVE-2016-6797\"\n );\n script_bugtraq_id(\n 93939,\n 93940,\n 93942,\n 93943,\n 93944\n );\n\n script_name(english:\"Apache Tomcat 6.0.x < 6.0.47 / 7.0.x < 7.0.72 / 8.0.x < 8.0.37 / 8.5.x < 8.5.5 / 9.0.x < 9.0.0.M10 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apache Tomcat server is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the Apache Tomcat\nservice running on the remote host is 6.0.x prior to 6.0.47, 7.0.x\nprior to 7.0.72, 8.0.x prior to 8.0.37, 8.5.x prior to 8.5.5 or\n9.0.x prior to 9.0.0.M10. It is, therefore, affected by multiple \nvulnerabilities :\n\n - An information disclosure vulnerability exists due to a\n failure to process passwords when paired with a\n non-existent username. An unauthenticated, remote\n attacker can exploit this, via a timing attack, to\n enumerate user account names. (CVE-2016-0762)\n\n - A security bypass vulnerability exists that allows a\n local attacker to bypass a configured SecurityManager\n via a utility method that is accessible to web\n applications. (CVE-2016-5018)\n\n - An information disclosure vulnerability exists in the\n SecurityManager component due to a failure to properly\n restrict access to system properties for the\n configuration files system property replacement feature.\n An attacker can exploit this, via a specially crafted\n web application, to bypass SecurityManager restrictions\n and disclose system properties. (CVE-2016-6794)\n\n - A security bypass vulnerability exists that allows a\n local attacker to bypass a configured SecurityManager by\n changing the configuration parameters for a JSP servlet.\n (CVE-2016-6796)\n\n - A security bypass vulnerability exists due to a failure\n to limit web application access to global JNDI\n resources. A local attacker can exploit this to gain\n unauthorized access to resources. (CVE-2016-6797)\n\nNote that Nessus has not attempted to exploit these issues but has\ninstead relied only on the application's self-reported version number.\");\n # https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5c3fa418\");\n # https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?be50738a\");\n # https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?47795ca8\");\n # http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.0.M10\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?afe6a582\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Tomcat version 6.0.47 / 7.0.72 / 8.0.37 / 8.5.5 / 9.0.0.M10 or\nlater. Note that versions 6.0.46 and 7.0.71 also resolve the\nvulnerabilities; however, these versions were never officially\nreleased by the vendor.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-6797\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n\n exit(0);\n}\n\ninclude(\"tomcat_version.inc\");\ntomcat_check_version(fixed:make_list(\"6.0.47\", \"7.0.72\", \"8.0.37\", \"8.5.5\", \"9.0.0.M10\"), severity:SECURITY_WARNING);\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-08-19T12:38:49", "description": "Multiple security vulnerabilities have been discovered in the Tomcat servlet and JSP engine, which may result in possible timing attacks to determine valid user names, bypass of the SecurityManager, disclosure of system properties, unrestricted access to global resources, arbitrary file overwrites, and potentially escalation of privileges.\n\nIn addition this update further hardens Tomcat's init and maintainer scripts to prevent possible privilege escalations. Thanks to Paul Szabo for the report.\n\nThis is probably the last security update of Tomcat 6 which will reach its end-of-life exactly in one month. We strongly recommend to switch to another supported version such as Tomcat 7 at your earliest convenience.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 6.0.45+dfsg-1~deb7u3.\n\nWe recommend that you upgrade your tomcat6 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-12-02T00:00:00", "type": "nessus", "title": "Debian DLA-728-1 : tomcat6 security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0762", "CVE-2016-5018", "CVE-2016-6794", "CVE-2016-6796", "CVE-2016-6797", "CVE-2016-6816", "CVE-2016-8735"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libservlet2.4-java", "p-cpe:/a:debian:debian_linux:libservlet2.5-java", "p-cpe:/a:debian:debian_linux:libservlet2.5-java-doc", "p-cpe:/a:debian:debian_linux:libtomcat6-java", "p-cpe:/a:debian:debian_linux:tomcat6", "p-cpe:/a:debian:debian_linux:tomcat6-admin", "p-cpe:/a:debian:debian_linux:tomcat6-common", "p-cpe:/a:debian:debian_linux:tomcat6-docs", "p-cpe:/a:debian:debian_linux:tomcat6-examples", "p-cpe:/a:debian:debian_linux:tomcat6-extras", "p-cpe:/a:debian:debian_linux:tomcat6-user", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-728.NASL", "href": "https://www.tenable.com/plugins/nessus/95454", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-728-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95454);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-0762\", \"CVE-2016-5018\", \"CVE-2016-6794\", \"CVE-2016-6796\", \"CVE-2016-6797\", \"CVE-2016-6816\", \"CVE-2016-8735\");\n\n script_name(english:\"Debian DLA-728-1 : tomcat6 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security vulnerabilities have been discovered in the Tomcat\nservlet and JSP engine, which may result in possible timing attacks to\ndetermine valid user names, bypass of the SecurityManager, disclosure\nof system properties, unrestricted access to global resources,\narbitrary file overwrites, and potentially escalation of privileges.\n\nIn addition this update further hardens Tomcat's init and maintainer\nscripts to prevent possible privilege escalations. Thanks to Paul\nSzabo for the report.\n\nThis is probably the last security update of Tomcat 6 which will reach\nits end-of-life exactly in one month. We strongly recommend to switch\nto another supported version such as Tomcat 7 at your earliest\nconvenience.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n6.0.45+dfsg-1~deb7u3.\n\nWe recommend that you upgrade your tomcat6 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2016/12/msg00001.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/tomcat6\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libservlet2.4-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libservlet2.5-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libservlet2.5-java-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libtomcat6-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat6-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat6-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat6-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat6-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat6-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat6-user\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libservlet2.4-java\", reference:\"6.0.45+dfsg-1~deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libservlet2.5-java\", reference:\"6.0.45+dfsg-1~deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libservlet2.5-java-doc\", reference:\"6.0.45+dfsg-1~deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libtomcat6-java\", reference:\"6.0.45+dfsg-1~deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat6\", reference:\"6.0.45+dfsg-1~deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat6-admin\", reference:\"6.0.45+dfsg-1~deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat6-common\", reference:\"6.0.45+dfsg-1~deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat6-docs\", reference:\"6.0.45+dfsg-1~deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat6-examples\", reference:\"6.0.45+dfsg-1~deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat6-extras\", reference:\"6.0.45+dfsg-1~deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat6-user\", reference:\"6.0.45+dfsg-1~deb7u3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-18T14:31:12", "description": "This update for Tomcat provides the following fixes :\n\nFeature changes :\n\nThe embedded Apache Commons DBCP component was updated to version 2.0.\n(bsc#1010893 fate#321029)\n\nSecurity fixes :\n\n - CVE-2016-0762: Realm Timing Attack (bsc#1007854)\n\n - CVE-2016-5018: Security Manager Bypass (bsc#1007855)\n\n - CVE-2016-6794: System Property Disclosure (bsc#1007857)\n\n - CVE-2016-6796: Manager Bypass (bsc#1007858)\n\n - CVE-2016-6797: Unrestricted Access to Global Resources (bsc#1007853)\n\n - CVE-2016-8735: Remote code execution vulnerability in JmxRemoteLifecycleListener (bsc#1011805)\n\n - CVE-2016-6816: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests (bsc#1011812)\n\nBugs fixed :\n\n - Fixed StringIndexOutOfBoundsException in WebAppClassLoaderBase.filter(). (bsc#974407)\n\n - Fixed a deployment error in the examples webapp by changing the context.xml format to the new one introduced by Tomcat 8. (bsc#1004728)\n\n - Enabled optional setenv.sh script. See section '(3.4) Using the 'setenv' script' in http://tomcat.apache.org/tomcat-8.0-doc/RUNNING.txt.\n (bsc#1002639)\n\n - Fixed regression caused by CVE-2016-6816.\n\nThis update supplies the new packages apache-commons-pool2 and apache-commons-dbcp in version 2 to allow tomcat to use the DBCP 2.0 interface.\n\nThis update was imported from the SUSE:SLE-12-SP1:Update update project.", "cvss3": {}, "published": "2016-12-14T00:00:00", "type": "nessus", "title": "openSUSE Security Update : tomcat (openSUSE-2016-1455)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0762", "CVE-2016-5018", "CVE-2016-6794", "CVE-2016-6796", "CVE-2016-6797", "CVE-2016-6816", "CVE-2016-8735"], "modified": "2023-05-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:apache-commons-dbcp", "p-cpe:/a:novell:opensuse:apache-commons-dbcp-javadoc", "p-cpe:/a:novell:opensuse:apache-commons-pool2", "p-cpe:/a:novell:opensuse:apache-commons-pool2-javadoc", "p-cpe:/a:novell:opensuse:tomcat", "p-cpe:/a:novell:opensuse:tomcat-admin-webapps", "p-cpe:/a:novell:opensuse:tomcat-docs-webapp", "p-cpe:/a:novell:opensuse:tomcat-el-3_0-api", "p-cpe:/a:novell:opensuse:tomcat-embed", "p-cpe:/a:novell:opensuse:tomcat-javadoc", "p-cpe:/a:novell:opensuse:tomcat-jsp-2_3-api", "p-cpe:/a:novell:opensuse:tomcat-jsvc", "p-cpe:/a:novell:opensuse:tomcat-lib", "p-cpe:/a:novell:opensuse:tomcat-servlet-3_1-api", "p-cpe:/a:novell:opensuse:tomcat-webapps", "cpe:/o:novell:opensuse:42.1"], "id": "OPENSUSE-2016-1455.NASL", "href": "https://www.tenable.com/plugins/nessus/95790", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1455.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95790);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/14\");\n\n script_cve_id(\n \"CVE-2016-0762\",\n \"CVE-2016-5018\",\n \"CVE-2016-6794\",\n \"CVE-2016-6796\",\n \"CVE-2016-6797\",\n \"CVE-2016-6816\",\n \"CVE-2016-8735\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/06/02\");\n\n script_name(english:\"openSUSE Security Update : tomcat (openSUSE-2016-1455)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for Tomcat provides the following fixes :\n\nFeature changes :\n\nThe embedded Apache Commons DBCP component was updated to version 2.0.\n(bsc#1010893 fate#321029)\n\nSecurity fixes :\n\n - CVE-2016-0762: Realm Timing Attack (bsc#1007854)\n\n - CVE-2016-5018: Security Manager Bypass (bsc#1007855)\n\n - CVE-2016-6794: System Property Disclosure (bsc#1007857)\n\n - CVE-2016-6796: Manager Bypass (bsc#1007858)\n\n - CVE-2016-6797: Unrestricted Access to Global Resources\n (bsc#1007853)\n\n - CVE-2016-8735: Remote code execution vulnerability in\n JmxRemoteLifecycleListener (bsc#1011805)\n\n - CVE-2016-6816: HTTP Request smuggling vulnerability due\n to permitting invalid character in HTTP requests\n (bsc#1011812)\n\nBugs fixed :\n\n - Fixed StringIndexOutOfBoundsException in\n WebAppClassLoaderBase.filter(). (bsc#974407)\n\n - Fixed a deployment error in the examples webapp by\n changing the context.xml format to the new one\n introduced by Tomcat 8. (bsc#1004728)\n\n - Enabled optional setenv.sh script. See section '(3.4)\n Using the 'setenv' script' in\n http://tomcat.apache.org/tomcat-8.0-doc/RUNNING.txt.\n (bsc#1002639)\n\n - Fixed regression caused by CVE-2016-6816.\n\nThis update supplies the new packages apache-commons-pool2 and\napache-commons-dbcp in version 2 to allow tomcat to use the DBCP 2.0\ninterface.\n\nThis update was imported from the SUSE:SLE-12-SP1:Update update\nproject.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://tomcat.apache.org/tomcat-8.0-doc/RUNNING.txt.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1002639\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1004728\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007853\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007854\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007855\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007857\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007858\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010893\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1011805\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1011812\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=974407\");\n script_set_attribute(attribute:\"see_also\", value:\"https://features.opensuse.org/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected tomcat packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache-commons-dbcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache-commons-dbcp-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache-commons-pool2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache-commons-pool2-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-el-3_0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-embed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-jsp-2_3-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-servlet-3_1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"apache-commons-dbcp-2.1.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"apache-commons-dbcp-javadoc-2.1.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"apache-commons-pool2-2.4.2-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"apache-commons-pool2-javadoc-2.4.2-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"tomcat-8.0.32-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"tomcat-admin-webapps-8.0.32-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"tomcat-docs-webapp-8.0.32-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"tomcat-el-3_0-api-8.0.32-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"tomcat-embed-8.0.32-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"tomcat-javadoc-8.0.32-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"tomcat-jsp-2_3-api-8.0.32-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"tomcat-jsvc-8.0.32-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"tomcat-lib-8.0.32-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"tomcat-servlet-3_1-api-8.0.32-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"tomcat-webapps-8.0.32-11.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache-commons-dbcp / apache-commons-dbcp-javadoc / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:31:13", "description": "This update for tomcat fixes the following issues :\n\nFeature changes :\n\nThe embedded Apache Commons DBCP component was updated to version 2.0.\n(bsc#1010893 fate#321029)\n\nSecurity fixes :\n\n - CVE-2016-0762: Realm Timing Attack (bsc#1007854)\n\n - CVE-2016-5018: Security Manager Bypass (bsc#1007855)\n\n - CVE-2016-6794: System Property Disclosure (bsc#1007857)\n\n - CVE-2016-6796: Security Manager Bypass (bsc#1007858)\n\n - CVE-2016-6797: Unrestricted Access to Global Resources (bsc#1007853)\n\n - CVE-2016-8735: Remote code execution vulnerability in JmxRemoteLifecycleListener (bsc#1011805)\n\n - CVE-2016-6816: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests (bsc#1011812)\n\nBug fixes :\n\n - Enabled optional setenv.sh script. See section '(3.4) Using the 'setenv' script' in http://tomcat.apache.org/tomcat-8.0-doc/RUNNING.txt.\n (bsc#1002639)\n\nThis update supplies the new packages apache-commons-pool2 and apache-commons-dbcp in version 2 to allow tomcat to use the DBCP 2.0 interface.\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update project.", "cvss3": {}, "published": "2016-12-14T00:00:00", "type": "nessus", "title": "openSUSE Security Update : tomcat (openSUSE-2016-1456)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0762", "CVE-2016-5018", "CVE-2016-6794", "CVE-2016-6796", "CVE-2016-6797", "CVE-2016-6816", "CVE-2016-8735"], "modified": "2023-05-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:apache-commons-dbcp", "p-cpe:/a:novell:opensuse:apache-commons-dbcp-javadoc", "p-cpe:/a:novell:opensuse:apache-commons-pool2", "p-cpe:/a:novell:opensuse:apache-commons-pool2-javadoc", "p-cpe:/a:novell:opensuse:tomcat", "p-cpe:/a:novell:opensuse:tomcat-admin-webapps", "p-cpe:/a:novell:opensuse:tomcat-docs-webapp", "p-cpe:/a:novell:opensuse:tomcat-el-3_0-api", "p-cpe:/a:novell:opensuse:tomcat-embed", "p-cpe:/a:novell:opensuse:tomcat-javadoc", "p-cpe:/a:novell:opensuse:tomcat-jsp-2_3-api", "p-cpe:/a:novell:opensuse:tomcat-jsvc", "p-cpe:/a:novell:opensuse:tomcat-lib", "p-cpe:/a:novell:opensuse:tomcat-servlet-3_1-api", "p-cpe:/a:novell:opensuse:tomcat-webapps", "cpe:/o:novell:opensuse:42.2"], "id": "OPENSUSE-2016-1456.NASL", "href": "https://www.tenable.com/plugins/nessus/95791", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1456.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95791);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/14\");\n\n script_cve_id(\n \"CVE-2016-0762\",\n \"CVE-2016-5018\",\n \"CVE-2016-6794\",\n \"CVE-2016-6796\",\n \"CVE-2016-6797\",\n \"CVE-2016-6816\",\n \"CVE-2016-8735\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/06/02\");\n\n script_name(english:\"openSUSE Security Update : tomcat (openSUSE-2016-1456)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for tomcat fixes the following issues :\n\nFeature changes :\n\nThe embedded Apache Commons DBCP component was updated to version 2.0.\n(bsc#1010893 fate#321029)\n\nSecurity fixes :\n\n - CVE-2016-0762: Realm Timing Attack (bsc#1007854)\n\n - CVE-2016-5018: Security Manager Bypass (bsc#1007855)\n\n - CVE-2016-6794: System Property Disclosure (bsc#1007857)\n\n - CVE-2016-6796: Security Manager Bypass (bsc#1007858)\n\n - CVE-2016-6797: Unrestricted Access to Global Resources\n (bsc#1007853)\n\n - CVE-2016-8735: Remote code execution vulnerability in\n JmxRemoteLifecycleListener (bsc#1011805)\n\n - CVE-2016-6816: HTTP Request smuggling vulnerability due\n to permitting invalid character in HTTP requests\n (bsc#1011812)\n\nBug fixes :\n\n - Enabled optional setenv.sh script. See section '(3.4)\n Using the 'setenv' script' in\n http://tomcat.apache.org/tomcat-8.0-doc/RUNNING.txt.\n (bsc#1002639)\n\nThis update supplies the new packages apache-commons-pool2 and\napache-commons-dbcp in version 2 to allow tomcat to use the DBCP 2.0\ninterface.\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update\nproject.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://tomcat.apache.org/tomcat-8.0-doc/RUNNING.txt.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1002639\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007853\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007854\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007855\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007857\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007858\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010893\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1011805\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1011812\");\n script_set_attribute(attribute:\"see_also\", value:\"https://features.opensuse.org/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected tomcat packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache-commons-dbcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache-commons-dbcp-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache-commons-pool2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache-commons-pool2-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-el-3_0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-embed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-jsp-2_3-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-servlet-3_1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"apache-commons-dbcp-2.1.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"apache-commons-dbcp-javadoc-2.1.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"apache-commons-pool2-2.4.2-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"apache-commons-pool2-javadoc-2.4.2-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"tomcat-8.0.36-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"tomcat-admin-webapps-8.0.36-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"tomcat-docs-webapp-8.0.36-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"tomcat-el-3_0-api-8.0.36-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"tomcat-embed-8.0.36-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"tomcat-javadoc-8.0.36-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"tomcat-jsp-2_3-api-8.0.36-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"tomcat-jsvc-8.0.36-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"tomcat-lib-8.0.36-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"tomcat-servlet-3_1-api-8.0.36-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"tomcat-webapps-8.0.36-4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache-commons-dbcp / apache-commons-dbcp-javadoc / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:30:49", "description": "Multiple security vulnerabilities have been discovered in the Tomcat servlet and JSP engine, which may result in possible timing attacks to determine valid user names, bypass of the SecurityManager, disclosure of system properties, unrestricted access to global resources, arbitrary file overwrites, and potentially escalation of privileges.\n\nIn addition this update further hardens Tomcat's init and maintainer scripts to prevent possible privilege escalations. Thanks to Paul Szabo for the report.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 7.0.28-4+deb7u7.\n\nWe recommend that you upgrade your tomcat7 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-12-02T00:00:00", "type": "nessus", "title": "Debian DLA-729-1 : tomcat7 security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0762", "CVE-2016-5018", "CVE-2016-6794", "CVE-2016-6796", "CVE-2016-6797", "CVE-2016-6816", "CVE-2016-8735"], "modified": "2023-05-14T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libservlet3.0-java", "p-cpe:/a:debian:debian_linux:libservlet3.0-java-doc", "p-cpe:/a:debian:debian_linux:libtomcat7-java", "p-cpe:/a:debian:debian_linux:tomcat7", "p-cpe:/a:debian:debian_linux:tomcat7-admin", "p-cpe:/a:debian:debian_linux:tomcat7-common", "p-cpe:/a:debian:debian_linux:tomcat7-docs", "p-cpe:/a:debian:debian_linux:tomcat7-examples", "p-cpe:/a:debian:debian_linux:tomcat7-user", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-729.NASL", "href": "https://www.tenable.com/plugins/nessus/95455", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-729-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95455);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/14\");\n\n script_cve_id(\n \"CVE-2016-0762\",\n \"CVE-2016-5018\",\n \"CVE-2016-6794\",\n \"CVE-2016-6796\",\n \"CVE-2016-6797\",\n \"CVE-2016-6816\",\n \"CVE-2016-8735\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/06/02\");\n\n script_name(english:\"Debian DLA-729-1 : tomcat7 security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"Multiple security vulnerabilities have been discovered in the Tomcat\nservlet and JSP engine, which may result in possible timing attacks to\ndetermine valid user names, bypass of the SecurityManager, disclosure\nof system properties, unrestricted access to global resources,\narbitrary file overwrites, and potentially escalation of privileges.\n\nIn addition this update further hardens Tomcat's init and maintainer\nscripts to prevent possible privilege escalations. Thanks to Paul\nSzabo for the report.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n7.0.28-4+deb7u7.\n\nWe recommend that you upgrade your tomcat7 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://lists.debian.org/debian-lts-announce/2016/12/msg00002.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/wheezy/tomcat7\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libservlet3.0-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libservlet3.0-java-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libtomcat7-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat7-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat7-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat7-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat7-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat7-user\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libservlet3.0-java\", reference:\"7.0.28-4+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libservlet3.0-java-doc\", reference:\"7.0.28-4+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libtomcat7-java\", reference:\"7.0.28-4+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat7\", reference:\"7.0.28-4+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat7-admin\", reference:\"7.0.28-4+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat7-common\", reference:\"7.0.28-4+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat7-docs\", reference:\"7.0.28-4+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat7-examples\", reference:\"7.0.28-4+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat7-user\", reference:\"7.0.28-4+deb7u7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:18:04", "description": "According to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The Realm implementations did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder. (CVE-2016-0762)\n\n - It was discovered that a malicious web application could bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications.\n (CVE-2016-5018)\n\n - It was discovered that when a SecurityManager was configured, Tomcat's system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible.\n (CVE-2016-6794)\n\n - It was discovered that a malicious web application could bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. (CVE-2016-6796)\n\n - It was discovered that it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not.\n (CVE-2016-6797)\n\n - A vulnerability was discovered in tomcat. When running an untrusted application under a SecurityManager it was possible, under some circumstances, for that application to retain references to the request or response objects and thereby access and/or modify information associated with another web application.(CVE-2017-5648)\n\n - A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page.(CVE-2017-5664)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-09-08T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP1 : tomcat (EulerOS-SA-2017-1191)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0762", "CVE-2016-5018", "CVE-2016-6794", "CVE-2016-6796", "CVE-2016-6797", "CVE-2017-5648", "CVE-2017-5664"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:tomcat", "p-cpe:/a:huawei:euleros:tomcat-admin-webapps", "p-cpe:/a:huawei:euleros:tomcat-el-2.2-api", "p-cpe:/a:huawei:euleros:tomcat-jsp-2.2-api", "p-cpe:/a:huawei:euleros:tomcat-lib", "p-cpe:/a:huawei:euleros:tomcat-servlet-3.0-api", "p-cpe:/a:huawei:euleros:tomcat-webapps", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1191.NASL", "href": "https://www.tenable.com/plugins/nessus/103029", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103029);\n script_version(\"3.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-0762\",\n \"CVE-2016-5018\",\n \"CVE-2016-6794\",\n \"CVE-2016-6796\",\n \"CVE-2016-6797\",\n \"CVE-2017-5648\",\n \"CVE-2017-5664\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : tomcat (EulerOS-SA-2017-1191)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the tomcat packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The Realm implementations did not process the supplied\n password if the supplied user name did not exist. This\n made a timing attack possible to determine valid user\n names. Note that the default configuration includes the\n LockOutRealm which makes exploitation of this\n vulnerability harder. (CVE-2016-0762)\n\n - It was discovered that a malicious web application\n could bypass a configured SecurityManager via a Tomcat\n utility method that was accessible to web applications.\n (CVE-2016-5018)\n\n - It was discovered that when a SecurityManager was\n configured, Tomcat's system property replacement\n feature for configuration files could be used by a\n malicious web application to bypass the SecurityManager\n and read system properties that should not be visible.\n (CVE-2016-6794)\n\n - It was discovered that a malicious web application\n could bypass a configured SecurityManager via\n manipulation of the configuration parameters for the\n JSP Servlet. (CVE-2016-6796)\n\n - It was discovered that it was possible for a web\n application to access any global JNDI resource whether\n an explicit ResourceLink had been configured or not.\n (CVE-2016-6797)\n\n - A vulnerability was discovered in tomcat. When running\n an untrusted application under a SecurityManager it was\n possible, under some circumstances, for that\n application to retain references to the request or\n response objects and thereby access and/or modify\n information associated with another web\n application.(CVE-2017-5648)\n\n - A vulnerability was discovered in the error page\n mechanism in Tomcat's DefaultServlet implementation. A\n crafted HTTP request could cause undesired side\n effects, possibly including the removal or replacement\n of the custom error page.(CVE-2017-5664)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1191\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9c2b13b4\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected tomcat packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"tomcat-7.0.76-2\",\n \"tomcat-admin-webapps-7.0.76-2\",\n \"tomcat-el-2.2-api-7.0.76-2\",\n \"tomcat-jsp-2.2-api-7.0.76-2\",\n \"tomcat-lib-7.0.76-2\",\n \"tomcat-servlet-3.0-api-7.0.76-2\",\n \"tomcat-webapps-7.0.76-2\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:18:36", "description": "According to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The Realm implementations did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder. (CVE-2016-0762)\n\n - It was discovered that a malicious web application could bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications.\n (CVE-2016-5018)\n\n - It was discovered that when a SecurityManager was configured, Tomcat's system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible.\n (CVE-2016-6794)\n\n - It was discovered that a malicious web application could bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. (CVE-2016-6796)\n\n - It was discovered that it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not.\n (CVE-2016-6797)\n\n - A vulnerability was discovered in tomcat. When running an untrusted application under a SecurityManager it was possible, under some circumstances, for that application to retain references to the request or response objects and thereby access and/or modify information associated with another web application.(CVE-2017-5648)\n\n - A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page.(CVE-2017-5664)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-09-08T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : tomcat (EulerOS-SA-2017-1192)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0762", "CVE-2016-5018", "CVE-2016-6794", "CVE-2016-6796", "CVE-2016-6797", "CVE-2017-5648", "CVE-2017-5664"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:tomcat", "p-cpe:/a:huawei:euleros:tomcat-admin-webapps", "p-cpe:/a:huawei:euleros:tomcat-el-2.2-api", "p-cpe:/a:huawei:euleros:tomcat-jsp-2.2-api", "p-cpe:/a:huawei:euleros:tomcat-lib", "p-cpe:/a:huawei:euleros:tomcat-servlet-3.0-api", "p-cpe:/a:huawei:euleros:tomcat-webapps", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1192.NASL", "href": "https://www.tenable.com/plugins/nessus/103030", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103030);\n script_version(\"3.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-0762\",\n \"CVE-2016-5018\",\n \"CVE-2016-6794\",\n \"CVE-2016-6796\",\n \"CVE-2016-6797\",\n \"CVE-2017-5648\",\n \"CVE-2017-5664\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : tomcat (EulerOS-SA-2017-1192)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the tomcat packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The Realm implementations did not process the supplied\n password if the supplied user name did not exist. This\n made a timing attack possible to determine valid user\n names. Note that the default configuration includes the\n LockOutRealm which makes exploitation of this\n vulnerability harder. (CVE-2016-0762)\n\n - It was discovered that a malicious web application\n could bypass a configured SecurityManager via a Tomcat\n utility method that was accessible to web applications.\n (CVE-2016-5018)\n\n - It was discovered that when a SecurityManager was\n configured, Tomcat's system property replacement\n feature for configuration files could be used by a\n malicious web application to bypass the SecurityManager\n and read system properties that should not be visible.\n (CVE-2016-6794)\n\n - It was discovered that a malicious web application\n could bypass a configured SecurityManager via\n manipulation of the configuration parameters for the\n JSP Servlet. (CVE-2016-6796)\n\n - It was discovered that it was possible for a web\n application to access any global JNDI resource whether\n an explicit ResourceLink had been configured or not.\n (CVE-2016-6797)\n\n - A vulnerability was discovered in tomcat. When running\n an untrusted application under a SecurityManager it was\n possible, under some circumstances, for that\n application to retain references to the request or\n response objects and thereby access and/or modify\n information associated with another web\n application.(CVE-2017-5648)\n\n - A vulnerability was discovered in the error page\n mechanism in Tomcat's DefaultServlet implementation. A\n crafted HTTP request could cause undesired side\n effects, possibly including the removal or replacement\n of the custom error page.(CVE-2017-5664)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1192\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5f74f127\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected tomcat packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"tomcat-7.0.76-2\",\n \"tomcat-admin-webapps-7.0.76-2\",\n \"tomcat-el-2.2-api-7.0.76-2\",\n \"tomcat-jsp-2.2-api-7.0.76-2\",\n \"tomcat-lib-7.0.76-2\",\n \"tomcat-servlet-3.0-api-7.0.76-2\",\n \"tomcat-webapps-7.0.76-2\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:07:34", "description": "The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4557-1 advisory.\n\n - The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder.\n (CVE-2016-0762)\n\n - In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications. (CVE-2016-5018)\n\n - When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70, 6.0.0 to 6.0.45 the system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible. (CVE-2016-6794)\n\n - A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. (CVE-2016-6796)\n\n - The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not. (CVE-2016-6797)\n\n - The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own. (CVE-2016-6816)\n\n - Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types. (CVE-2016-8735)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-09-30T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : Tomcat vulnerabilities (USN-4557-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0762", "CVE-2016-3427", "CVE-2016-5018", "CVE-2016-6794", "CVE-2016-6796", "CVE-2016-6797", "CVE-2016-6816", "CVE-2016-8735"], "modified": "2023-05-14T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:libservlet2.5-java"], "id": "UBUNTU_USN-4557-1.NASL", "href": "https://www.tenable.com/plugins/nessus/141092", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4557-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141092);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/14\");\n\n script_cve_id(\n \"CVE-2016-0762\",\n \"CVE-2016-5018\",\n \"CVE-2016-6794\",\n \"CVE-2016-6796\",\n \"CVE-2016-6797\",\n \"CVE-2016-6816\",\n \"CVE-2016-8735\"\n );\n script_bugtraq_id(\n 93939,\n 93940,\n 93942,\n 93943,\n 93944,\n 94461,\n 94463\n );\n script_xref(name:\"USN\", value:\"4557-1\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/06/02\");\n\n script_name(english:\"Ubuntu 16.04 LTS : Tomcat vulnerabilities (USN-4557-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe USN-4557-1 advisory.\n\n - The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to\n 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user\n name did not exist. This made a timing attack possible to determine valid user names. Note that the\n default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder.\n (CVE-2016-0762)\n\n - In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to\n 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility\n method that was accessible to web applications. (CVE-2016-5018)\n\n - When a SecurityManager is configured, a web application's ability to read system properties should be\n controlled by the SecurityManager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to\n 8.0.36, 7.0.0 to 7.0.70, 6.0.0 to 6.0.45 the system property replacement feature for configuration files\n could be used by a malicious web application to bypass the SecurityManager and read system properties that\n should not be visible. (CVE-2016-6794)\n\n - A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to\n 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via\n manipulation of the configuration parameters for the JSP Servlet. (CVE-2016-6796)\n\n - The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to\n 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources\n to those resources explicitly linked to the web application. Therefore, it was possible for a web\n application to access any global JNDI resource whether an explicit ResourceLink had been configured or\n not. (CVE-2016-6797)\n\n - The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and\n 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited,\n in conjunction with a proxy that also permitted the invalid characters but with a different\n interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker\n could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other\n then their own. (CVE-2016-6816)\n\n - Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39,\n 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can\n reach JMX ports. The issue exists because this listener wasn't updated for consistency with the\n CVE-2016-3427 Oracle patch that affected credential types. (CVE-2016-8735)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4557-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libservlet2.5-java package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-8735\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libservlet2.5-java\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2020-2023 Canonical, Inc. / NASL script (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('misc_func.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\n\npkgs = [\n {'osver': '16.04', 'pkgname': 'libservlet2.5-java', 'pkgver': '6.0.45+dfsg-1ubuntu0.1'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n osver = NULL;\n pkgname = NULL;\n pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libservlet2.5-java');\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:09:12", "description": "USN-3177-1 fixed vulnerabilities in Tomcat. The update introduced a regression in environments where Tomcat is started with a security manager. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nIt was discovered that the Tomcat realm implementations incorrectly handled passwords when a username didn't exist. A remote attacker could possibly use this issue to enumerate usernames. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.\n(CVE-2016-0762)\n\nAlvaro Munoz and Alexander Mirosh discovered that Tomcat incorrectly limited use of a certain utility method. A malicious application could possibly use this to bypass Security Manager restrictions. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.\n(CVE-2016-5018)\n\nIt was discovered that Tomcat did not protect applications from untrusted data in the HTTP_PROXY environment variable.\nA remote attacker could possibly use this issue to redirect outbound traffic to an arbitrary proxy server. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-5388)\n\nIt was discovered that Tomcat incorrectly controlled reading system properties. A malicious application could possibly use this to bypass Security Manager restrictions. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6794)\n\nIt was discovered that Tomcat incorrectly controlled certain configuration parameters. A malicious application could possibly use this to bypass Security Manager restrictions.\nThis issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6796)\n\nIt was discovered that Tomcat incorrectly limited access to global JNDI resources. A malicious application could use this to access any global JNDI resource without an explicit ResourceLink. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6797)\n\nRegis Leroy discovered that Tomcat incorrectly filtered certain invalid characters from the HTTP request line. A remote attacker could possibly use this issue to inject data into HTTP responses. (CVE-2016-6816)\n\nPierre Ernst discovered that the Tomcat JmxRemoteLifecycleListener did not implement a recommended fix. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2016-8735)\n\nIt was discovered that Tomcat incorrectly handled error handling in the send file code. A remote attacker could possibly use this issue to access information from other requests. (CVE-2016-8745)\n\nPaul Szabo discovered that the Tomcat package incorrectly handled upgrades and removals. A local attacker could possibly use this issue to obtain root privileges.\n(CVE-2016-9774, CVE-2016-9775).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-02-03T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS / 14.04 LTS : tomcat6, tomcat7 regression (USN-3177-2) (httpoxy)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0762", "CVE-2016-5018", "CVE-2016-5388", "CVE-2016-6794", "CVE-2016-6796", "CVE-2016-6797", "CVE-2016-6816", "CVE-2016-8735", "CVE-2016-8745", "CVE-2016-9774", "CVE-2016-9775"], "modified": "2023-05-14T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libtomcat6-java", "p-cpe:/a:canonical:ubuntu_linux:libtomcat7-java", "p-cpe:/a:canonical:ubuntu_linux:tomcat6", "p-cpe:/a:canonical:ubuntu_linux:tomcat7", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3177-2.NASL", "href": "https://www.tenable.com/plugins/nessus/96978", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3177-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96978);\n script_version(\"3.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/14\");\n\n script_cve_id(\n \"CVE-2016-0762\",\n \"CVE-2016-5018\",\n \"CVE-2016-5388\",\n \"CVE-2016-6794\",\n \"CVE-2016-6796\",\n \"CVE-2016-6797\",\n \"CVE-2016-6816\",\n \"CVE-2016-8735\",\n \"CVE-2016-8745\",\n \"CVE-2016-9774\",\n \"CVE-2016-9775\"\n );\n script_xref(name:\"USN\", value:\"3177-2\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/06/02\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS : tomcat6, tomcat7 regression (USN-3177-2) (httpoxy)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\");\n script_set_attribute(attribute:\"description\", value:\n\"USN-3177-1 fixed vulnerabilities in Tomcat. The update introduced a\nregression in environments where Tomcat is started with a security\nmanager. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nIt was discovered that the Tomcat realm implementations incorrectly\nhandled passwords when a username didn't exist. A remote attacker\ncould possibly use this issue to enumerate usernames. This issue only\napplied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.\n(CVE-2016-0762)\n\nAlvaro Munoz and Alexander Mirosh discovered that Tomcat\nincorrectly limited use of a certain utility method. A\nmalicious application could possibly use this to bypass\nSecurity Manager restrictions. This issue only applied to\nUbuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.\n(CVE-2016-5018)\n\nIt was discovered that Tomcat did not protect applications\nfrom untrusted data in the HTTP_PROXY environment variable.\nA remote attacker could possibly use this issue to redirect\noutbound traffic to an arbitrary proxy server. This issue\nonly applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and\nUbuntu 16.04 LTS. (CVE-2016-5388)\n\nIt was discovered that Tomcat incorrectly controlled reading\nsystem properties. A malicious application could possibly\nuse this to bypass Security Manager restrictions. This issue\nonly applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and\nUbuntu 16.04 LTS. (CVE-2016-6794)\n\nIt was discovered that Tomcat incorrectly controlled certain\nconfiguration parameters. A malicious application could\npossibly use this to bypass Security Manager restrictions.\nThis issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04\nLTS and Ubuntu 16.04 LTS. (CVE-2016-6796)\n\nIt was discovered that Tomcat incorrectly limited access to\nglobal JNDI resources. A malicious application could use\nthis to access any global JNDI resource without an explicit\nResourceLink. This issue only applied to Ubuntu 12.04 LTS,\nUbuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6797)\n\nRegis Leroy discovered that Tomcat incorrectly filtered\ncertain invalid characters from the HTTP request line. A\nremote attacker could possibly use this issue to inject data\ninto HTTP responses. (CVE-2016-6816)\n\nPierre Ernst discovered that the Tomcat\nJmxRemoteLifecycleListener did not implement a recommended\nfix. A remote attacker could possibly use this issue to\nexecute arbitrary code. (CVE-2016-8735)\n\nIt was discovered that Tomcat incorrectly handled error\nhandling in the send file code. A remote attacker could\npossibly use this issue to access information from other\nrequests. (CVE-2016-8745)\n\nPaul Szabo discovered that the Tomcat package incorrectly\nhandled upgrades and removals. A local attacker could\npossibly use this issue to obtain root privileges.\n(CVE-2016-9774, CVE-2016-9775).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://usn.ubuntu.com/3177-2/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libtomcat6-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libtomcat7-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libtomcat6-java\", pkgver:\"6.0.35-1ubuntu3.10\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"tomcat6\", pkgver:\"6.0.35-1ubuntu3.10\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libtomcat7-java\", pkgver:\"7.0.52-1ubuntu0.9\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"tomcat7\", pkgver:\"7.0.52-1ubuntu0.9\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtomcat6-java / libtomcat7-java / tomcat6 / tomcat7\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:36:08", "description": "It was discovered that the Tomcat realm implementations incorrectly handled passwords when a username didn't exist. A remote attacker could possibly use this issue to enumerate usernames. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.\n(CVE-2016-0762)\n\nAlvaro Munoz and Alexander Mirosh discovered that Tomcat incorrectly limited use of a certain utility method. A malicious application could possibly use this to bypass Security Manager restrictions. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-5018)\n\nIt was discovered that Tomcat did not protect applications from untrusted data in the HTTP_PROXY environment variable. A remote attacker could possibly use this issue to redirect outbound traffic to an arbitrary proxy server. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-5388)\n\nIt was discovered that Tomcat incorrectly controlled reading system properties. A malicious application could possibly use this to bypass Security Manager restrictions. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6794)\n\nIt was discovered that Tomcat incorrectly controlled certain configuration parameters. A malicious application could possibly use this to bypass Security Manager restrictions. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.\n(CVE-2016-6796)\n\nIt was discovered that Tomcat incorrectly limited access to global JNDI resources. A malicious application could use this to access any global JNDI resource without an explicit ResourceLink. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.\n(CVE-2016-6797)\n\nRegis Leroy discovered that Tomcat incorrectly filtered certain invalid characters from the HTTP request line. A remote attacker could possibly use this issue to inject data into HTTP responses.\n(CVE-2016-6816)\n\nPierre Ernst discovered that the Tomcat JmxRemoteLifecycleListener did not implement a recommended fix. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2016-8735)\n\nIt was discovered that Tomcat incorrectly handled error handling in the send file code. A remote attacker could possibly use this issue to access information from other requests. (CVE-2016-8745)\n\nPaul Szabo discovered that the Tomcat package incorrectly handled upgrades and removals. A local attacker could possibly use this issue to obtain root privileges. (CVE-2016-9774, CVE-2016-9775).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-01-24T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : tomcat6, tomcat7, tomcat8 vulnerabilities (USN-3177-1) (httpoxy)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0762", "CVE-2016-5018", "CVE-2016-5388", "CVE-2016-6794", "CVE-2016-6796", "CVE-2016-6797", "CVE-2016-6816", "CVE-2016-8735", "CVE-2016-8745", "CVE-2016-9774", "CVE-2016-9775"], "modified": "2023-05-14T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libtomcat6-java", "p-cpe:/a:canonical:ubuntu_linux:libtomcat7-java", "p-cpe:/a:canonical:ubuntu_linux:libtomcat8-java", "p-cpe:/a:canonical:ubuntu_linux:tomcat6", "p-cpe:/a:canonical:ubuntu_linux:tomcat7", "p-cpe:/a:canonical:ubuntu_linux:tomcat8", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:16.10"], "id": "UBUNTU_USN-3177-1.NASL", "href": "https://www.tenable.com/plugins/nessus/96720", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3177-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96720);\n script_version(\"3.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/14\");\n\n script_cve_id(\n \"CVE-2016-0762\",\n \"CVE-2016-5018\",\n \"CVE-2016-5388\",\n \"CVE-2016-6794\",\n \"CVE-2016-6796\",\n \"CVE-2016-6797\",\n \"CVE-2016-6816\",\n \"CVE-2016-8735\",\n \"CVE-2016-8745\",\n \"CVE-2016-9774\",\n \"CVE-2016-9775\"\n );\n script_xref(name:\"USN\", value:\"3177-1\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/06/02\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : tomcat6, tomcat7, tomcat8 vulnerabilities (USN-3177-1) (httpoxy)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\");\n script_set_attribute(attribute:\"description\", value:\n\"It was discovered that the Tomcat realm implementations incorrectly\nhandled passwords when a username didn't exist. A remote attacker\ncould possibly use this issue to enumerate usernames. This issue only\napplied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.\n(CVE-2016-0762)\n\nAlvaro Munoz and Alexander Mirosh discovered that Tomcat incorrectly\nlimited use of a certain utility method. A malicious application could\npossibly use this to bypass Security Manager restrictions. This issue\nonly applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04\nLTS. (CVE-2016-5018)\n\nIt was discovered that Tomcat did not protect applications from\nuntrusted data in the HTTP_PROXY environment variable. A remote\nattacker could possibly use this issue to redirect outbound traffic to\nan arbitrary proxy server. This issue only applied to Ubuntu 12.04\nLTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-5388)\n\nIt was discovered that Tomcat incorrectly controlled reading system\nproperties. A malicious application could possibly use this to bypass\nSecurity Manager restrictions. This issue only applied to Ubuntu 12.04\nLTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6794)\n\nIt was discovered that Tomcat incorrectly controlled certain\nconfiguration parameters. A malicious application could possibly use\nthis to bypass Security Manager restrictions. This issue only applied\nto Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.\n(CVE-2016-6796)\n\nIt was discovered that Tomcat incorrectly limited access to global\nJNDI resources. A malicious application could use this to access any\nglobal JNDI resource without an explicit ResourceLink. This issue only\napplied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.\n(CVE-2016-6797)\n\nRegis Leroy discovered that Tomcat incorrectly filtered certain\ninvalid characters from the HTTP request line. A remote attacker could\npossibly use this issue to inject data into HTTP responses.\n(CVE-2016-6816)\n\nPierre Ernst discovered that the Tomcat JmxRemoteLifecycleListener did\nnot implement a recommended fix. A remote attacker could possibly use\nthis issue to execute arbitrary code. (CVE-2016-8735)\n\nIt was discovered that Tomcat incorrectly handled error handling in\nthe send file code. A remote attacker could possibly use this issue to\naccess information from other requests. (CVE-2016-8745)\n\nPaul Szabo discovered that the Tomcat package incorrectly handled\nupgrades and removals. A local attacker could possibly use this issue\nto obtain root privileges. (CVE-2016-9774, CVE-2016-9775).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://usn.ubuntu.com/3177-1/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libtomcat6-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libtomcat7-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libtomcat8-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:tomcat8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|16\\.04|16\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 16.04 / 16.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libtomcat6-java\", pkgver:\"6.0.35-1ubuntu3.9\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"tomcat6\", pkgver:\"6.0.35-1ubuntu3.9\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libtomcat7-java\", pkgver:\"7.0.52-1ubuntu0.8\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"tomcat7\", pkgver:\"7.0.52-1ubuntu0.8\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libtomcat8-java\", pkgver:\"8.0.32-1ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"tomcat8\", pkgver:\"8.0.32-1ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"libtomcat8-java\", pkgver:\"8.0.37-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"tomcat8\", pkgver:\"8.0.37-1ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtomcat6-java / libtomcat7-java / libtomcat8-java / tomcat6 / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:10:36", "description": "An update is now available for Red Hat JBoss Web Server 3 for RHEL 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nRed Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 3.1.0 serves as a replacement for Red Hat JBoss Web Server 3.0.3, and includes enhancements.\n\nSecurity Fix(es) :\n\n* It was reported that the Tomcat init script performed unsafe file handling, which could result in local privilege escalation.\n(CVE-2016-1240)\n\n* It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. (CVE-2016-6325)\n\n* The JmxRemoteLifecycleListener was not updated to take account of Oracle's fix for CVE-2016-3427. JMXRemoteLifecycleListener is only included in EWS 2.x and JWS 3.x source distributions. If you deploy a Tomcat instance built from source, using the EWS 2.x, or JWS 3.x distributions, an attacker could use this flaw to launch a remote code execution attack on your deployed instance. (CVE-2016-8735)\n\n* A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long.\n(CVE-2016-3092)\n\n* It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)\n\n* A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)\n\n* The Realm implementations did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder. (CVE-2016-0762)\n\n* It was discovered that a malicious web application could bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications. (CVE-2016-5018)\n\n* It was discovered that when a SecurityManager is configured Tomcat's system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible. (CVE-2016-6794)\n\n* It was discovered that a malicious web application could bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. (CVE-2016-6796)\n\n* It was discovered that it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not. (CVE-2016-6797)\n\nThe CVE-2016-6325 issue was discovered by Red Hat Product Security.\n\nEnhancement(s) :\n\nThis enhancement update adds the Red Hat JBoss Web Server 3.1.0 packages to Red Hat Enterprise Linux 6. These packages provide a number of enhancements over the previous version of Red Hat JBoss Web Server. (JIRA#JWS-267)\n\nUsers of Red Hat JBoss Web Server are advised to upgrade to these updated packages, which add this enhancement.", "cvss3": {}, "published": "2017-03-08T00:00:00", "type": "nessus", "title": "RHEL 6 : Red Hat JBoss Web Server 3.1.0 (RHSA-2017:0455)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0762", "CVE-2016-1240", "CVE-2016-3092", "CVE-2016-3427", "CVE-2016-5018", "CVE-2016-6325", "CVE-2016-6794", "CVE-2016-6796", "CVE-2016-6797", "CVE-2016-6816", "CVE-2016-8735", "CVE-2016-8745"], "modified": "2023-05-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:hibernate4-c3p0-eap6", "p-cpe:/a:redhat:enterprise_linux:hibernate4-core-eap6", "p-cpe:/a:redhat:enterprise_linux:hibernate4-eap6", "p-cpe:/a:redhat:enterprise_linux:hibernate4-entitymanager-eap6", "p-cpe:/a:redhat:enterprise_linux:hibernate4-envers-eap6", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apache-commons-daemon", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apache-commons-daemon-jsvc", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-runtime", "p-cpe:/a:redhat:enterprise_linux:mod_cluster", "p-cpe:/a:redhat:enterprise_linux:mod_cluster-tomcat7", "p-cpe:/a:redhat:enterprise_linux:mod_cluster-tomcat8", "p-cpe:/a:redhat:enterprise_linux:tomcat-native", "p-cpe:/a:redhat:enterprise_linux:tomcat-native-debuginfo", "p-cpe:/a:redhat:enterprise_linux:tomcat-vault", "p-cpe:/a:redhat:enterprise_linux:tomcat7", "p-cpe:/a:redhat:enterprise_linux:tomcat7-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat8-jsp-2.3-api", "p-cpe:/a:redhat:enterprise_linux:tomcat7-docs-webapp", "p-cpe:/a:redhat:enterprise_linux:tomcat7-el-2.2-api", "p-cpe:/a:redhat:enterprise_linux:tomcat7-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat8-jsvc", "p-cpe:/a:redhat:enterprise_linux:tomcat7-jsp-2.2-api", "p-cpe:/a:redhat:enterprise_linux:tomcat8-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat7-jsvc", "p-cpe:/a:redhat:enterprise_linux:tomcat8-log4j", "p-cpe:/a:redhat:enterprise_linux:tomcat7-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat8-selinux", "p-cpe:/a:redhat:enterprise_linux:tomcat7-log4j", "p-cpe:/a:redhat:enterprise_linux:tomcat7-selinux", "p-cpe:/a:redhat:enterprise_linux:tomcat8-servlet-3.1-api", "p-cpe:/a:redhat:enterprise_linux:tomcat7-servlet-3.0-api", "p-cpe:/a:redhat:enterprise_linux:tomcat7-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat8-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat8", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:tomcat8-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat8-docs-webapp", "p-cpe:/a:redhat:enterprise_linux:tomcat8-el-2.2-api", "p-cpe:/a:redhat:enterprise_linux:tomcat8-javadoc"], "id": "REDHAT-RHSA-2017-0455.NASL", "href": "https://www.tenable.com/plugins/nessus/97595", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:0455. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97595);\n script_version(\"3.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/14\");\n\n script_cve_id(\n \"CVE-2016-0762\",\n \"CVE-2016-1240\",\n \"CVE-2016-3092\",\n \"CVE-2016-5018\",\n \"CVE-2016-6325\",\n \"CVE-2016-6794\",\n \"CVE-2016-6796\",\n \"CVE-2016-6797\",\n \"CVE-2016-6816\",\n \"CVE-2016-8735\",\n \"CVE-2016-8745\"\n );\n script_xref(name:\"RHSA\", value:\"2017:0455\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/06/02\");\n\n script_name(english:\"RHEL 6 : Red Hat JBoss Web Server 3.1.0 (RHSA-2017:0455)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update is now available for Red Hat JBoss Web Server 3 for RHEL 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the\nApache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat\nConnector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and\nthe Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 3.1.0 serves as a replacement\nfor Red Hat JBoss Web Server 3.0.3, and includes enhancements.\n\nSecurity Fix(es) :\n\n* It was reported that the Tomcat init script performed unsafe file\nhandling, which could result in local privilege escalation.\n(CVE-2016-1240)\n\n* It was discovered that the Tomcat packages installed certain\nconfiguration files read by the Tomcat initialization script as\nwriteable to the tomcat group. A member of the group or a malicious\nweb application deployed on Tomcat could use this flaw to escalate\ntheir privileges. (CVE-2016-6325)\n\n* The JmxRemoteLifecycleListener was not updated to take account of\nOracle's fix for CVE-2016-3427. JMXRemoteLifecycleListener is only\nincluded in EWS 2.x and JWS 3.x source distributions. If you deploy a\nTomcat instance built from source, using the EWS 2.x, or JWS 3.x\ndistributions, an attacker could use this flaw to launch a remote code\nexecution attack on your deployed instance. (CVE-2016-8735)\n\n* A denial of service vulnerability was identified in Commons\nFileUpload that occurred when the length of the multipart boundary was\njust below the size of the buffer (4096 bytes) used to read the\nuploaded file if the boundary was the typical tens of bytes long.\n(CVE-2016-3092)\n\n* It was discovered that the code that parsed the HTTP request line\npermitted invalid characters. This could be exploited, in conjunction\nwith a proxy that also permitted the invalid characters but with a\ndifferent interpretation, to inject data into the HTTP response. By\nmanipulating the HTTP response the attacker could poison a web-cache,\nperform an XSS attack, or obtain sensitive information from requests\nother then their own. (CVE-2016-6816)\n\n* A bug was discovered in the error handling of the send file code for\nthe NIO HTTP connector. This led to the current Processor object being\nadded to the Processor cache multiple times allowing information\nleakage between requests including, and not limited to, session ID and\nthe response body. (CVE-2016-8745)\n\n* The Realm implementations did not process the supplied password if\nthe supplied user name did not exist. This made a timing attack\npossible to determine valid user names. Note that the default\nconfiguration includes the LockOutRealm which makes exploitation of\nthis vulnerability harder. (CVE-2016-0762)\n\n* It was discovered that a malicious web application could bypass a\nconfigured SecurityManager via a Tomcat utility method that was\naccessible to web applications. (CVE-2016-5018)\n\n* It was discovered that when a SecurityManager is configured Tomcat's\nsystem property replacement feature for configuration files could be\nused by a malicious web application to bypass the SecurityManager and\nread system properties that should not be visible. (CVE-2016-6794)\n\n* It was discovered that a malicious web application could bypass a\nconfigured SecurityManager via manipulation of the configuration\nparameters for the JSP Servlet. (CVE-2016-6796)\n\n* It was discovered that it was possible for a web application to\naccess any global JNDI resource whether an explicit ResourceLink had\nbeen configured or not. (CVE-2016-6797)\n\nThe CVE-2016-6325 issue was discovered by Red Hat Product Security.\n\nEnhancement(s) :\n\nThis enhancement update adds the Red Hat JBoss Web Server 3.1.0\npackages to Red Hat Enterprise Linux 6. These packages provide a\nnumber of enhancements over the previous version of Red Hat JBoss Web\nServer. (JIRA#JWS-267)\n\nUsers of Red Hat JBoss Web Server are advised to upgrade to these\nupdated packages, which add this enhancement.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2017:0455\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2016-0762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2016-1240\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2016-3092\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2016-5018\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2016-6325\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2016-6794\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2016-6796\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2016-6797\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2016-6816\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2016-8735\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2016-8745\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-8735\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apache Tomcat on Ubuntu Log Init Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate4-c3p0-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate4-core-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate4-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate4-entitymanager-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate4-envers-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apache-commons-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apache-commons-daemon-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-runtime\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-tomcat8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-native-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-vault\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-jsp-2.3-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-servlet-3.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:0455\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"hibernate4-c3p0-eap6-4.2.23-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"hibernate4-core-eap6-4.2.23-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"hibernate4-eap6-4.2.23-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"hibernate4-entitymanager-eap6-4.2.23-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"hibernate4-envers-eap6-4.2.23-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbcs-httpd24-apache-commons-daemon-1.0.15-1.redhat_2.1.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-apache-commons-daemon-jsvc-1.0.15-17.redhat_2.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-apache-commons-daemon-jsvc-1.0.15-17.redhat_2.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1.0.15-17.redhat_2.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1.0.15-17.redhat_2.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbcs-httpd24-runtime-1-3.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"mod_cluster-1.3.5-2.Final_redhat_2.1.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"mod_cluster-tomcat7-1.3.5-2.Final_redhat_2.1.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"mod_cluster-tomcat8-1.3.5-2.Final_redhat_2.1.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"tomcat-native-1.2.8-9.redhat_9.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"tomcat-native-1.2.8-9.redhat_9.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"tomcat-native-debuginfo-1.2.8-9.redhat_9.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"tomcat-native-debuginfo-1.2.8-9.redhat_9.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat-vault-1.0.8-9.Final_redhat_2.1.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-7.0.70-16.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-admin-webapps-7.0.70-16.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-docs-webapp-7.0.70-16.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-el-2.2-api-7.0.70-16.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-javadoc-7.0.70-16.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-jsp-2.2-api-7.0.70-16.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-jsvc-7.0.70-16.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-lib-7.0.70-16.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-log4j-7.0.70-16.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-selinux-7.0.70-16.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-servlet-3.0-api-7.0.70-16.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-webapps-7.0.70-16.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat8-8.0.36-17.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat8-admin-webapps-8.0.36-17.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat8-docs-webapp-8.0.36-17.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat8-el-2.2-api-8.0.36-17.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat8-javadoc-8.0.36-17.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat8-jsp-2.3-api-8.0.36-17.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat8-jsvc-8.0.36-17.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat8-lib-8.0.36-17.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat8-log4j-8.0.36-17.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat8-selinux-8.0.36-17.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat8-servlet-3.1-api-8.0.36-17.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat8-webapps-8.0.36-17.ep7.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"hibernate4-c3p0-eap6 / hibernate4-core-eap6 / hibernate4-eap6 / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:10:23", "description": "An update is now available for Red Hat JBoss Web Server 3 for RHEL 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nRed Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 3.1.0 serves as a replacement for Red Hat JBoss Web Server 3.0.3, and includes enhancements.\n\nSecurity Fix(es) :\n\n* It was reported that the Tomcat init script performed unsafe file handling, which could result in local privilege escalation.\n(CVE-2016-1240)\n\n* It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. (CVE-2016-6325)\n\n* The JmxRemoteLifecycleListener was not updated to take account of Oracle's fix for CVE-2016-3427. JMXRemoteLifecycleListener is only included in EWS 2.x and JWS 3.x source distributions. If you deploy a Tomcat instance built from source, using the EWS 2.x, or JWS 3.x distributions, an attacker could use this flaw to launch a remote code execution attack on your deployed instance. (CVE-2016-8735)\n\n* A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long.\n(CVE-2016-3092)\n\n* It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)\n\n* A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)\n\n* The Realm implementations did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder. (CVE-2016-0762)\n\n* It was discovered that a malicious web application could bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications. (CVE-2016-5018)\n\n* It was discovered that when a SecurityManager is configured Tomcat's system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible. (CVE-2016-6794)\n\n* It was discovered that a malicious web application could bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. (CVE-2016-6796)\n\n* It was discovered that it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not. (CVE-2016-6797)\n\nThe CVE-2016-6325 issue was discovered by Red Hat Product Security.\n\nEnhancement(s) :\n\n* This enhancement update adds the Red Hat JBoss Web Server 3.1.0 packages to Red Hat Enterprise Linux 7. These packages provide a number of enhancements over the previous version of Red Hat JBoss Web Server. (JIRA#JWS-268)", "cvss3": {}, "published": "2017-03-08T00:00:00", "type": "nessus", "title": "RHEL 7 : Red Hat JBoss Web Server 3.1.0 (RHSA-2017:0456)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0762", "CVE-2016-1240", "CVE-2016-3092", "CVE-2016-3427", "CVE-2016-5018", "CVE-2016-6325", "CVE-2016-6794", "CVE-2016-6796", "CVE-2016-6797", "CVE-2016-6816", "CVE-2016-8735", "CVE-2016-8745"], "modified": "2023-05-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:hibernate4-c3p0-eap6", "p-cpe:/a:redhat:enterprise_linux:hibernate4-core-eap6", "p-cpe:/a:redhat:enterprise_linux:hibernate4-eap6", "p-cpe:/a:redhat:enterprise_linux:hibernate4-entitymanager-eap6", "p-cpe:/a:redhat:enterprise_linux:hibernate4-envers-eap6", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apache-commons-daemon", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apache-commons-daemon-jsvc", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-runtime", "p-cpe:/a:redhat:enterprise_linux:mod_cluster", "p-cpe:/a:redhat:enterprise_linux:mod_cluster-tomcat7", "p-cpe:/a:redhat:enterprise_linux:mod_cluster-tomcat8", "p-cpe:/a:redhat:enterprise_linux:tomcat-native", "p-cpe:/a:redhat:enterprise_linux:tomcat-native-debuginfo", "p-cpe:/a:redhat:enterprise_linux:tomcat-vault", "p-cpe:/a:redhat:enterprise_linux:tomcat7", "p-cpe:/a:redhat:enterprise_linux:tomcat7-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat7-docs-webapp", "p-cpe:/a:redhat:enterprise_linux:tomcat7-el-2.2-api", "p-cpe:/a:redhat:enterprise_linux:tomcat7-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat7-jsp-2.2-api", "p-cpe:/a:redhat:enterprise_linux:tomcat7-jsvc", "p-cpe:/a:redhat:enterprise_linux:tomcat7-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat7-log4j", "p-cpe:/a:redhat:enterprise_linux:tomcat7-selinux", "p-cpe:/a:redhat:enterprise_linux:tomcat7-servlet-3.0-api", "p-cpe:/a:redhat:enterprise_linux:tomcat7-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat8", "p-cpe:/a:redhat:enterprise_linux:tomcat8-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat8-docs-webapp", "p-cpe:/a:redhat:enterprise_linux:tomcat8-el-2.2-api", "p-cpe:/a:redhat:enterprise_linux:tomcat8-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat8-jsp-2.3-api", "p-cpe:/a:redhat:enterprise_linux:tomcat8-jsvc", "p-cpe:/a:redhat:enterprise_linux:tomcat8-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat8-log4j", "p-cpe:/a:redhat:enterprise_linux:tomcat8-selinux", "p-cpe:/a:redhat:enterprise_linux:tomcat8-servlet-3.1-api", "p-cpe:/a:redhat:enterprise_linux:tomcat8-webapps", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2017-0456.NASL", "href": "https://www.tenable.com/plugins/nessus/97596", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:0456. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97596);\n script_version(\"3.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/14\");\n\n script_cve_id(\n \"CVE-2016-0762\",\n \"CVE-2016-1240\",\n \"CVE-2016-3092\",\n \"CVE-2016-5018\",\n \"CVE-2016-6325\",\n \"CVE-2016-6794\",\n \"CVE-2016-6796\",\n \"CVE-2016-6797\",\n \"CVE-2016-6816\",\n \"CVE-2016-8735\",\n \"CVE-2016-8745\"\n );\n script_xref(name:\"RHSA\", value:\"2017:0456\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/06/02\");\n\n script_name(english:\"RHEL 7 : Red Hat JBoss Web Server 3.1.0 (RHSA-2017:0456)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update is now available for Red Hat JBoss Web Server 3 for RHEL 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the\nApache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat\nConnector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and\nthe Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 3.1.0 serves as a replacement\nfor Red Hat JBoss Web Server 3.0.3, and includes enhancements.\n\nSecurity Fix(es) :\n\n* It was reported that the Tomcat init script performed unsafe file\nhandling, which could result in local privilege escalation.\n(CVE-2016-1240)\n\n* It was discovered that the Tomcat packages installed certain\nconfiguration files read by the Tomcat initialization script as\nwriteable to the tomcat group. A member of the group or a malicious\nweb application deployed on Tomcat could use this flaw to escalate\ntheir privileges. (CVE-2016-6325)\n\n* The JmxRemoteLifecycleListener was not updated to take account of\nOracle's fix for CVE-2016-3427. JMXRemoteLifecycleListener is only\nincluded in EWS 2.x and JWS 3.x source distributions. If you deploy a\nTomcat instance built from source, using the EWS 2.x, or JWS 3.x\ndistributions, an attacker could use this flaw to launch a remote code\nexecution attack on your deployed instance. (CVE-2016-8735)\n\n* A denial of service vulnerability was identified in Commons\nFileUpload that occurred when the length of the multipart boundary was\njust below the size of the buffer (4096 bytes) used to read the\nuploaded file if the boundary was the typical tens of bytes long.\n(CVE-2016-3092)\n\n* It was discovered that the code that parsed the HTTP request line\npermitted invalid characters. This could be exploited, in conjunction\nwith a proxy that also permitted the invalid characters but with a\ndifferent interpretation, to inject data into the HTTP response. By\nmanipulating the HTTP response the attacker could poison a web-cache,\nperform an XSS attack, or obtain sensitive information from requests\nother then their own. (CVE-2016-6816)\n\n* A bug was discovered in the error handling of the send file code for\nthe NIO HTTP connector. This led to the current Processor object being\nadded to the Processor cache multiple times allowing information\nleakage between requests including, and not limited to, session ID and\nthe response body. (CVE-2016-8745)\n\n* The Realm implementations did not process the supplied password if\nthe supplied user name did not exist. This made a timing attack\npossible to determine valid user names. Note that the default\nconfiguration includes the LockOutRealm which makes exploitation of\nthis vulnerability harder. (CVE-2016-0762)\n\n* It was discovered that a malicious web application could bypass a\nconfigured SecurityManager via a Tomcat utility method that was\naccessible to web applications. (CVE-2016-5018)\n\n* It was discovered that when a SecurityManager is configured Tomcat's\nsystem property replacement feature for configuration files could be\nused by a malicious web application to bypass the SecurityManager and\nread system properties that should not be visible. (CVE-2016-6794)\n\n* It was discovered that a malicious web application could bypass a\nconfigured SecurityManager via manipulation of the configuration\nparameters for the JSP Servlet. (CVE-2016-6796)\n\n* It was discovered that it was possible for a web application to\naccess any global JNDI resource whether an explicit ResourceLink had\nbeen configured or not. (CVE-2016-6797)\n\nThe CVE-2016-6325 issue was discovered by Red Hat Product Security.\n\nEnhancement(s) :\n\n* This enhancement update adds the Red Hat JBoss Web Server 3.1.0\npackages to Red Hat Enterprise Linux 7. These packages provide a\nnumber of enhancements over the previous version of Red Hat JBoss Web\nServer. (JIRA#JWS-268)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2017:0456\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2016-0762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2016-1240\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2016-3092\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2016-5018\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2016-6325\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2016-6794\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2016-6796\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2016-6797\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2016-6816\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2016-8735\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2016-8745\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-8735\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apache Tomcat on Ubuntu Log Init Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate4-c3p0-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate4-core-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate4-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate4-entitymanager-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate4-envers-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apache-commons-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apache-commons-daemon-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-runtime\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-tomcat8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-native-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-vault\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-jsp-2.3-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-servlet-3.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:0456\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", reference:\"hibernate4-c3p0-eap6-4.2.23-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"hibernate4-core-eap6-4.2.23-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"hibernate4-eap6-4.2.23-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"hibernate4-entitymanager-eap6-4.2.23-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"hibernate4-envers-eap6-4.2.23-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jbcs-httpd24-apache-commons-daemon-1.0.15-1.redhat_2.1.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-apache-commons-daemon-jsvc-1.0.15-17.redhat_2.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1.0.15-17.redhat_2.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jbcs-httpd24-runtime-1-3.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"mod_cluster-1.3.5-2.Final_redhat_2.1.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"mod_cluster-tomcat7-1.3.5-2.Final_redhat_2.1.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"mod_cluster-tomcat8-1.3.5-2.Final_redhat_2.1.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"tomcat-native-1.2.8-9.redhat_9.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"tomcat-native-debuginfo-1.2.8-9.redhat_9.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-vault-1.0.8-9.Final_redhat_2.1.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-7.0.70-16.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-admin-webapps-7.0.70-16.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-docs-webapp-7.0.70-16.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-el-2.2-api-7.0.70-16.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-javadoc-7.0.70-16.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-jsp-2.2-api-7.0.70-16.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-jsvc-7.0.70-16.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-lib-7.0.70-16.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-log4j-7.0.70-16.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-selinux-7.0.70-16.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-servlet-3.0-api-7.0.70-16.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-webapps-7.0.70-16.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat8-8.0.36-17.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat8-admin-webapps-8.0.36-17.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat8-docs-webapp-8.0.36-17.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat8-el-2.2-api-8.0.36-17.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat8-javadoc-8.0.36-17.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat8-jsp-2.3-api-8.0.36-17.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat8-jsvc-8.0.36-17.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat8-lib-8.0.36-17.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat8-log4j-8.0.36-17.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat8-selinux-8.0.36-17.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat8-servlet-3.1-api-8.0.36-17.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat8-webapps-8.0.36-17.ep7.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"hibernate4-c3p0-eap6 / hibernate4-core-eap6 / hibernate4-eap6 / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:12:18", "description": "According to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.(CVE-2014-7810)\n\n - Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the same web application, might allow remote attackers to hijack web sessions by leveraging use of a requestedSessionSSL field for an unintended request, related to CoyoteAdapter.java and Request.java.(CVE-2015-5346)\n\n - Apache Tomcat through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an 'httpoxy' issue. NOTE: the vendor states 'A mitigation is planned for future releases of Tomcat, tracked as CVE-2016-5388' in other words, this is not a CVE ID for a vulnerability.(CVE-2016-5388)\n\n - It was discovered that the Tomcat packages installed configuration file /usr/lib/tmpfiles.d/tomcat.conf writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges.(CVE-2016-5425)\n\n - It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group.\n A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges.(CVE-2016-6325)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-05-01T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP1 : tomcat (EulerOS-SA-2016-1049)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7810", "CVE-2015-5346", "CVE-2016-5388", "CVE-2016-5425", "CVE-2016-6325"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:tomcat", "p-cpe:/a:huawei:euleros:tomcat-admin-webapps", "p-cpe:/a:huawei:euleros:tomcat-el-2.2-api", "p-cpe:/a:huawei:euleros:tomcat-jsp-2.2-api", "p-cpe:/a:huawei:euleros:tomcat-lib", "p-cpe:/a:huawei:euleros:tomcat-servlet-3.0-api", "p-cpe:/a:huawei:euleros:tomcat-webapps", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2016-1049.NASL", "href": "https://www.tenable.com/plugins/nessus/99812", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99812);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2014-7810\",\n \"CVE-2015-5346\",\n \"CVE-2016-5388\",\n \"CVE-2016-5425\",\n \"CVE-2016-6325\"\n );\n script_bugtraq_id(\n 74665\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : tomcat (EulerOS-SA-2016-1049)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the tomcat packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The Expression Language (EL) implementation in Apache\n Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x\n before 8.0.16 does not properly consider the\n possibility of an accessible interface implemented by\n an inaccessible class, which allows attackers to bypass\n a SecurityManager protection mechanism via a web\n application that leverages use of incorrect privileges\n during EL evaluation.(CVE-2014-7810)\n\n - Session fixation vulnerability in Apache Tomcat 7.x\n before 7.0.66, 8.x before 8.0.30, and 9.x before\n 9.0.0.M2, when different session settings are used for\n deployments of multiple versions of the same web\n application, might allow remote attackers to hijack web\n sessions by leveraging use of a requestedSessionSSL\n field for an unintended request, related to\n CoyoteAdapter.java and Request.java.(CVE-2015-5346)\n\n - Apache Tomcat through 8.5.4, when the CGI Servlet is\n enabled, follows RFC 3875 section 4.1.18 and therefore\n does not protect applications from the presence of\n untrusted client data in the HTTP_PROXY environment\n variable, which might allow remote attackers to\n redirect an application's outbound HTTP traffic to an\n arbitrary proxy server via a crafted Proxy header in an\n HTTP request, aka an 'httpoxy' issue. NOTE: the vendor\n states 'A mitigation is planned for future releases of\n Tomcat, tracked as CVE-2016-5388' in other words, this\n is not a CVE ID for a vulnerability.(CVE-2016-5388)\n\n - It was discovered that the Tomcat packages installed\n configuration file /usr/lib/tmpfiles.d/tomcat.conf\n writeable to the tomcat group. A member of the group or\n a malicious web application deployed on Tomcat could\n use this flaw to escalate their\n privileges.(CVE-2016-5425)\n\n - It was discovered that the Tomcat packages installed\n certain configuration files read by the Tomcat\n initialization script as writeable to the tomcat group.\n A member of the group or a malicious web application\n deployed on Tomcat could use this flaw to escalate\n their privileges.(CVE-2016-6325)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2016-1049\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?eeeac735\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected tomcat packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"tomcat-7.0.54-8\",\n \"tomcat-admin-webapps-7.0.54-8\",\n \"tomcat-el-2.2-api-7.0.54-8\",\n \"tomcat-jsp-2.2-api-7.0.54-8\",\n \"tomcat-lib-7.0.54-8\",\n \"tomcat-servlet-3.0-api-7.0.54-8\",\n \"tomcat-webapps-7.0.54-8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:28:25", "description": "Security Fix(es) :\n\n - It was discovered that the Tomcat packages installed configuration file /usr/lib/tmpfiles.d/tomcat.conf writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. (CVE-2016-5425)\n\n - It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group.\n A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. (CVE-2016-6325)\n\n - It was found that the expression language resolver evaluated expressions within a privileged code section.\n A malicious web application could use this flaw to bypass security manager protections. (CVE-2014-7810)\n\n - It was discovered that tomcat used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-5388)\n\n - A session fixation flaw was found in the way Tomcat recycled the requestedSessionSSL field. If at least one web application was configured to use the SSL session ID as the HTTP session ID, an attacker could reuse a previously used session ID for further requests.\n (CVE-2015-5346)", "cvss3": {}, "published": "2016-10-12T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : tomcat on SL7.x (noarch) (20161010) (httpoxy)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7810", "CVE-2015-5346", "CVE-2016-5388", "CVE-2016-5425", "CVE-2016-6325"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:tomcat", "p-cpe:/a:fermilab:scientific_linux:tomcat-admin-webapps", "p-cpe:/a:fermilab:scientific_linux:tomcat-docs-webapp", "p-cpe:/a:fermilab:scientific_linux:tomcat-el-2.2-api", "p-cpe:/a:fermilab:scientific_linux:tomcat-javadoc", "p-cpe:/a:fermilab:scientific_linux:tomcat-jsp-2.2-api", "p-cpe:/a:fermilab:scientific_linux:tomcat-jsvc", "p-cpe:/a:fermilab:scientific_linux:tomcat-lib", "p-cpe:/a:fermilab:scientific_linux:tomcat-servlet-3.0-api", "p-cpe:/a:fermilab:scientific_linux:tomcat-webapps", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20161010_TOMCAT_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/94005", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94005);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-7810\", \"CVE-2015-5346\", \"CVE-2016-5388\", \"CVE-2016-5425\", \"CVE-2016-6325\");\n\n script_name(english:\"Scientific Linux Security Update : tomcat on SL7.x (noarch) (20161010) (httpoxy)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - It was discovered that the Tomcat packages installed\n configuration file /usr/lib/tmpfiles.d/tomcat.conf\n writeable to the tomcat group. A member of the group or\n a malicious web application deployed on Tomcat could use\n this flaw to escalate their privileges. (CVE-2016-5425)\n\n - It was discovered that the Tomcat packages installed\n certain configuration files read by the Tomcat\n initialization script as writeable to the tomcat group.\n A member of the group or a malicious web application\n deployed on Tomcat could use this flaw to escalate their\n privileges. (CVE-2016-6325)\n\n - It was found that the expression language resolver\n evaluated expressions within a privileged code section.\n A malicious web application could use this flaw to\n bypass security manager protections. (CVE-2014-7810)\n\n - It was discovered that tomcat used the value of the\n Proxy header from HTTP requests to initialize the\n HTTP_PROXY environment variable for CGI scripts, which\n in turn was incorrectly used by certain HTTP client\n implementations to configure the proxy for outgoing HTTP\n requests. A remote attacker could possibly use this flaw\n to redirect HTTP requests performed by a CGI script to\n an attacker-controlled proxy via a malicious HTTP\n request. (CVE-2016-5388)\n\n - A session fixation flaw was found in the way Tomcat\n recycled the requestedSessionSSL field. If at least one\n web application was configured to use the SSL session ID\n as the HTTP session ID, an attacker could reuse a\n previously used session ID for further requests.\n (CVE-2015-5346)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1610&L=scientific-linux-errata&F=&S=&P=1735\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1720d67c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/12\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", reference:\"tomcat-7.0.54-8.el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"tomcat-admin-webapps-7.0.54-8.el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"tomcat-docs-webapp-7.0.54-8.el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"tomcat-el-2.2-api-7.0.54-8.el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"tomcat-javadoc-7.0.54-8.el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"tomcat-jsp-2.2-api-7.0.54-8.el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"tomcat-jsvc-7.0.54-8.el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"tomcat-lib-7.0.54-8.el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"tomcat-servlet-3.0-api-7.0.54-8.el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"tomcat-webapps-7.0.54-8.el7_2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:29:10", "description": "An update for tomcat is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* It was discovered that the Tomcat packages installed configuration file / usr/lib/tmpfiles.d/tomcat.conf writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. (CVE-2016-5425)\n\n* It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. (CVE-2016-6325)\n\n* It was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could use this flaw to bypass security manager protections. (CVE-2014-7810)\n\n* It was discovered that tomcat used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-5388)\n\n* A session fixation flaw was found in the way Tomcat recycled the requestedSessionSSL field. If at least one web application was configured to use the SSL session ID as the HTTP session ID, an attacker could reuse a previously used session ID for further requests. (CVE-2015-5346)\n\nRed Hat would like to thank Dawid Golunski (http://legalhackers.com) for reporting CVE-2016-5425 and Scott Geary (VendHQ) for reporting CVE-2016-5388. The CVE-2016-6325 issue was discovered by Red Hat Product Security.", "cvss3": {}, "published": "2016-10-12T00:00:00", "type": "nessus", "title": "CentOS 7 : tomcat (CESA-2016:2046) (httpoxy)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7810", "CVE-2015-5346", "CVE-2016-5388", "CVE-2016-5425", "CVE-2016-6325"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:tomcat", "p-cpe:/a:centos:centos:tomcat-admin-webapps", "p-cpe:/a:centos:centos:tomcat-docs-webapp", "p-cpe:/a:centos:centos:tomcat-el-2.2-api", "p-cpe:/a:centos:centos:tomcat-javadoc", "p-cpe:/a:centos:centos:tomcat-jsp-2.2-api", "p-cpe:/a:centos:centos:tomcat-jsvc", "p-cpe:/a:centos:centos:tomcat-lib", "p-cpe:/a:centos:centos:tomcat-servlet-3.0-api", "p-cpe:/a:centos:centos:tomcat-webapps", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2016-2046.NASL", "href": "https://www.tenable.com/plugins/nessus/93966", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:2046 and \n# CentOS Errata and Security Advisory 2016:2046 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93966);\n script_version(\"2.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2014-7810\", \"CVE-2015-5346\", \"CVE-2016-5388\", \"CVE-2016-5425\", \"CVE-2016-6325\");\n script_xref(name:\"RHSA\", value:\"2016:2046\");\n\n script_name(english:\"CentOS 7 : tomcat (CESA-2016:2046) (httpoxy)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for tomcat is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* It was discovered that the Tomcat packages installed configuration\nfile / usr/lib/tmpfiles.d/tomcat.conf writeable to the tomcat group. A\nmember of the group or a malicious web application deployed on Tomcat\ncould use this flaw to escalate their privileges. (CVE-2016-5425)\n\n* It was discovered that the Tomcat packages installed certain\nconfiguration files read by the Tomcat initialization script as\nwriteable to the tomcat group. A member of the group or a malicious\nweb application deployed on Tomcat could use this flaw to escalate\ntheir privileges. (CVE-2016-6325)\n\n* It was found that the expression language resolver evaluated\nexpressions within a privileged code section. A malicious web\napplication could use this flaw to bypass security manager\nprotections. (CVE-2014-7810)\n\n* It was discovered that tomcat used the value of the Proxy header\nfrom HTTP requests to initialize the HTTP_PROXY environment variable\nfor CGI scripts, which in turn was incorrectly used by certain HTTP\nclient implementations to configure the proxy for outgoing HTTP\nrequests. A remote attacker could possibly use this flaw to redirect\nHTTP requests performed by a CGI script to an attacker-controlled\nproxy via a malicious HTTP request. (CVE-2016-5388)\n\n* A session fixation flaw was found in the way Tomcat recycled the\nrequestedSessionSSL field. If at least one web application was\nconfigured to use the SSL session ID as the HTTP session ID, an\nattacker could reuse a previously used session ID for further\nrequests. (CVE-2015-5346)\n\nRed Hat would like to thank Dawid Golunski (http://legalhackers.com)\nfor reporting CVE-2016-5425 and Scott Geary (VendHQ) for reporting\nCVE-2016-5388. The CVE-2016-6325 issue was discovered by Red Hat\nProduct Security.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-October/022121.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1f6eee75\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-5425\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/12\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-7.0.54-8.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-admin-webapps-7.0.54-8.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-docs-webapp-7.0.54-8.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-el-2.2-api-7.0.54-8.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-javadoc-7.0.54-8.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-jsp-2.2-api-7.0.54-8.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-jsvc-7.0.54-8.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-lib-7.0.54-8.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-servlet-3.0-api-7.0.54-8.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-webapps-7.0.54-8.el7_2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:10:58", "description": "From Red Hat Security Advisory 2016:2046 :\n\nAn update for tomcat is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* It was discovered that the Tomcat packages installed configuration file / usr/lib/tmpfiles.d/tomcat.conf writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. (CVE-2016-5425)\n\n* It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. (CVE-2016-6325)\n\n* It was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could use this flaw to bypass security manager protections. (CVE-2014-7810)\n\n* It was discovered that tomcat used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-5388)\n\n* A session fixation flaw was found in the way Tomcat recycled the requestedSessionSSL field. If at least one web application was configured to use the SSL session ID as the HTTP session ID, an attacker could reuse a previously used session ID for further requests. (CVE-2015-5346)\n\nRed Hat would like to thank Dawid Golunski (http://legalhackers.com) for reporting CVE-2016-5425 and Scott Geary (VendHQ) for reporting CVE-2016-5388. The CVE-2016-6325 issue was discovered by Red Hat Product Security.", "cvss3": {}, "published": "2016-10-11T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : tomcat (ELSA-2016-2046) (httpoxy)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7810", "CVE-2015-5346", "CVE-2016-5388", "CVE-2016-5425", "CVE-2016-6325"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:tomcat", "p-cpe:/a:oracle:linux:tomcat-admin-webapps", "p-cpe:/a:oracle:linux:tomcat-docs-webapp", "p-cpe:/a:oracle:linux:tomcat-el-2.2-api", "p-cpe:/a:oracle:linux:tomcat-javadoc", "p-cpe:/a:oracle:linux:tomcat-jsp-2.2-api", "p-cpe:/a:oracle:linux:tomcat-jsvc", "p-cpe:/a:oracle:linux:tomcat-lib", "p-cpe:/a:oracle:linux:tomcat-servlet-3.0-api", "p-cpe:/a:oracle:linux:tomcat-webapps", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2016-2046.NASL", "href": "https://www.tenable.com/plugins/nessus/93948", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2016:2046 and \n# Oracle Linux Security Advisory ELSA-2016-2046 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93948);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-7810\", \"CVE-2015-5346\", \"CVE-2016-5388\", \"CVE-2016-5425\", \"CVE-2016-6325\");\n script_xref(name:\"RHSA\", value:\"2016:2046\");\n\n script_name(english:\"Oracle Linux 7 : tomcat (ELSA-2016-2046) (httpoxy)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2016:2046 :\n\nAn update for tomcat is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* It was discovered that the Tomcat packages installed configuration\nfile / usr/lib/tmpfiles.d/tomcat.conf writeable to the tomcat group. A\nmember of the group or a malicious web application deployed on Tomcat\ncould use this flaw to escalate their privileges. (CVE-2016-5425)\n\n* It was discovered that the Tomcat packages installed certain\nconfiguration files read by the Tomcat initialization script as\nwriteable to the tomcat group. A member of the group or a malicious\nweb application deployed on Tomcat could use this flaw to escalate\ntheir privileges. (CVE-2016-6325)\n\n* It was found that the expression language resolver evaluated\nexpressions within a privileged code section. A malicious web\napplication could use this flaw to bypass security manager\nprotections. (CVE-2014-7810)\n\n* It was discovered that tomcat used the value of the Proxy header\nfrom HTTP requests to initialize the HTTP_PROXY environment variable\nfor CGI scripts, which in turn was incorrectly used by certain HTTP\nclient implementations to configure the proxy for outgoing HTTP\nrequests. A remote attacker could possibly use this flaw to redirect\nHTTP requests performed by a CGI script to an attacker-controlled\nproxy via a malicious HTTP request. (CVE-2016-5388)\n\n* A session fixation flaw was found in the way Tomcat recycled the\nrequestedSessionSSL field. If at least one web application was\nconfigured to use the SSL session ID as the HTTP session ID, an\nattacker could reuse a previously used session ID for further\nrequests. (CVE-2015-5346)\n\nRed Hat would like to thank Dawid Golunski (http://legalhackers.com)\nfor reporting CVE-2016-5425 and Scott Geary (VendHQ) for reporting\nCVE-2016-5388. The CVE-2016-6325 issue was discovered by Red Hat\nProduct Security.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-October/006407.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/11\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-7.0.54-8.el7_2\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-admin-webapps-7.0.54-8.el7_2\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-docs-webapp-7.0.54-8.el7_2\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-el-2.2-api-7.0.54-8.el7_2\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-javadoc-7.0.54-8.el7_2\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-jsp-2.2-api-7.0.54-8.el7_2\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-jsvc-7.0.54-8.el7_2\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-lib-7.0.54-8.el7_2\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-servlet-3.0-api-7.0.54-8.el7_2\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-webapps-7.0.54-8.el7_2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:10:58", "description": "An update for tomcat is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* It was discovered that the Tomcat packages installed configuration file / usr/lib/tmpfiles.d/tomcat.conf writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. (CVE-2016-5425)\n\n* It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. (CVE-2016-6325)\n\n* It was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could use this flaw to bypass security manager protections. (CVE-2014-7810)\n\n* It was discovered that tomcat used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-5388)\n\n* A session fixation flaw was found in the way Tomcat recycled the requestedSessionSSL field. If at least one web application was configured to use the SSL session ID as the HTTP session ID, an attacker could reuse a previously used session ID for further requests. (CVE-2015-5346)\n\nRed Hat would like to thank Dawid Golunski (http://legalhackers.com) for reporting CVE-2016-5425 and Scott Geary (VendHQ) for reporting CVE-2016-5388. The CVE-2016-6325 issue was discovered by Red Hat Product Security.", "cvss3": {}, "published": "2016-10-11T00:00:00", "type": "nessus", "title": "RHEL 7 : tomcat (RHSA-2016:2046) (httpoxy)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7810", "CVE-2015-5346", "CVE-2016-5388", "CVE-2016-5425", "CVE-2016-6325"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:tomcat", "p-cpe:/a:redhat:enterprise_linux:tomcat-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat-docs-webapp", "p-cpe:/a:redhat:enterprise_linux:tomcat-el-2.2-api", "p-cpe:/a:redhat:enterprise_linux:tomcat-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat-jsp-2.2-api", "p-cpe:/a:redhat:enterprise_linux:tomcat-jsvc", "p-cpe:/a:redhat:enterprise_linux:tomcat-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat-servlet-3.0-api", "p-cpe:/a:redhat:enterprise_linux:tomcat-webapps", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.2", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2016-2046.NASL", "href": "https://www.tenable.com/plugins/nessus/93951", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:2046. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93951);\n script_version(\"2.16\");\n script_cvs_date(\"Date: 2019/10/24 15:35:42\");\n\n script_cve_id(\"CVE-2014-7810\", \"CVE-2015-5346\", \"CVE-2016-5388\", \"CVE-2016-5425\", \"CVE-2016-6325\");\n script_xref(name:\"RHSA\", value:\"2016:2046\");\n\n script_name(english:\"RHEL 7 : tomcat (RHSA-2016:2046) (httpoxy)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for tomcat is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* It was discovered that the Tomcat packages installed configuration\nfile / usr/lib/tmpfiles.d/tomcat.conf writeable to the tomcat group. A\nmember of the group or a malicious web application deployed on Tomcat\ncould use this flaw to escalate their privileges. (CVE-2016-5425)\n\n* It was discovered that the Tomcat packages installed certain\nconfiguration files read by the Tomcat initialization script as\nwriteable to the tomcat group. A member of the group or a malicious\nweb application deployed on Tomcat could use this flaw to escalate\ntheir privileges. (CVE-2016-6325)\n\n* It was found that the expression language resolver evaluated\nexpressions within a privileged code section. A malicious web\napplication could use this flaw to bypass security manager\nprotections. (CVE-2014-7810)\n\n* It was discovered that tomcat used the value of the Proxy header\nfrom HTTP requests to initialize the HTTP_PROXY environment variable\nfor CGI scripts, which in turn was incorrectly used by certain HTTP\nclient implementations to configure the proxy for outgoing HTTP\nrequests. A remote attacker could possibly use this flaw to redirect\nHTTP requests performed by a CGI script to an attacker-controlled\nproxy via a malicious HTTP request. (CVE-2016-5388)\n\n* A session fixation flaw was found in the way Tomcat recycled the\nrequestedSessionSSL field. If at least one web application was\nconfigured to use the SSL session ID as the HTTP session ID, an\nattacker could reuse a previously used session ID for further\nrequests. (CVE-2015-5346)\n\nRed Hat would like to thank Dawid Golunski (http://legalhackers.com)\nfor reporting CVE-2016-5425 and Scott Geary (VendHQ) for reporting\nCVE-2016-5388. The CVE-2016-6325 issue was discovered by Red Hat\nProduct Security.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:2046\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-7810\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5346\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5388\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5425\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6325\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/11\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:2046\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-7.0.54-8.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-admin-webapps-7.0.54-8.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-docs-webapp-7.0.54-8.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-el-2.2-api-7.0.54-8.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-javadoc-7.0.54-8.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-jsp-2.2-api-7.0.54-8.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-jsvc-7.0.54-8.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-lib-7.0.54-8.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-servlet-3.0-api-7.0.54-8.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-webapps-7.0.54-8.el7_2\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:13:46", "description": "An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nRed Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server.\n\nThis release of Red Hat JBoss Enterprise Application Platform 6.4.16 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.15, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es) :\n\n* It was found that the log file viewer in Red Hat JBoss Enterprise Application 6 and 7 allows arbitrary file read to authenticated user via path traversal. (CVE-2017-2595)\n\n* It was discovered that a malicious web application could bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications. (CVE-2016-5018)\n\n* It was discovered that a malicious web application could bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. (CVE-2016-6796)", "cvss3": {}, "published": "2017-06-22T00:00:00", "type": "nessus", "title": "RHEL 5 : JBoss EAP (RHSA-2017:1550)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5018", "CVE-2016-6796", "CVE-2017-2595"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:hornetq", "p-cpe:/a:redhat:enterprise_linux:ironjacamar-common-api-eap6", "p-cpe:/a:redhat:enterprise_linux:ironjacamar-common-impl-eap6", "p-cpe:/a:redhat:enterprise_linux:ironjacamar-common-spi-eap6", "p-cpe:/a:redhat:enterprise_linux:ironjacamar-core-api-eap6", "p-cpe:/a:redhat:enterprise_linux:ironjacamar-core-impl-eap6", "p-cpe:/a:redhat:enterprise_linux:ironjacamar-deployers-common-eap6", "p-cpe:/a:redhat:enterprise_linux:ironjacamar-eap6", "p-cpe:/a:redhat:enterprise_linux:ironjacamar-jdbc-eap6", "p-cpe:/a:redhat:enterprise_linux:ironjacamar-spec-api-eap6", "p-cpe:/a:redhat:enterprise_linux:ironjacamar-validator-eap6", "p-cpe:/a:redhat:enterprise_linux:jboss-as-appclient", "p-cpe:/a:redhat:enterprise_linux:jboss-as-cli", "p-cpe:/a:redhat:enterprise_linux:jboss-as-client-all", "p-cpe:/a:redhat:enterprise_linux:jboss-as-clustering", "p-cpe:/a:redhat:enterprise_linux:jboss-as-cmp", "p-cpe:/a:redhat:enterprise_linux:jboss-as-configadmin", "p-cpe:/a:redhat:enterprise_linux:jboss-as-connector", "p-cpe:/a:redhat:enterprise_linux:jboss-as-console", "p-cpe:/a:redhat:enterprise_linux:jboss-as-controller", "p-cpe:/a:redhat:enterprise_linux:jboss-as-controller-client", "p-cpe:/a:redhat:enterprise_linux:jboss-as-core-security", "p-cpe:/a:redhat:enterprise_linux:jboss-as-deployment-repository", "p-cpe:/a:redhat:enterprise_linux:jboss-as-deployment-scanner", "p-cpe:/a:redhat:enterprise_linux:jboss-as-domain-http", "p-cpe:/a:redhat:enterprise_linux:jboss-as-domain-management", "p-cpe:/a:redhat:enterprise_linux:jboss-as-ee", "p-cpe:/a:redhat:enterprise_linux:jboss-as-ee-deployment", "p-cpe:/a:redhat:enterprise_linux:jboss-as-ejb3", "p-cpe:/a:redhat:enterprise_linux:jboss-as-embedded", "p-cpe:/a:redhat:enterprise_linux:jboss-as-host-controller", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jacorb", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jaxr", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jaxrs", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jdr", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jmx", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jpa", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jsf", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jsr77", "p-cpe:/a:redhat:enterprise_linux:jboss-as-logging", "p-cpe:/a:redhat:enterprise_linux:jboss-as-mail", "p-cpe:/a:redhat:enterprise_linux:jboss-as-management-client-content", "p-cpe:/a:redhat:enterprise_linux:jboss-as-messaging", "p-cpe:/a:redhat:enterprise_linux:jboss-as-modcluster", "p-cpe:/a:redhat:enterprise_linux:jboss-as-naming", "p-cpe:/a:redhat:enterprise_linux:jboss-as-network", "p-cpe:/a:redhat:enterprise_linux:jboss-as-osgi", "p-cpe:/a:redhat:enterprise_linux:jboss-as-osgi-configadmin", "p-cpe:/a:redhat:enterprise_linux:jboss-as-osgi-service", "p-cpe:/a:redhat:enterprise_linux:jboss-as-picketlink", "p-cpe:/a:redhat:enterprise_linux:jboss-as-platform-mbean", "p-cpe:/a:redhat:enterprise_linux:jboss-as-pojo", "p-cpe:/a:redhat:enterprise_linux:jboss-as-process-controller", "p-cpe:/a:redhat:enterprise_linux:jboss-as-protocol", "p-cpe:/a:redhat:enterprise_linux:jboss-as-remoting", "p-cpe:/a:redhat:enterprise_linux:jboss-as-sar", "p-cpe:/a:redhat:enterprise_linux:jboss-as-security", "p-cpe:/a:redhat:enterprise_linux:jboss-as-server", "p-cpe:/a:redhat:enterprise_linux:jboss-as-system-jmx", "p-cpe:/a:redhat:enterprise_linux:jboss-as-threads", "p-cpe:/a:redhat:enterprise_linux:jboss-as-transactions", "p-cpe:/a:redhat:enterprise_linux:jboss-as-version", "p-cpe:/a:redhat:enterprise_linux:jboss-as-web", "p-cpe:/a:redhat:enterprise_linux:jboss-as-webservices", "p-cpe:/a:redhat:enterprise_linux:jboss-as-weld", "p-cpe:/a:redhat:enterprise_linux:jboss-as-xts", "p-cpe:/a:redhat:enterprise_linux:jboss-hal", "p-cpe:/a:redhat:enterprise_linux:jboss-logmanager", "p-cpe:/a:redhat:enterprise_linux:jboss-marshalling", "p-cpe:/a:redhat:enterprise_linux:jboss-modules", "p-cpe:/a:redhat:enterprise_linux:jbossas-appclient", "p-cpe:/a:redhat:enterprise_linux:jbossas-bundles", "p-cpe:/a:redhat:enterprise_linux:jbossas-core", "p-cpe:/a:redhat:enterprise_linux:jbossas-domain", "p-cpe:/a:redhat:enterprise_linux:jbossas-javadocs", "p-cpe:/a:redhat:enterprise_linux:jbossas-modules-eap", "p-cpe:/a:redhat:enterprise_linux:jbossas-product-eap", "p-cpe:/a:redhat:enterprise_linux:jbossas-standalone", "p-cpe:/a:redhat:enterprise_linux:jbossas-welcome-content-eap", "p-cpe:/a:redhat:enterprise_linux:jbossts", "p-cpe:/a:redhat:enterprise_linux:jbossweb", "p-cpe:/a:redhat:enterprise_linux:jgroups", "p-cpe:/a:redhat:enterprise_linux:picketbox", "p-cpe:/a:redhat:enterprise_linux:resteasy", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2017-1550.NASL", "href": "https://www.tenable.com/plugins/nessus/100982", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:1550. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100982);\n script_version(\"3.7\");\n script_cvs_date(\"Date: 2019/10/24 15:35:43\");\n\n script_cve_id(\"CVE-2016-5018\", \"CVE-2016-6796\", \"CVE-2017-2595\");\n script_xref(name:\"RHSA\", value:\"2017:1550\");\n\n script_name(english:\"RHEL 5 : JBoss EAP (RHSA-2017:1550)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update is now available for Red Hat JBoss Enterprise Application\nPlatform 6.4 for RHEL 5.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nRed Hat JBoss Enterprise Application Platform is a platform for Java\napplications based on the JBoss Application Server.\n\nThis release of Red Hat JBoss Enterprise Application Platform 6.4.16\nserves as a replacement for Red Hat JBoss Enterprise Application\nPlatform 6.4.15, and includes bug fixes and enhancements, which are\ndocumented in the Release Notes document linked to in the References.\n\nSecurity Fix(es) :\n\n* It was found that the log file viewer in Red Hat JBoss Enterprise\nApplication 6 and 7 allows arbitrary file read to authenticated user\nvia path traversal. (CVE-2017-2595)\n\n* It was discovered that a malicious web application could bypass a\nconfigured SecurityManager via a Tomcat utility method that was\naccessible to web applications. (CVE-2016-5018)\n\n* It was discovered that a malicious web application could bypass a\nconfigured SecurityManager via manipulation of the configuration\nparameters for the JSP Servlet. (CVE-2016-6796)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2016-5018.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2016-6796.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2017-2595.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/documentation/en/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2017-1550.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hornetq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ironjacamar-common-api-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ironjacamar-common-impl-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ironjacamar-common-spi-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ironjacamar-core-api-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ironjacamar-core-impl-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ironjacamar-deployers-common-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ironjacamar-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ironjacamar-jdbc-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ironjacamar-spec-api-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ironjacamar-validator-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-appclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-client-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-clustering\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-cmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-configadmin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-connector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-console\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-controller\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-controller-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-core-security\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-deployment-repository\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-deployment-scanner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-domain-http\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-domain-management\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-ee\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-ee-deployment\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-ejb3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-host-controller\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-jacorb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-jaxr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-jaxrs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-jdr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-jmx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-jpa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-jsf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-jsr77\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-logging\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-mail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-management-client-content\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-messaging\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-modcluster\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-naming\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-osgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-osgi-configadmin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-osgi-service\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-picketlink\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-platform-mbean\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-pojo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-process-controller\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-protocol\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-remoting\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-sar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-security\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-system-jmx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-threads\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-transactions\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-version\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-webservices\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-weld\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-xts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-hal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-logmanager\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-marshalling\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-appclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-domain\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-javadocs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-modules-eap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-product-eap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-standalone\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-welcome-content-eap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jgroups\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:picketbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:resteasy\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:1550\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL5\", rpm:\"jbossas-welcome-content-eap\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"JBoss EAP\");\n\n if (rpm_check(release:\"RHEL5\", reference:\"hornetq-2.3.25-21.SP19_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"ironjacamar-common-api-eap6-1.0.39-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"ironjacamar-common-impl-eap6-1.0.39-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"ironjacamar-common-spi-eap6-1.0.39-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"ironjacamar-core-api-eap6-1.0.39-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"ironjacamar-core-impl-eap6-1.0.39-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"ironjacamar-deployers-common-eap6-1.0.39-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"ironjacamar-eap6-1.0.39-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"ironjacamar-jdbc-eap6-1.0.39-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"ironjacamar-spec-api-eap6-1.0.39-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"ironjacamar-validator-eap6-1.0.39-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-appclient-7.5.16-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-cli-7.5.16-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-client-all-7.5.16-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-clustering-7.5.16-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-cmp-7.5.16-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-configadmin-7.5.16-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-connector-7.5.16-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-console-2.5.17-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-controller-7.5.16-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-controller-client-7.5.16-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-core-security-7.5.16-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-deployment-repository-7.5.16-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-deployment-scanner-7.5.16-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-domain-http-7.5.16-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-domain-management-7.5.16-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-ee-7.5.16-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-ee-deployment-7.5.16-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-ejb3-7.5.16-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-embedded-7.5.16-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-host-controller-7.5.16-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-jacorb-7.5.16-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-jaxr-7.5.16-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-jaxrs-7.5.16-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-jdr-7.5.16-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-jmx-7.5.16-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-jpa-7.5.16-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-jsf-7.5.16-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-jsr77-7.5.16-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-logging-7.5.16-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-mail-7.5.16-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-management-client-content-7.5.16-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-messaging-7.5.16-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-modcluster-7.5.16-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-naming-7.5.16-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-network-7.5.16-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-osgi-7.5.16-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-osgi-configadmin-7.5.16-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-osgi-service-7.5.16-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-picketlink-7.5.16-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-platform-mbean-7.5.16-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-pojo-7.5.16-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-process-controller-7.5.16-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-protocol-7.5.16-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-remoting-7.5.16-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-sar-7.5.16-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-security-7.5.16-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-server-7.5.16-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-system-jmx-7.5.16-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-threads-7.5.16-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-transactions-7.5.16-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-version-7.5.16-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-web-7.5.16-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-webservices-7.5.16-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-weld-7.5.16-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-xts-7.5.16-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-hal-2.5.17-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-logmanager-1.5.7-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-marshalling-1.4.10-2.SP2_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-modules-1.3.9-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossas-appclient-7.5.16-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossas-bundles-7.5.16-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossas-core-7.5.16-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossas-domain-7.5.16-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossas-javadocs-7.5.16-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossas-modules-eap-7.5.16-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossas-product-eap-7.5.16-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossas-standalone-7.5.16-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossas-welcome-content-eap-7.5.16-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossts-4.17.42-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossweb-7.5.23-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jgroups-3.2.17-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"picketbox-4.1.6-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"resteasy-2.3.20-1.Final_redhat_1.1.ep6.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"hornetq / ironjacamar-common-api-eap6 / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:40:44", "description": "An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nRed Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server.\n\nThis release of Red Hat JBoss Enterprise Application Platform 6.4.16 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.15, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es) :\n\n* It was found that the log file viewer in Red Hat JBoss Enterprise Application 6 and 7 allows arbitrary file read to authenticated user via path traversal. (CVE-2017-2595)\n\n* It was discovered that a malicious web application could bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications. (CVE-2016-5018)\n\n* It was discovered that a malicious web application could bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. (CVE-2016-6796)", "cvss3": {}, "published": "2018-09-04T00:00:00", "type": "nessus", "title": "RHEL 7 : JBoss EAP (RHSA-2017:1548)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5018", "CVE-2016-6796", "CVE-2017-2595"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:jbossas-appclient", "p-cpe:/a:redhat:enterprise_linux:hornetq", "p-cpe:/a:redhat:enterprise_linux:ironjacamar-common-api-eap6", "p-cpe:/a:redhat:enterprise_linux:ironjacamar-common-impl-eap6", "p-cpe:/a:redhat:enterprise_linux:ironjacamar-common-spi-eap6", "p-cpe:/a:redhat:enterprise_linux:ironjacamar-core-api-eap6", "p-cpe:/a:redhat:enterprise_linux:ironjacamar-core-impl-eap6", "p-cpe:/a:redhat:enterprise_linux:ironjacamar-deployers-common-eap6", "p-cpe:/a:redhat:enterprise_linux:ironjacamar-eap6", "p-cpe:/a:redhat:enterprise_linux:ironjacamar-jdbc-eap6", "p-cpe:/a:redhat:enterprise_linux:ironjacamar-spec-api-eap6", "p-cpe:/a:redhat:enterprise_linux:ironjacamar-validator-eap6", "p-cpe:/a:redhat:enterprise_linux:jboss-as-appclient", "p-cpe:/a:redhat:enterprise_linux:jboss-as-cli", "p-cpe:/a:redhat:enterprise_linux:jboss-as-client-all", "p-cpe:/a:redhat:enterprise_linux:jboss-as-clustering", "p-cpe:/a:redhat:enterprise_linux:jboss-as-cmp", "p-cpe:/a:redhat:enterprise_linux:jboss-as-configadmin", "p-cpe:/a:redhat:enterprise_linux:jboss-as-connector", "p-cpe:/a:redhat:enterprise_linux:jboss-as-console", "p-cpe:/a:redhat:enterprise_linux:jboss-as-controller", "p-cpe:/a:redhat:enterprise_linux:jboss-as-controller-client", "p-cpe:/a:redhat:enterprise_linux:jboss-as-core-security", "p-cpe:/a:redhat:enterprise_linux:jboss-as-deployment-repository", "p-cpe:/a:redhat:enterprise_linux:jboss-as-deployment-scanner", "p-cpe:/a:redhat:enterprise_linux:jboss-as-domain-http", "p-cpe:/a:redhat:enterprise_linux:jboss-as-domain-management", "p-cpe:/a:redhat:enterprise_linux:jboss-as-ee", "p-cpe:/a:redhat:enterprise_linux:jboss-as-ee-deployment", "p-cpe:/a:redhat:enterprise_linux:jboss-as-ejb3", "p-cpe:/a:redhat:enterprise_linux:jboss-as-embedded", "p-cpe:/a:redhat:enterprise_linux:jboss-as-host-controller", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jacorb", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jaxr", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jaxrs", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jdr", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jmx", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jpa", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jsf", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jsr77", "p-cpe:/a:redhat:enterprise_linux:jboss-as-logging", "p-cpe:/a:redhat:enterprise_linux:jboss-as-mail", "p-cpe:/a:redhat:enterprise_linux:jboss-as-management-client-content", "p-cpe:/a:redhat:enterprise_linux:jboss-as-messaging", "p-cpe:/a:redhat:enterprise_linux:jboss-as-modcluster", "p-cpe:/a:redhat:enterprise_linux:jboss-as-naming", "p-cpe:/a:redhat:enterprise_linux:jboss-as-network", "p-cpe:/a:redhat:enterprise_linux:jboss-as-osgi", "p-cpe:/a:redhat:enterprise_linux:jboss-as-osgi-configadmin", "p-cpe:/a:redhat:enterprise_linux:jboss-as-osgi-service", "p-cpe:/a:redhat:enterprise_linux:jbossas-bundles", "p-cpe:/a:redhat:enterprise_linux:jbossas-core", "p-cpe:/a:redhat:enterprise_linux:jbossas-domain", "p-cpe:/a:redhat:enterprise_linux:jbossas-javadocs", "p-cpe:/a:redhat:enterprise_linux:jbossas-modules-eap", "p-cpe:/a:redhat:enterprise_linux:jbossas-product-eap", "p-cpe:/a:redhat:enterprise_linux:jbossas-standalone", "p-cpe:/a:redhat:enterprise_linux:jbossas-welcome-content-eap", "p-cpe:/a:redhat:enterprise_linux:jbossts", "p-cpe:/a:redhat:enterprise_linux:jbossweb", "p-cpe:/a:redhat:enterprise_linux:jgroups", "p-cpe:/a:redhat:enterprise_linux:picketbox", "p-cpe:/a:redhat:enterprise_linux:resteasy", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:jboss-as-picketlink", "p-cpe:/a:redhat:enterprise_linux:jboss-as-platform-mbean", "p-cpe:/a:redhat:enterprise_linux:jboss-as-pojo", "p-cpe:/a:redhat:enterprise_linux:jboss-as-process-controller", "p-cpe:/a:redhat:enterprise_linux:jboss-as-protocol", "p-cpe:/a:redhat:enterprise_linux:jboss-as-remoting", "p-cpe:/a:redhat:enterprise_linux:jboss-as-sar", "p-cpe:/a:redhat:enterprise_linux:jboss-as-security", "p-cpe:/a:redhat:enterprise_linux:jboss-as-server", "p-cpe:/a:redhat:enterprise_linux:jboss-as-system-jmx", "p-cpe:/a:redhat:enterprise_linux:jboss-as-threads", "p-cpe:/a:redhat:enterprise_linux:jboss-as-transactions", "p-cpe:/a:redhat:enterprise_linux:jboss-as-version", "p-cpe:/a:redhat:enterprise_linux:jboss-as-web", "p-cpe:/a:redhat:enterprise_linux:jboss-as-webservices", "p-cpe:/a:redhat:enterprise_linux:jboss-as-weld", "p-cpe:/a:redhat:enterprise_linux:jboss-as-xts", "p-cpe:/a:redhat:enterprise_linux:jboss-hal", "p-cpe:/a:redhat:enterprise_linux:jboss-logmanager", "p-cpe:/a:redhat:enterprise_linux:jboss-marshalling", "p-cpe:/a:redhat:enterprise_linux:jboss-modules"], "id": "REDHAT-RHSA-2017-1548.NASL", "href": "https://www.tenable.com/plugins/nessus/112260", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:1548. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(112260);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/10/24 15:35:43\");\n\n script_cve_id(\"CVE-2016-5018\", \"CVE-2016-6796\", \"CVE-2017-2595\");\n script_xref(name:\"RHSA\", value:\"2017:1548\");\n\n script_name(english:\"RHEL 7 : JBoss EAP (RHSA-2017:1548)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update is now available for Red Hat JBoss Enterprise Application\nPlatform 6.4 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nRed Hat JBoss Enterprise Application Platform is a platform for Java\napplications based on the JBoss Application Server.\n\nThis release of Red Hat JBoss Enterprise Application Platform 6.4.16\nserves as a replacement for Red Hat JBoss Enterprise Application\nPlatform 6.4.15, and includes bug fixes and enhancements, which are\ndocumented in the Release Notes document linked to in the References.\n\nSecurity Fix(es) :\n\n* It was found that the log file viewer in Red Hat JBoss Enterprise\nApplication 6 and 7 allows arbitrary file read to authenticated user\nvia path traversal. (CVE-2017-2595)\n\n* It was discovered that a malicious web application could bypass a\nconfigured SecurityManager via a Tomcat utility method that was\naccessible to web applications. (CVE-2016-5018)\n\n* It was discovered that a malicious web application could bypass a\nconfigured SecurityManager via manipulation of the configuration\nparameters for the JSP Servlet. (CVE-2016-6796)\"\n );\n # https://access.redhat.com/documentation/en/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/documentation/en-us/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:1548\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5018\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6796\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-2595\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hornetq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ironjacamar-common-api-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ironjacamar-common-impl-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ironjacamar-common-spi-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ironjacamar-core-api-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ironjacamar-core-impl-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ironjacamar-deployers-common-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ironjacamar-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ironjacamar-jdbc-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ironjacamar-spec-api-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ironjacamar-validator-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-appclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-client-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-clustering\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-cmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-configadmin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-connector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-console\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-controller\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-controller-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-core-security\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-deployment-repository\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-deployment-scanner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-domain-http\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-domain-management\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-ee\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-ee-deployment\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-ejb3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-host-controller\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-jacorb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-jaxr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-jaxrs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-jdr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-jmx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-jpa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-jsf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-jsr77\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-logging\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-mail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-management-client-content\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-messaging\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-modcluster\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-naming\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-osgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-osgi-configadmin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-osgi-service\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-picketlink\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-platform-mbean\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-pojo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-process-controller\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-protocol\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-remoting\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-sar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-security\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-system-jmx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-threads\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-transactions\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-version\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-webservices\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-weld\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-xts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-hal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-logmanager\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-marshalling\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-appclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-domain\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-javadocs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-modules-eap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-product-eap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-standalone\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-welcome-content-eap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jgroups\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:picketbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:resteasy\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:1548\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL7\", rpm:\"jbossas-welcome-content-eap\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"JBoss EAP\");\n\n if (rpm_check(release:\"RHEL7\", reference:\"hornetq-2.3.25-21.SP19_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"ironjacamar-common-api-eap6-1.0.39-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"ironjacamar-common-impl-eap6-1.0.39-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"ironjacamar-common-spi-eap6-1.0.39-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"ironjacamar-core-api-eap6-1.0.39-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"ironjacamar-core-impl-eap6-1.0.39-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"ironjacamar-deployers-common-eap6-1.0.39-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"ironjacamar-eap6-1.0.39-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"ironjacamar-jdbc-eap6-1.0.39-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"ironjacamar-spec-api-eap6-1.0.39-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"ironjacamar-validator-eap6-1.0.39-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-appclient-7.5.16-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-cli-7.5.16-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-client-all-7.5.16-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-clustering-7.5.16-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-cmp-7.5.16-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-configadmin-7.5.16-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-connector-7.5.16-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-console-2.5.17-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-controller-7.5.16-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-controller-client-7.5.16-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-core-security-7.5.16-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-deployment-repository-7.5.16-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-deployment-scanner-7.5.16-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-domain-http-7.5.16-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-domain-management-7.5.16-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-ee-7.5.16-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-ee-deployment-7.5.16-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-ejb3-7.5.16-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-embedded-7.5.16-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-host-controller-7.5.16-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-jacorb-7.5.16-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-jaxr-7.5.16-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-jaxrs-7.5.16-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-jdr-7.5.16-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-jmx-7.5.16-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-jpa-7.5.16-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-jsf-7.5.16-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-jsr77-7.5.16-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-logging-7.5.16-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-mail-7.5.16-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-management-client-content-7.5.16-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-messaging-7.5.16-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-modcluster-7.5.16-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-naming-7.5.16-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-network-7.5.16-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-osgi-7.5.16-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-osgi-configadmin-7.5.16-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-osgi-service-7.5.16-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-picketlink-7.5.16-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-platform-mbean-7.5.16-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-pojo-7.5.16-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-process-controller-7.5.16-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-protocol-7.5.16-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-remoting-7.5.16-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-sar-7.5.16-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-security-7.5.16-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-server-7.5.16-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-system-jmx-7.5.16-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-threads-7.5.16-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-transactions-7.5.16-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-version-7.5.16-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-web-7.5.16-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-webservices-7.5.16-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-weld-7.5.16-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-xts-7.5.16-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-hal-2.5.17-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-logmanager-1.5.7-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-marshalling-1.4.10-2.SP2_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-modules-1.3.9-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jbossas-appclient-7.5.16-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jbossas-bundles-7.5.16-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jbossas-core-7.5.16-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jbossas-domain-7.5.16-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jbossas-javadocs-7.5.16-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jbossas-modules-eap-7.5.16-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jbossas-product-eap-7.5.16-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jbossas-standalone-7.5.16-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jbossas-welcome-content-eap-7.5.16-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jbossts-4.17.42-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jbossweb-7.5.23-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jgroups-3.2.17-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"picketbox-4.1.6-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"resteasy-2.3.20-1.Final_redhat_1.1.ep6.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"hornetq / ironjacamar-common-api-eap6 / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:14:18", "description": "An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nRed Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server.\n\nThis release of Red Hat JBoss Enterprise Application Platform 6.4.16 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.15, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es) :\n\n* It was found that the log file viewer in Red Hat JBoss Enterprise Application 6 and 7 allows arbitrary file read to authenticated user via path traversal. (CVE-2017-2595)\n\n* It was discovered that a malicious web application could bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications. (CVE-2016-5018)\n\n* It was discovered that a malicious web application could bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. (CVE-2016-6796)", "cvss3": {}, "published": "2017-06-22T00:00:00", "type": "nessus", "title": "RHEL 6 : JBoss EAP (RHSA-2017:1549)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5018", "CVE-2016-6796", "CVE-2017-2595"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:hornetq", "p-cpe:/a:redhat:enterprise_linux:ironjacamar-common-api-eap6", "p-cpe:/a:redhat:enterprise_linux:ironjacamar-common-impl-eap6", "p-cpe:/a:redhat:enterprise_linux:ironjacamar-common-spi-eap6", "p-cpe:/a:redhat:enterprise_linux:ironjacamar-core-api-eap6", "p-cpe:/a:redhat:enterprise_linux:ironjacamar-core-impl-eap6", "p-cpe:/a:redhat:enterprise_linux:ironjacamar-deployers-common-eap6", "p-cpe:/a:redhat:enterprise_linux:ironjacamar-eap6", "p-cpe:/a:redhat:enterprise_linux:ironjacamar-jdbc-eap6", "p-cpe:/a:redhat:enterprise_linux:ironjacamar-spec-api-eap6", "p-cpe:/a:redhat:enterprise_linux:ironjacamar-validator-eap6", "p-cpe:/a:redhat:enterprise_linux:jboss-as-appclient", "p-cpe:/a:redhat:enterprise_linux:jboss-as-cli", "p-cpe:/a:redhat:enterprise_linux:jboss-as-client-all", "p-cpe:/a:redhat:enterprise_linux:jboss-as-clustering", "p-cpe:/a:redhat:enterprise_linux:jboss-as-cmp", "p-cpe:/a:redhat:enterprise_linux:jboss-as-configadmin", "p-cpe:/a:redhat:enterprise_linux:jboss-as-connector", "p-cpe:/a:redhat:enterprise_linux:jboss-as-console", "p-cpe:/a:redhat:enterprise_linux:jboss-as-controller", "p-cpe:/a:redhat:enterprise_linux:jboss-as-controller-client", "p-cpe:/a:redhat:enterprise_linux:jboss-as-core-security", "p-cpe:/a:redhat:enterprise_linux:jboss-as-deployment-repository", "p-cpe:/a:redhat:enterprise_linux:jboss-as-deployment-scanner", "p-cpe:/a:redhat:enterprise_linux:jboss-as-domain-http", "p-cpe:/a:redhat:enterprise_linux:jboss-as-domain-management", "p-cpe:/a:redhat:enterprise_linux:jboss-as-ee", "p-cpe:/a:redhat:enterprise_linux:jboss-as-ee-deployment", "p-cpe:/a:redhat:enterprise_linux:jboss-as-ejb3", "p-cpe:/a:redhat:enterprise_linux:jboss-as-embedded", "p-cpe:/a:redhat:enterprise_linux:jboss-as-host-controller", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jacorb", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jaxr", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jaxrs", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jdr", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jmx", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jpa", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jsf", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jsr77", "p-cpe:/a:redhat:enterprise_linux:jboss-as-logging", "p-cpe:/a:redhat:enterprise_linux:jboss-as-mail", "p-cpe:/a:redhat:enterprise_linux:jboss-as-management-client-content", "p-cpe:/a:redhat:enterprise_linux:jboss-as-messaging", "p-cpe:/a:redhat:enterprise_linux:jboss-as-modcluster", "p-cpe:/a:redhat:enterprise_linux:jboss-as-naming", "p-cpe:/a:redhat:enterprise_linux:jboss-as-network", "p-cpe:/a:redhat:enterprise_linux:jboss-as-osgi", "p-cpe:/a:redhat:enterprise_linux:jboss-as-osgi-configadmin", "p-cpe:/a:redhat:enterprise_linux:jboss-as-osgi-service", "p-cpe:/a:redhat:enterprise_linux:jboss-as-picketlink", "p-cpe:/a:redhat:enterprise_linux:jboss-as-platform-mbean", "p-cpe:/a:redhat:enterprise_linux:jboss-as-pojo", "p-cpe:/a:redhat:enterprise_linux:jboss-as-process-controller", "p-cpe:/a:redhat:enterprise_linux:jboss-as-protocol", "p-cpe:/a:redhat:enterprise_linux:jboss-as-remoting", "p-cpe:/a:redhat:enterprise_linux:jboss-as-sar", "p-cpe:/a:redhat:enterprise_linux:jboss-as-security", "p-cpe:/a:redhat:enterprise_linux:jboss-as-server", "p-cpe:/a:redhat:enterprise_linux:jboss-as-system-jmx", "p-cpe:/a:redhat:enterprise_linux:jboss-as-threads", "p-cpe:/a:redhat:enterprise_linux:jboss-as-transactions", "p-cpe:/a:redhat:enterprise_linux:jboss-as-version", "p-cpe:/a:redhat:enterprise_linux:jboss-as-web", "p-cpe:/a:redhat:enterprise_linux:jboss-as-webservices", "p-cpe:/a:redhat:enterprise_linux:jboss-as-weld", "p-cpe:/a:redhat:enterprise_linux:jboss-as-xts", "p-cpe:/a:redhat:enterprise_linux:jboss-hal", "p-cpe:/a:redhat:enterprise_linux:jboss-logmanager", "p-cpe:/a:redhat:enterprise_linux:jbossas-welcome-content-eap", "p-cpe:/a:redhat:enterprise_linux:jbossts", "p-cpe:/a:redhat:enterprise_linux:jbossweb", "p-cpe:/a:redhat:enterprise_linux:jgroups", "p-cpe:/a:redhat:enterprise_linux:picketbox", "p-cpe:/a:redhat:enterprise_linux:resteasy", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:jboss-marshalling", "p-cpe:/a:redhat:enterprise_linux:jboss-modules", "p-cpe:/a:redhat:enterprise_linux:jbossas-appclient", "p-cpe:/a:redhat:enterprise_linux:jbossas-bundles", "p-cpe:/a:redhat:enterprise_linux:jbossas-core", "p-cpe:/a:redhat:enterprise_linux:jbossas-domain", "p-cpe:/a:redhat:enterprise_linux:jbossas-javadocs", "p-cpe:/a:redhat:enterprise_linux:jbossas-modules-eap", "p-cpe:/a:redhat:enterprise_linux:jbossas-product-eap", "p-cpe:/a:redhat:enterprise_linux:jbossas-standalone"], "id": "REDHAT-RHSA-2017-1549.NASL", "href": "https://www.tenable.com/plugins/nessus/100981", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:1549. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100981);\n script_version(\"3.12\");\n script_cvs_date(\"Date: 2019/10/24 15:35:43\");\n\n script_cve_id(\"CVE-2016-5018\", \"CVE-2016-6796\", \"CVE-2017-2595\");\n script_xref(name:\"RHSA\", value:\"2017:1549\");\n\n script_name(english:\"RHEL 6 : JBoss EAP (RHSA-2017:1549)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update is now available for Red Hat JBoss Enterprise Application\nPlatform 6.4 for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nRed Hat JBoss Enterprise Application Platform is a platform for Java\napplications based on the JBoss Application Server.\n\nThis release of Red Hat JBoss Enterprise Application Platform 6.4.16\nserves as a replacement for Red Hat JBoss Enterprise Application\nPlatform 6.4.15, and includes bug fixes and enhancements, which are\ndocumented in the Release Notes document linked to in the References.\n\nSecurity Fix(es) :\n\n* It was found that the log file viewer in Red Hat JBoss Enterprise\nApplication 6 and 7 allows arbitrary file read to authenticated user\nvia path traversal. (CVE-2017-2595)\n\n* It was discovered that a malicious web application could bypass a\nconfigured SecurityManager via a Tomcat utility method that was\naccessible to web applications. (CVE-2016-5018)\n\n* It was discovered that a malicious web application could bypass a\nconfigured SecurityManager via manipulation of the configuration\nparameters for the JSP Servlet. (CVE-2016-6796)\"\n );\n # https://access.redhat.com/documentation/en/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/documentation/en-us/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:1549\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5018\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6796\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-2595\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hornetq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ironjacamar-common-api-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ironjacamar-common-impl-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ironjacamar-common-spi-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ironjacamar-core-api-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ironjacamar-core-impl-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ironjacamar-deployers-common-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ironjacamar-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ironjacamar-jdbc-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ironjacamar-spec-api-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ironjacamar-validator-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-appclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-client-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-clustering\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-cmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-configadmin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-connector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-console\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-controller\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-controller-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-core-security\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-deployment-repository\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-deployment-scanner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-domain-http\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-domain-management\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-ee\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-ee-deployment\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-ejb3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-host-controller\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-jacorb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-jaxr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-jaxrs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-jdr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-jmx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-jpa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-jsf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-jsr77\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-logging\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-mail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-management-client-content\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-messaging\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-modcluster\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-naming\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-osgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-osgi-configadmin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-osgi-service\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-picketlink\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-platform-mbean\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-pojo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-process-controller\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-protocol\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-remoting\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-sar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-security\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-system-jmx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-threads\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-transactions\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-version\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-webservices\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-weld\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-xts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-hal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-logmanager\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-marshalling\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-appclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-domain\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-javadocs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-modules-eap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-product-eap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-standalone\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-welcome-content-eap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jgroups\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:picketbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:resteasy\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:1549\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL6\", rpm:\"jbossas-welcome-content-eap\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"JBoss EAP\");\n\n if (rpm_check(release:\"RHEL6\", reference:\"hornetq-2.3.25-21.SP19_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"ironjacamar-common-api-eap6-1.0.39-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"ironjacamar-common-impl-eap6-1.0.39-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"ironjacamar-common-spi-eap6-1.0.39-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"ironjacamar-core-api-eap6-1.0.39-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"ironjacamar-core-impl-eap6-1.0.39-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"ironjacamar-deployers-common-eap6-1.0.39-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"ironjacamar-eap6-1.0.39-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"ironjacamar-jdbc-eap6-1.0.39-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"ironjacamar-spec-api-eap6-1.0.39-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"ironjacamar-validator-eap6-1.0.39-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-appclient-7.5.16-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-cli-7.5.16-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-client-all-7.5.16-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-clustering-7.5.16-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-cmp-7.5.16-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-configadmin-7.5.16-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-connector-7.5.16-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-console-2.5.17-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-controller-7.5.16-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-controller-client-7.5.16-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-core-security-7.5.16-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-deployment-repository-7.5.16-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-deployment-scanner-7.5.16-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-domain-http-7.5.16-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-domain-management-7.5.16-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-ee-7.5.16-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-ee-deployment-7.5.16-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-ejb3-7.5.16-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-embedded-7.5.16-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-host-controller-7.5.16-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-jacorb-7.5.16-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-jaxr-7.5.16-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-jaxrs-7.5.16-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-jdr-7.5.16-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-jmx-7.5.16-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-jpa-7.5.16-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-jsf-7.5.16-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-jsr77-7.5.16-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-logging-7.5.16-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-mail-7.5.16-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-management-client-content-7.5.16-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-messaging-7.5.16-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-modcluster-7.5.16-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-naming-7.5.16-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-network-7.5.16-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-osgi-7.5.16-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-osgi-configadmin-7.5.16-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-osgi-service-7.5.16-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-picketlink-7.5.16-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-platform-mbean-7.5.16-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-pojo-7.5.16-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-process-controller-7.5.16-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-protocol-7.5.16-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-remoting-7.5.16-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-sar-7.5.16-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-security-7.5.16-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-server-7.5.16-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-system-jmx-7.5.16-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-threads-7.5.16-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-transactions-7.5.16-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-version-7.5.16-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-web-7.5.16-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-webservices-7.5.16-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-weld-7.5.16-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-xts-7.5.16-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-hal-2.5.17-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-logmanager-1.5.7-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-marshalling-1.4.10-2.SP2_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-modules-1.3.9-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossas-appclient-7.5.16-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossas-bundles-7.5.16-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossas-core-7.5.16-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossas-domain-7.5.16-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossas-javadocs-7.5.16-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossas-modules-eap-7.5.16-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossas-product-eap-7.5.16-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossas-standalone-7.5.16-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossas-welcome-content-eap-7.5.16-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossts-4.17.42-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossweb-7.5.23-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jgroups-3.2.17-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"picketbox-4.1.6-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"resteasy-2.3.20-1.Final_redhat_1.1.ep6.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"hornetq / ironjacamar-common-api-eap6 / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:20:55", "description": "An update for jboss-ec2-eap is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services (AWS) Elastic Compute Cloud (EC2).\n\nWith this update, the jboss-ec2-eap package has been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 6.4.16.\n\nSecurity Fix(es) :\n\n* It was found that the log file viewer in Red Hat JBoss Enterprise Application 6 and 7 allows arbitrary file read to authenticated user via path traversal. (CVE-2017-2595)\n\n* It was discovered that a malicious web application could bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications. (CVE-2016-5018)\n\n* It was discovered that a malicious web application could bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. (CVE-2016-6796)", "cvss3": {}, "published": "2017-06-21T00:00:00", "type": "nessus", "title": "RHEL 6 : jboss-ec2-eap (RHSA-2017:1552)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5018", "CVE-2016-6796", "CVE-2017-2595"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:jboss-ec2-eap", "p-cpe:/a:redhat:enterprise_linux:jboss-ec2-eap-samples", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2017-1552.NASL", "href": "https://www.tenable.com/plugins/nessus/100949", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:1552. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100949);\n script_version(\"3.12\");\n script_cvs_date(\"Date: 2019/10/24 15:35:43\");\n\n script_cve_id(\"CVE-2016-5018\", \"CVE-2016-6796\", \"CVE-2017-2595\");\n script_xref(name:\"RHSA\", value:\"2017:1552\");\n\n script_name(english:\"RHEL 6 : jboss-ec2-eap (RHSA-2017:1552)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for jboss-ec2-eap is now available for Red Hat JBoss\nEnterprise Application Platform 6.4 for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe jboss-ec2-eap packages provide scripts for Red Hat JBoss\nEnterprise Application Platform running on the Amazon Web Services\n(AWS) Elastic Compute Cloud (EC2).\n\nWith this update, the jboss-ec2-eap package has been updated to ensure\ncompatibility with Red Hat JBoss Enterprise Application Platform\n6.4.16.\n\nSecurity Fix(es) :\n\n* It was found that the log file viewer in Red Hat JBoss Enterprise\nApplication 6 and 7 allows arbitrary file read to authenticated user\nvia path traversal. (CVE-2017-2595)\n\n* It was discovered that a malicious web application could bypass a\nconfigured SecurityManager via a Tomcat utility method that was\naccessible to web applications. (CVE-2016-5018)\n\n* It was discovered that a malicious web application could bypass a\nconfigured SecurityManager via manipulation of the configuration\nparameters for the JSP Servlet. (CVE-2016-6796)\"\n );\n # https://access.redhat.com/documentation/en/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/documentation/en-us/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:1552\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5018\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6796\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-2595\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected jboss-ec2-eap and / or jboss-ec2-eap-samples\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ec2-eap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ec2-eap-samples\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:1552\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-ec2-eap-7.5.16-1.Final_redhat_1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-ec2-eap-samples-7.5.16-1.Final_redhat_1.ep6.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"jboss-ec2-eap / jboss-ec2-eap-samples\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:30:46", "description": "Paul Szabo discovered a potential privilege escalation that could be exploited in the situation envisaged in DLA-622-1. This update also addresses several regressions stemming from incomplete fixes for CVE-2015-5345, CVE-2016-5018 and CVE-2016-6797.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 7.0.28-4+deb7u8.\n\nWe recommend that you upgrade your tomcat7 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-12-20T00:00:00", "type": "nessus", "title": "Debian DLA-753-1 : tomcat7 security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5345", "CVE-2016-5018", "CVE-2016-6797", "CVE-2016-9774"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libservlet3.0-java", "p-cpe:/a:debian:debian_linux:libservlet3.0-java-doc", "p-cpe:/a:debian:debian_linux:libtomcat7-java", "p-cpe:/a:debian:debian_linux:tomcat7", "p-cpe:/a:debian:debian_linux:tomcat7-admin", "p-cpe:/a:debian:debian_linux:tomcat7-common", "p-cpe:/a:debian:debian_linux:tomcat7-docs", "p-cpe:/a:debian:debian_linux:tomcat7-examples", "p-cpe:/a:debian:debian_linux:tomcat7-user", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-753.NASL", "href": "https://www.tenable.com/plugins/nessus/96014", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-753-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96014);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-9774\");\n\n script_name(english:\"Debian DLA-753-1 : tomcat7 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Paul Szabo discovered a potential privilege escalation that could be\nexploited in the situation envisaged in DLA-622-1. This update also\naddresses several regressions stemming from incomplete fixes for\nCVE-2015-5345, CVE-2016-5018 and CVE-2016-6797.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n7.0.28-4+deb7u8.\n\nWe recommend that you upgrade your tomcat7 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2016/12/msg00029.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/tomcat7\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libservlet3.0-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libservlet3.0-java-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libtomcat7-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat7-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat7-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat7-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat7-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat7-user\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libservlet3.0-java\", reference:\"7.0.28-4+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libservlet3.0-java-doc\", reference:\"7.0.28-4+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libtomcat7-java\", reference:\"7.0.28-4+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat7\", reference:\"7.0.28-4+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat7-admin\", reference:\"7.0.28-4+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat7-common\", reference:\"7.0.28-4+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat7-docs\", reference:\"7.0.28-4+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat7-examples\", reference:\"7.0.28-4+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat7-user\", reference:\"7.0.28-4+deb7u8\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:25:27", "description": "Tomcat's CGI support used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request (known as the 'httpoxy' class of vulnerabilities).", "cvss3": {}, "published": "2016-07-21T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : tomcat6 / tomcat7,tomcat8 (ALAS-2016-722) (httpoxy)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5388"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:tomcat6", "p-cpe:/a:amazon:linux:tomcat6-admin-webapps", "p-cpe:/a:amazon:linux:tomcat6-docs-webapp", "p-cpe:/a:amazon:linux:tomcat6-el-2.1-api", "p-cpe:/a:amazon:linux:tomcat6-javadoc", "p-cpe:/a:amazon:linux:tomcat6-jsp-2.1-api", "p-cpe:/a:amazon:linux:tomcat6-lib", "p-cpe:/a:amazon:linux:tomcat6-servlet-2.5-api", "p-cpe:/a:amazon:linux:tomcat6-webapps", "p-cpe:/a:amazon:linux:tomcat7", "p-cpe:/a:amazon:linux:tomcat7-admin-webapps", "p-cpe:/a:amazon:linux:tomcat7-docs-webapp", "p-cpe:/a:amazon:linux:tomcat7-el-2.2-api", "p-cpe:/a:amazon:linux:tomcat7-javadoc", "p-cpe:/a:amazon:linux:tomcat7-jsp-2.2-api", "p-cpe:/a:amazon:linux:tomcat7-lib", "p-cpe:/a:amazon:linux:tomcat7-log4j", "p-cpe:/a:amazon:linux:tomcat7-servlet-3.0-api", "p-cpe:/a:amazon:linux:tomcat7-webapps", "p-cpe:/a:amazon:linux:tomcat8", "p-cpe:/a:amazon:linux:tomcat8-admin-webapps", "p-cpe:/a:amazon:linux:tomcat8-docs-webapp", "p-cpe:/a:amazon:linux:tomcat8-el-3.0-api", "p-cpe:/a:amazon:linux:tomcat8-javadoc", "p-cpe:/a:amazon:linux:tomcat8-jsp-2.3-api", "p-cpe:/a:amazon:linux:tomcat8-lib", "p-cpe:/a:amazon:linux:tomcat8-log4j", "p-cpe:/a:amazon:linux:tomcat8-servlet-3.1-api", "p-cpe:/a:amazon:linux:tomcat8-webapps", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2016-722.NASL", "href": "https://www.tenable.com/plugins/nessus/92469", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2016-722.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92469);\n script_version(\"2.4\");\n script_cvs_date(\"Date: 2018/04/18 15:09:36\");\n\n script_cve_id(\"CVE-2016-5388\");\n script_xref(name:\"ALAS\", value:\"2016-722\");\n\n script_name(english:\"Amazon Linux AMI : tomcat6 / tomcat7,tomcat8 (ALAS-2016-722) (httpoxy)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Tomcat's CGI support used the value of the Proxy header from HTTP\nrequests to initialize the HTTP_PROXY environment variable for CGI\nscripts, which in turn was incorrectly used by certain HTTP client\nimplementations to configure the proxy for outgoing HTTP requests. A\nremote attacker could possibly use this flaw to redirect HTTP requests\nperformed by a CGI script to an attacker-controlled proxy via a\nmalicious HTTP request (known as the 'httpoxy' class of\nvulnerabilities).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://httpoxy.org/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2016-722.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Run 'yum update tomcat6' to update your system.\n\nRun 'yum update tomcat7' to update your system.\n\nRun 'yum update tomcat8' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-el-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-jsp-2.3-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-servlet-3.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/20\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-6.0.45-1.5.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-admin-webapps-6.0.45-1.5.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-docs-webapp-6.0.45-1.5.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-el-2.1-api-6.0.45-1.5.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-javadoc-6.0.45-1.5.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-jsp-2.1-api-6.0.45-1.5.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-lib-6.0.45-1.5.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-servlet-2.5-api-6.0.45-1.5.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-webapps-6.0.45-1.5.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-7.0.69-1.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-admin-webapps-7.0.69-1.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-docs-webapp-7.0.69-1.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-el-2.2-api-7.0.69-1.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-javadoc-7.0.69-1.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-jsp-2.2-api-7.0.69-1.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-lib-7.0.69-1.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-log4j-7.0.69-1.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-servlet-3.0-api-7.0.69-1.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-webapps-7.0.69-1.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-8.0.35-1.61.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-admin-webapps-8.0.35-1.61.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-docs-webapp-8.0.35-1.61.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-el-3.0-api-8.0.35-1.61.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-javadoc-8.0.35-1.61.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-jsp-2.3-api-8.0.35-1.61.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-lib-8.0.35-1.61.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-log4j-8.0.35-1.61.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-servlet-3.1-api-8.0.35-1.61.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-webapps-8.0.35-1.61.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-07-02T17:04:15", "description": "The last security update introduced a regression due to the use of StringManager in the ResourceLinkFactory class. The code was removed again since it is not strictly required to resolve CVE-2016-6797.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 6.0.45+dfsg-1~deb7u5.\n\nWe recommend that you upgrade your tomcat6 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-12-20T00:00:00", "type": "nessus", "title": "Debian DLA-746-2 : tomcat6 regression update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6797"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libservlet2.4-java", "p-cpe:/a:debian:debian_linux:libservlet2.5-java", "p-cpe:/a:debian:debian_linux:libservlet2.5-java-doc", "p-cpe:/a:debian:debian_linux:libtomcat6-java", "p-cpe:/a:debian:debian_linux:tomcat6", "p-cpe:/a:debian:debian_linux:tomcat6-admin", "p-cpe:/a:debian:debian_linux:tomcat6-common", "p-cpe:/a:debian:debian_linux:tomcat6-docs", "p-cpe:/a:debian:debian_linux:tomcat6-examples", "p-cpe:/a:debian:debian_linux:tomcat6-extras", "p-cpe:/a:debian:debian_linux:tomcat6-user", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-746.NASL", "href": "https://www.tenable.com/plugins/nessus/96007", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-746-2. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96007);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_name(english:\"Debian DLA-746-2 : tomcat6 regression update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The last security update introduced a regression due to the use of\nStringManager in the ResourceLinkFactory class. The code was removed\nagain since it is not strictly required to resolve CVE-2016-6797.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n6.0.45+dfsg-1~deb7u5.\n\nWe recommend that you upgrade your tomcat6 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2016/12/msg00028.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/tomcat6\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libservlet2.4-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libservlet2.5-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libservlet2.5-java-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libtomcat6-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat6-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat6-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat6-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat6-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat6-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat6-user\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libservlet2.4-java\", reference:\"6.0.45+dfsg-1~deb7u5\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libservlet2.5-java\", reference:\"6.0.45+dfsg-1~deb7u5\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libservlet2.5-java-doc\", reference:\"6.0.45+dfsg-1~deb7u5\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libtomcat6-java\", reference:\"6.0.45+dfsg-1~deb7u5\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat6\", reference:\"6.0.45+dfsg-1~deb7u5\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat6-admin\", reference:\"6.0.45+dfsg-1~deb7u5\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat6-common\", reference:\"6.0.45+dfsg-1~deb7u5\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat6-docs\", reference:\"6.0.45+dfsg-1~deb7u5\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat6-examples\", reference:\"6.0.45+dfsg-1~deb7u5\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat6-extras\", reference:\"6.0.45+dfsg-1~deb7u5\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat6-user\", reference:\"6.0.45+dfsg-1~deb7u5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:28:58", "description": "An update for tomcat6 is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. (CVE-2016-6325)\n\n* It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session. (CVE-2016-0714)\n\n* It was discovered that tomcat used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-5388)\n\n* A directory traversal flaw was found in Tomcat's RequestUtil.java. A remote, authenticated user could use this flaw to bypass intended SecurityManager restrictions and list a parent directory via a '/..' in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory. (CVE-2015-5174)\n\n* It was found that Tomcat could reveal the presence of a directory even when that directory was protected by a security constraint. A user could make a request to a directory via a URL not ending with a slash and, depending on whether Tomcat redirected that request, could confirm whether that directory existed. (CVE-2015-5345)\n\n* It was found that Tomcat allowed the StatusManagerServlet to be loaded by a web application when a security manager was configured.\nThis allowed a web application to list all deployed web applications and expose sensitive information such as session IDs. (CVE-2016-0706)\n\nRed Hat would like to thank Scott Geary (VendHQ) for reporting CVE-2016-5388. The CVE-2016-6325 issue was discovered by Red Hat Product Security.\n\nBug Fix(es) :\n\n* Due to a bug in the tomcat6 spec file, the catalina.out file's md5sum, size, and mtime attributes were compared to the file's attributes at installation time. Because these attributes change after the service is started, the 'rpm -V' command previously failed. With this update, the attributes mentioned above are ignored in the RPM verification and the catalina.out file now passes the verification check. (BZ#1357123)", "cvss3": {}, "published": "2016-10-12T00:00:00", "type": "nessus", "title": "CentOS 6 : tomcat6 (CESA-2016:2045) (httpoxy)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5174", "CVE-2015-5345", "CVE-2016-0706", "CVE-2016-0714", "CVE-2016-5388", "CVE-2016-6325"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:tomcat6", "p-cpe:/a:centos:centos:tomcat6-admin-webapps", "p-cpe:/a:centos:centos:tomcat6-docs-webapp", "p-cpe:/a:centos:centos:tomcat6-el-2.1-api", "p-cpe:/a:centos:centos:tomcat6-javadoc", "p-cpe:/a:centos:centos:tomcat6-jsp-2.1-api", "p-cpe:/a:centos:centos:tomcat6-lib", "p-cpe:/a:centos:centos:tomcat6-servlet-2.5-api", "p-cpe:/a:centos:centos:tomcat6-webapps", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2016-2045.NASL", "href": "https://www.tenable.com/plugins/nessus/93965", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:2045 and \n# CentOS Errata and Security Advisory 2016:2045 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93965);\n script_version(\"2.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-5174\", \"CVE-2015-5345\", \"CVE-2016-0706\", \"CVE-2016-0714\", \"CVE-2016-5388\", \"CVE-2016-6325\");\n script_xref(name:\"RHSA\", value:\"2016:2045\");\n\n script_name(english:\"CentOS 6 : tomcat6 (CESA-2016:2045) (httpoxy)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for tomcat6 is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* It was discovered that the Tomcat packages installed certain\nconfiguration files read by the Tomcat initialization script as\nwriteable to the tomcat group. A member of the group or a malicious\nweb application deployed on Tomcat could use this flaw to escalate\ntheir privileges. (CVE-2016-6325)\n\n* It was found that several Tomcat session persistence mechanisms\ncould allow a remote, authenticated user to bypass intended\nSecurityManager restrictions and execute arbitrary code in a\nprivileged context via a web application that placed a crafted object\nin a session. (CVE-2016-0714)\n\n* It was discovered that tomcat used the value of the Proxy header\nfrom HTTP requests to initialize the HTTP_PROXY environment variable\nfor CGI scripts, which in turn was incorrectly used by certain HTTP\nclient implementations to configure the proxy for outgoing HTTP\nrequests. A remote attacker could possibly use this flaw to redirect\nHTTP requests performed by a CGI script to an attacker-controlled\nproxy via a malicious HTTP request. (CVE-2016-5388)\n\n* A directory traversal flaw was found in Tomcat's RequestUtil.java. A\nremote, authenticated user could use this flaw to bypass intended\nSecurityManager restrictions and list a parent directory via a '/..'\nin a pathname used by a web application in a getResource,\ngetResourceAsStream, or getResourcePaths call, as demonstrated by the\n$CATALINA_BASE/webapps directory. (CVE-2015-5174)\n\n* It was found that Tomcat could reveal the presence of a directory\neven when that directory was protected by a security constraint. A\nuser could make a request to a directory via a URL not ending with a\nslash and, depending on whether Tomcat redirected that request, could\nconfirm whether that directory existed. (CVE-2015-5345)\n\n* It was found that Tomcat allowed the StatusManagerServlet to be\nloaded by a web application when a security manager was configured.\nThis allowed a web application to list all deployed web applications\nand expose sensitive information such as session IDs. (CVE-2016-0706)\n\nRed Hat would like to thank Scott Geary (VendHQ) for reporting\nCVE-2016-5388. The CVE-2016-6325 issue was discovered by Red Hat\nProduct Security.\n\nBug Fix(es) :\n\n* Due to a bug in the tomcat6 spec file, the catalina.out file's\nmd5sum, size, and mtime attributes were compared to the file's\nattributes at installation time. Because these attributes change after\nthe service is started, the 'rpm -V' command previously failed. With\nthis update, the attributes mentioned above are ignored in the RPM\nverification and the catalina.out file now passes the verification\ncheck. (BZ#1357123)\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-October/022119.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f51bb064\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat6 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-6325\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/02/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/12\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-6.0.24-98.el6_8\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-admin-webapps-6.0.24-98.el6_8\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-docs-webapp-6.0.24-98.el6_8\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-el-2.1-api-6.0.24-98.el6_8\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-javadoc-6.0.24-98.el6_8\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-jsp-2.1-api-6.0.24-98.el6_8\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-lib-6.0.24-98.el6_8\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-servlet-2.5-api-6.0.24-98.el6_8\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-webapps-6.0.24-98.el6_8\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:28:24", "description": "An update for tomcat6 is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. (CVE-2016-6325)\n\n* It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session. (CVE-2016-0714)\n\n* It was discovered that tomcat used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-5388)\n\n* A directory traversal flaw was found in Tomcat's RequestUtil.java. A remote, authenticated user could use this flaw to bypass intended SecurityManager restrictions and list a parent directory via a '/..' in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory. (CVE-2015-5174)\n\n* It was found that Tomcat could reveal the presence of a directory even when that directory was protected by a security constraint. A user could make a request to a directory via a URL not ending with a slash and, depending on whether Tomcat redirected that request, could confirm whether that directory existed. (CVE-2015-5345)\n\n* It was found that Tomcat allowed the StatusManagerServlet to be loaded by a web application when a security manager was configured.\nThis allowed a web application to list all deployed web applications and expose sensitive information such as session IDs. (CVE-2016-0706)\n\nRed Hat would like to thank Scott Geary (VendHQ) for reporting CVE-2016-5388. The CVE-2016-6325 issue was discovered by Red Hat Product Security.\n\nBug Fix(es) :\n\n* Due to a bug in the tomcat6 spec file, the catalina.out file's md5sum, size, and mtime attributes were compared to the file's attributes at installation time. Because these attributes change after the service is started, the 'rpm -V' command previously failed. With this update, the attributes mentioned above are ignored in the RPM verification and the catalina.out file now passes the verification check. (BZ#1357123)", "cvss3": {}, "published": "2016-10-11T00:00:00", "type": "nessus", "title": "RHEL 6 : tomcat6 (RHSA-2016:2045) (httpoxy)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5174", "CVE-2015-5345", "CVE-2016-0706", "CVE-2016-0714", "CVE-2016-5388", "CVE-2016-6325"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:tomcat6", "p-cpe:/a:redhat:enterprise_linux:tomcat6-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat6-docs-webapp", "p-cpe:/a:redhat:enterprise_linux:tomcat6-el-2.1-api", "p-cpe:/a:redhat:enterprise_linux:tomcat6-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat6-jsp-2.1-api", "p-cpe:/a:redhat:enterprise_linux:tomcat6-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat6-servlet-2.5-api", "p-cpe:/a:redhat:enterprise_linux:tomcat6-webapps", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2016-2045.NASL", "href": "https://www.tenable.com/plugins/nessus/93950", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:2045. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93950);\n script_version(\"2.14\");\n script_cvs_date(\"Date: 2019/10/24 15:35:42\");\n\n script_cve_id(\"CVE-2015-5174\", \"CVE-2015-5345\", \"CVE-2016-0706\", \"CVE-2016-0714\", \"CVE-2016-5388\", \"CVE-2016-6325\");\n script_xref(name:\"RHSA\", value:\"2016:2045\");\n\n script_name(english:\"RHEL 6 : tomcat6 (RHSA-2016:2045) (httpoxy)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for tomcat6 is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* It was discovered that the Tomcat packages installed certain\nconfiguration files read by the Tomcat initialization script as\nwriteable to the tomcat group. A member of the group or a malicious\nweb application deployed on Tomcat could use this flaw to escalate\ntheir privileges. (CVE-2016-6325)\n\n* It was found that several Tomcat session persistence mechanisms\ncould allow a remote, authenticated user to bypass intended\nSecurityManager restrictions and execute arbitrary code in a\nprivileged context via a web application that placed a crafted object\nin a session. (CVE-2016-0714)\n\n* It was discovered that tomcat used the value of the Proxy header\nfrom HTTP requests to initialize the HTTP_PROXY environment variable\nfor CGI scripts, which in turn was incorrectly used by certain HTTP\nclient implementations to configure the proxy for outgoing HTTP\nrequests. A remote attacker could possibly use this flaw to redirect\nHTTP requests performed by a CGI script to an attacker-controlled\nproxy via a malicious HTTP request. (CVE-2016-5388)\n\n* A directory traversal flaw was found in Tomcat's RequestUtil.java. A\nremote, authenticated user could use this flaw to bypass intended\nSecurityManager restrictions and list a parent directory via a '/..'\nin a pathname used by a web application in a getResource,\ngetResourceAsStream, or getResourcePaths call, as demonstrated by the\n$CATALINA_BASE/webapps directory. (CVE-2015-5174)\n\n* It was found that Tomcat could reveal the presence of a directory\neven when that directory was protected by a security constraint. A\nuser could make a request to a directory via a URL not ending with a\nslash and, depending on whether Tomcat redirected that request, could\nconfirm whether that directory existed. (CVE-2015-5345)\n\n* It was found that Tomcat allowed the StatusManagerServlet to be\nloaded by a web application when a security manager was configured.\nThis allowed a web application to list all deployed web applications\nand expose sensitive information such as session IDs. (CVE-2016-0706)\n\nRed Hat would like to thank Scott Geary (VendHQ) for reporting\nCVE-2016-5388. The CVE-2016-6325 issue was discovered by Red Hat\nProduct Security.\n\nBug Fix(es) :\n\n* Due to a bug in the tomcat6 spec file, the catalina.out file's\nmd5sum, size, and mtime attributes were compared to the file's\nattributes at installation time. Because these attributes change after\nthe service is started, the 'rpm -V' command previously failed. With\nthis update, the attributes mentioned above are ignored in the RPM\nverification and the catalina.out file now passes the verification\ncheck. (BZ#1357123)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:2045\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5174\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5345\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0706\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0714\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5388\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6325\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/02/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/11\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:2045\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-6.0.24-98.el6_8\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-admin-webapps-6.0.24-98.el6_8\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-docs-webapp-6.0.24-98.el6_8\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-el-2.1-api-6.0.24-98.el6_8\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-javadoc-6.0.24-98.el6_8\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-jsp-2.1-api-6.0.24-98.el6_8\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-lib-6.0.24-98.el6_8\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-servlet-2.5-api-6.0.24-98.el6_8\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-webapps-6.0.24-98.el6_8\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:10:57", "description": "From Red Hat Security Advisory 2016:2045 :\n\nAn update for tomcat6 is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. (CVE-2016-6325)\n\n* It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session. (CVE-2016-0714)\n\n* It was discovered that tomcat used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-5388)\n\n* A directory traversal flaw was found in Tomcat's RequestUtil.java. A remote, authenticated user could use this flaw to bypass intended SecurityManager restrictions and list a parent directory via a '/..' in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory. (CVE-2015-5174)\n\n* It was found that Tomcat could reveal the presence of a directory even when that directory was protected by a security constraint. A user could make a request to a directory via a URL not ending with a slash and, depending on whether Tomcat redirected that request, could confirm whether that directory existed. (CVE-2015-5345)\n\n* It was found that Tomcat allowed the StatusManagerServlet to be loaded by a web application when a security manager was configured.\nThis allowed a web application to list all deployed web applications and expose sensitive information such as session IDs. (CVE-2016-0706)\n\nRed Hat would like to thank Scott Geary (VendHQ) for reporting CVE-2016-5388. The CVE-2016-6325 issue was discovered by Red Hat Product Security.\n\nBug Fix(es) :\n\n* Due to a bug in the tomcat6 spec file, the catalina.out file's md5sum, size, and mtime attributes were compared to the file's attributes at installation time. Because these attributes change after the service is started, the 'rpm -V' command previously failed. With this update, the attributes mentioned above are ignored in the RPM verification and the catalina.out file now passes the verification check. (BZ#1357123)", "cvss3": {}, "published": "2016-10-11T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : tomcat6 (ELSA-2016-2045) (httpoxy)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5174", "CVE-2015-5345", "CVE-2016-0706", "CVE-2016-0714", "CVE-2016-5388", "CVE-2016-6325"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:tomcat6", "p-cpe:/a:oracle:linux:tomcat6-admin-webapps", "p-cpe:/a:oracle:linux:tomcat6-docs-webapp", "p-cpe:/a:oracle:linux:tomcat6-el-2.1-api", "p-cpe:/a:oracle:linux:tomcat6-javadoc", "p-cpe:/a:oracle:linux:tomcat6-jsp-2.1-api", "p-cpe:/a:oracle:linux:tomcat6-lib", "p-cpe:/a:oracle:linux:tomcat6-servlet-2.5-api", "p-cpe:/a:oracle:linux:tomcat6-webapps", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2016-2045.NASL", "href": "https://www.tenable.com/plugins/nessus/93947", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2016:2045 and \n# Oracle Linux Security Advisory ELSA-2016-2045 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93947);\n script_version(\"2.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-5174\", \"CVE-2015-5345\", \"CVE-2016-0706\", \"CVE-2016-0714\", \"CVE-2016-5388\", \"CVE-2016-6325\");\n script_xref(name:\"RHSA\", value:\"2016:2045\");\n\n script_name(english:\"Oracle Linux 6 : tomcat6 (ELSA-2016-2045) (httpoxy)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2016:2045 :\n\nAn update for tomcat6 is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* It was discovered that the Tomcat packages installed certain\nconfiguration files read by the Tomcat initialization script as\nwriteable to the tomcat group. A member of the group or a malicious\nweb application deployed on Tomcat could use this flaw to escalate\ntheir privileges. (CVE-2016-6325)\n\n* It was found that several Tomcat session persistence mechanisms\ncould allow a remote, authenticated user to bypass intended\nSecurityManager restrictions and execute arbitrary code in a\nprivileged context via a web application that placed a crafted object\nin a session. (CVE-2016-0714)\n\n* It was discovered that tomcat used the value of the Proxy header\nfrom HTTP requests to initialize the HTTP_PROXY environment variable\nfor CGI scripts, which in turn was incorrectly used by certain HTTP\nclient implementations to configure the proxy for outgoing HTTP\nrequests. A remote attacker could possibly use this flaw to redirect\nHTTP requests performed by a CGI script to an attacker-controlled\nproxy via a malicious HTTP request. (CVE-2016-5388)\n\n* A directory traversal flaw was found in Tomcat's RequestUtil.java. A\nremote, authenticated user could use this flaw to bypass intended\nSecurityManager restrictions and list a parent directory via a '/..'\nin a pathname used by a web application in a getResource,\ngetResourceAsStream, or getResourcePaths call, as demonstrated by the\n$CATALINA_BASE/webapps directory. (CVE-2015-5174)\n\n* It was found that Tomcat could reveal the presence of a directory\neven when that directory was protected by a security constraint. A\nuser could make a request to a directory via a URL not ending with a\nslash and, depending on whether Tomcat redirected that request, could\nconfirm whether that directory existed. (CVE-2015-5345)\n\n* It was found that Tomcat allowed the StatusManagerServlet to be\nloaded by a web application when a security manager was configured.\nThis allowed a web application to list all deployed web applications\nand expose sensitive information such as session IDs. (CVE-2016-0706)\n\nRed Hat would like to thank Scott Geary (VendHQ) for reporting\nCVE-2016-5388. The CVE-2016-6325 issue was discovered by Red Hat\nProduct Security.\n\nBug Fix(es) :\n\n* Due to a bug in the tomcat6 spec file, the catalina.out file's\nmd5sum, size, and mtime attributes were compared to the file's\nattributes at installation time. Because these attributes change after\nthe service is started, the 'rpm -V' command previously failed. With\nthis update, the attributes mentioned above are ignored in the RPM\nverification and the catalina.out file now passes the verification\ncheck. (BZ#1357123)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-October/006408.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat6 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/02/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/11\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-6.0.24-98.el6_8\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-admin-webapps-6.0.24-98.el6_8\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-docs-webapp-6.0.24-98.el6_8\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-el-2.1-api-6.0.24-98.el6_8\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-javadoc-6.0.24-98.el6_8\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-jsp-2.1-api-6.0.24-98.el6_8\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-lib-6.0.24-98.el6_8\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-servlet-2.5-api-6.0.24-98.el6_8\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-webapps-6.0.24-98.el6_8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:29:10", "description": "Security Fix(es) :\n\n - It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group.\n A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. (CVE-2016-6325)\n\n - It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session.\n (CVE-2016-0714)\n\n - It was discovered that tomcat used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-5388)\n\n - A directory traversal flaw was found in Tomcat's RequestUtil.java. A remote, authenticated user could use this flaw to bypass intended SecurityManager restrictions and list a parent directory via a '/..' in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory.\n (CVE-2015-5174)\n\n - It was found that Tomcat could reveal the presence of a directory even when that directory was protected by a security constraint. A user could make a request to a directory via a URL not ending with a slash and, depending on whether Tomcat redirected that request, could confirm whether that directory existed.\n (CVE-2015-5345)\n\n - It was found that Tomcat allowed the StatusManagerServlet to be loaded by a web application when a security manager was configured. This allowed a web application to list all deployed web applications and expose sensitive information such as session IDs.\n (CVE-2016-0706)\n\nBug Fix(es) :\n\n - Due to a bug in the tomcat6 spec file, the catalina.out file's md5sum, size, and mtime attributes were compared to the file's attributes at installation time. Because these attributes change after the service is started, the 'rpm -V' command previously failed. With this update, the attributes mentioned above are ignored in the RPM verification and the catalina.out file now passes the verification check.", "cvss3": {}, "published": "2016-10-12T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : tomcat6 on SL6.x (noarch) (20161010) (httpoxy)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5174", "CVE-2015-5345", "CVE-2016-0706", "CVE-2016-0714", "CVE-2016-5388", "CVE-2016-6325"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:tomcat6", "p-cpe:/a:fermilab:scientific_linux:tomcat6-admin-webapps", "p-cpe:/a:fermilab:scientific_linux:tomcat6-docs-webapp", "p-cpe:/a:fermilab:scientific_linux:tomcat6-el-2.1-api", "p-cpe:/a:fermilab:scientific_linux:tomcat6-javadoc", "p-cpe:/a:fermilab:scientific_linux:tomcat6-jsp-2.1-api", "p-cpe:/a:fermilab:scientific_linux:tomcat6-lib", "p-cpe:/a:fermilab:scientific_linux:tomcat6-servlet-2.5-api", "p-cpe:/a:fermilab:scientific_linux:tomcat6-webapps", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20161010_TOMCAT6_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/94004", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94004);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-5174\", \"CVE-2015-5345\", \"CVE-2016-0706\", \"CVE-2016-0714\", \"CVE-2016-5388\", \"CVE-2016-6325\");\n\n script_name(english:\"Scientific Linux Security Update : tomcat6 on SL6.x (noarch) (20161010) (httpoxy)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - It was discovered that the Tomcat packages installed\n certain configuration files read by the Tomcat\n initialization script as writeable to the tomcat group.\n A member of the group or a malicious web application\n deployed on Tomcat could use this flaw to escalate their\n privileges. (CVE-2016-6325)\n\n - It was found that several Tomcat session persistence\n mechanisms could allow a remote, authenticated user to\n bypass intended SecurityManager restrictions and execute\n arbitrary code in a privileged context via a web\n application that placed a crafted object in a session.\n (CVE-2016-0714)\n\n - It was discovered that tomcat used the value of the\n Proxy header from HTTP requests to initialize the\n HTTP_PROXY environment variable for CGI scripts, which\n in turn was incorrectly used by certain HTTP client\n implementations to configure the proxy for outgoing HTTP\n requests. A remote attacker could possibly use this flaw\n to redirect HTTP requests performed by a CGI script to\n an attacker-controlled proxy via a malicious HTTP\n request. (CVE-2016-5388)\n\n - A directory traversal flaw was found in Tomcat's\n RequestUtil.java. A remote, authenticated user could use\n this flaw to bypass intended SecurityManager\n restrictions and list a parent directory via a '/..' in\n a pathname used by a web application in a getResource,\n getResourceAsStream, or getResourcePaths call, as\n demonstrated by the $CATALINA_BASE/webapps directory.\n (CVE-2015-5174)\n\n - It was found that Tomcat could reveal the presence of a\n directory even when that directory was protected by a\n security constraint. A user could make a request to a\n directory via a URL not ending with a slash and,\n depending on whether Tomcat redirected that request,\n could confirm whether that directory existed.\n (CVE-2015-5345)\n\n - It was found that Tomcat allowed the\n StatusManagerServlet to be loaded by a web application\n when a security manager was configured. This allowed a\n web application to list all deployed web applications\n and expose sensitive information such as session IDs.\n (CVE-2016-0706)\n\nBug Fix(es) :\n\n - Due to a bug in the tomcat6 spec file, the catalina.out\n file's md5sum, size, and mtime attributes were compared\n to the file's attributes at installation time. Because\n these attributes change after the service is started,\n the 'rpm -V' command previously failed. With this\n update, the attributes mentioned above are ignored in\n the RPM verification and the catalina.out file now\n passes the verification check.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1610&L=scientific-linux-errata&F=&S=&P=1313\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8e4be176\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/02/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/12\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-6.0.24-98.el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-admin-webapps-6.0.24-98.el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-docs-webapp-6.0.24-98.el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-el-2.1-api-6.0.24-98.el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-javadoc-6.0.24-98.el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-jsp-2.1-api-6.0.24-98.el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-lib-6.0.24-98.el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-servlet-2.5-api-6.0.24-98.el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-webapps-6.0.24-98.el6_8\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "mageia": [{"lastseen": "2023-06-07T16:39:17", "description": "The Realm implementations did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder (CVE-2016-0762). A malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications (CVE-2016-5018). It was discovered that the Tomcat packages installed configuration file /usr/lib/tmpfiles.d/tomcat.conf writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges (CVE-2016-5425). It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges (CVE-2016-6325). When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. Tomcat's system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible (CVE-2016-6794). A malicious web application was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet (CVE-2016-6796). The ResourceLinkFactory did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not (CVE-2016-6797). \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2016-11-04T22:29:35", "type": "mageia", "title": "Updated tomcat packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0762", "CVE-2016-5018", "CVE-2016-5425", "CVE-2016-6325", "CVE-2016-6794", "CVE-2016-6796", "CVE-2016-6797"], "modified": "2016-11-04T22:29:35", "id": "MGASA-2016-0367", "href": "https://advisories.mageia.org/MGASA-2016-0367.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-03T15:12:47", "description": "Apache Tomcat through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue (CVE-2016-5388). \n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-09-21T20:38:22", "type": "mageia", "title": "Updated tomcat packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5388"], "modified": "2016-09-21T20:38:22", "id": "MGASA-2016-0312", "href": "https://advisories.mageia.org/MGASA-2016-0312.html", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "amazon": [{"lastseen": "2023-06-07T15:35:10", "description": "**Issue Overview:**\n\nIt was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. (CVE-2016-6325)\n\nA malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications. (CVE-2016-5018)\n\nThe Realm implementations did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder. (CVE-2016-0762)\n\nWhen a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. Tomcat's system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible. (CVE-2016-6794)\n\nA malicious web application was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. (CVE-2016-6796)\n\nThe ResourceLinkFactory did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not. (CVE-2016-6797)\n\n \n**Affected Packages:** \n\n\ntomcat6, tomcat7, tomcat8\n\n \n**Issue Correction:** \nRun _yum update tomcat6_ to update your system. \nRun _yum update tomcat7_ to update your system. \nRun _yum update tomcat8_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n noarch: \n \u00a0\u00a0\u00a0 tomcat6-webapps-6.0.47-1.7.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat6-servlet-2.5-api-6.0.47-1.7.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat6-jsp-2.1-api-6.0.47-1.7.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat6-javadoc-6.0.47-1.7.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat6-docs-webapp-6.0.47-1.7.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat6-el-2.1-api-6.0.47-1.7.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat6-6.0.47-1.7.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat6-admin-webapps-6.0.47-1.7.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat6-lib-6.0.47-1.7.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat7-el-2.2-api-7.0.72-1.21.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat7-7.0.72-1.21.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat7-admin-webapps-7.0.72-1.21.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat7-log4j-7.0.72-1.21.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat7-javadoc-7.0.72-1.21.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat7-docs-webapp-7.0.72-1.21.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat7-jsp-2.2-api-7.0.72-1.21.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat7-lib-7.0.72-1.21.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat7-webapps-7.0.72-1.21.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat7-servlet-3.0-api-7.0.72-1.21.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat8-el-3.0-api-8.0.38-1.65.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat8-admin-webapps-8.0.38-1.65.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat8-log4j-8.0.38-1.65.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat8-lib-8.0.38-1.65.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat8-8.0.38-1.65.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat8-servlet-3.1-api-8.0.38-1.65.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat8-jsp-2.3-api-8.0.38-1.65.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat8-docs-webapp-8.0.38-1.65.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat8-webapps-8.0.38-1.65.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat8-javadoc-8.0.38-1.65.amzn1.noarch \n \n src: \n \u00a0\u00a0\u00a0 tomcat6-6.0.47-1.7.amzn1.src \n \u00a0\u00a0\u00a0 tomcat7-7.0.72-1.21.amzn1.src \n \u00a0\u00a0\u00a0 tomcat8-8.0.38-1.65.amzn1.src \n \n \n\n### Additional References\n\nRed Hat: [CVE-2016-0762](<https://access.redhat.com/security/cve/CVE-2016-0762>), [CVE-2016-5018](<https://access.redhat.com/security/cve/CVE-2016-5018>), [CVE-2016-6325](<https://access.redhat.com/security/cve/CVE-2016-6325>), [CVE-2016-6794](<https://access.redhat.com/security/cve/CVE-2016-6794>), [CVE-2016-6796](<https://access.redhat.com/security/cve/CVE-2016-6796>), [CVE-2016-6797](<https://access.redhat.com/security/cve/CVE-2016-6797>)\n\nMitre: [CVE-2016-0762](<https://vulners.com/cve/CVE-2016-0762>), [CVE-2016-5018](<https://vulners.com/cve/CVE-2016-5018>), [CVE-2016-6325](<https://vulners.com/cve/CVE-2016-6325>), [CVE-2016-6794](<https://vulners.com/cve/CVE-2016-6794>), [CVE-2016-6796](<https://vulners.com/cve/CVE-2016-6796>), [CVE-2016-6797](<https://vulners.com/cve/CVE-2016-6797>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2016-11-10T18:00:00", "type": "amazon", "title": "Important: tomcat6, tomcat7, tomcat8", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0762", "CVE-2016-5018", "CVE-2016-6325", "CVE-2016-6794", "CVE-2016-6796", "CVE-2016-6797"], "modified": "2016-11-10T18:00:00", "id": "ALAS-2016-764", "href": "https://alas.aws.amazon.com/ALAS-2016-764.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-03T15:24:27", "description": "**Issue Overview:**\n\nTomcat's CGI support used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request (known as the \"<a href=\"https://httpoxy.org/\">httpoxy</a>\" class of vulnerabilities).\n\n \n**Affected Packages:** \n\n\ntomcat6, tomcat7, tomcat8\n\n \n**Issue Correction:** \nRun _yum update tomcat6_ to update your system. \nRun _yum update tomcat7_ to update your system. \nRun _yum update tomcat8_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n noarch: \n \u00a0\u00a0\u00a0 tomcat6-lib-6.0.45-1.5.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat6-servlet-2.5-api-6.0.45-1.5.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat6-admin-webapps-6.0.45-1.5.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat6-webapps-6.0.45-1.5.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat6-docs-webapp-6.0.45-1.5.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat6-jsp-2.1-api-6.0.45-1.5.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat6-el-2.1-api-6.0.45-1.5.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat6-6.0.45-1.5.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat6-javadoc-6.0.45-1.5.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat7-el-2.2-api-7.0.69-1.17.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat7-admin-webapps-7.0.69-1.17.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat7-log4j-7.0.69-1.17.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat7-lib-7.0.69-1.17.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat7-javadoc-7.0.69-1.17.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat7-webapps-7.0.69-1.17.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat7-docs-webapp-7.0.69-1.17.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat7-7.0.69-1.17.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat7-servlet-3.0-api-7.0.69-1.17.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat7-jsp-2.2-api-7.0.69-1.17.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat8-jsp-2.3-api-8.0.35-1.61.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat8-javadoc-8.0.35-1.61.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat8-admin-webapps-8.0.35-1.61.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat8-lib-8.0.35-1.61.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat8-servlet-3.1-api-8.0.35-1.61.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat8-el-3.0-api-8.0.35-1.61.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat8-webapps-8.0.35-1.61.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat8-docs-webapp-8.0.35-1.61.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat8-log4j-8.0.35-1.61.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat8-8.0.35-1.61.amzn1.noarch \n \n src: \n \u00a0\u00a0\u00a0 tomcat6-6.0.45-1.5.amzn1.src \n \u00a0\u00a0\u00a0 tomcat7-7.0.69-1.17.amzn1.src \n \u00a0\u00a0\u00a0 tomcat8-8.0.35-1.61.amzn1.src \n \n \n\n### Additional References\n\nRed Hat: [CVE-2016-5388](<https://access.redhat.com/security/cve/CVE-2016-5388>)\n\nMitre: [CVE-2016-5388](<https://vulners.com/cve/CVE-2016-5388>)\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-07-20T18:00:00", "type": "amazon", "title": "Medium: tomcat6, tomcat7, tomcat8", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5388"], "modified": "2016-07-20T18:00:00", "id": "ALAS-2016-722", "href": "https://alas.aws.amazon.com/ALAS-2016-722.html", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "ibm": [{"lastseen": "2023-02-21T01:48:31", "description": "## Summary\n\nThe Rational Reporting for Development Intelligence (RRDI) is shipped with a version of the Apache Tomcat web server which contains security vulnerabilities that could have a potential security impact.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2016-0762](<https://vulners.com/cve/CVE-2016-0762>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the failure to process the user supplied password if the specified user name does not exist by the Realm implementation. An attacker could exploit this vulnerability to conduct a timing attack and determine valid usernames on the system. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/118407> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n**CVEID:** [CVE-2016-5018](<https://vulners.com/cve/CVE-2016-5018>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to bypass security restrictions. An attacker could exploit this vulnerability using a Tomcat utility method to bypass a configured SecurityManager. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/118406> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2016-6794](<https://vulners.com/cve/CVE-2016-6794>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to obtain sensitive information, caused by an error in the system property replacement feature. An attacker could exploit this vulnerability to bypass the SecurityManager and read system properties. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/118405> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2016-6796](<https://vulners.com/cve/CVE-2016-6796>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to bypass security restrictions. By modifying configuration parameters for the JSP Servlet, an attacker could exploit this vulnerability to bypass a configured SecurityManager. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/118404> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2016-6797](<https://vulners.com/cve/CVE-2016-6797>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to gain unauthorized access to the system, caused by an error in the ResourceLinkFactory. An attacker could exploit this vulnerability to gain access to arbitrary global JNDI resources. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/118403> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product(s) and Version(s) \n---|--- \nRRDI 2.0, 2.0.1, 2.0.3 and 2.0.4| Cognos BI 10.1.1 \nRRDI 2.0.5 and 2.0.6| Cognos BI 10.2.1 \nRRDI 5.0, 5.0.1 and 5.0.2| Cognos BI 10.2.1 Fix pack 2 \nJazz Reporting Service 5.0, 5.0.1 and 5.0.2 \n \n## Remediation/Fixes\n\n \nApply the recommended fixes to all affected versions of RRDI. \n \n[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035869>)**RRDI 2.0, 2.0.0.1, 2.0.1, 2.0.3 and 2.0.4** \n \n\n\n * Download the [IBM Cognos Business Intelligence 10.1.1 Interim Fix 21 (Implemented by file 10.1.6306.520)](<http://www-01.ibm.com/support/docview.wss?uid=swg24043287>). \nReview technote [1679281: Install a Cognos Business Intelligence 10.1.1 fix package in Rational Reporting for Development Intelligence 2.0.x and Rational Insight 1.1.1.x](<http://www-01.ibm.com/support/docview.wss?uid=swg21679281>) for the detailed instructions for patch application.\n \n[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035869>)**RRDI 2.0.5 and 2.0.6 ** \n \n\n\n * Download the [IBM Cognos Business Intelligence 10.2.1 Interim Fix 19 (Implemented by file 10.2.5000.537)](<http://www-01.ibm.com/support/docview.wss?uid=swg24043288>). \nReview technote [1679283: Installing Cognos Business Intelligence 10.2.1.x fix pack in Rational Reporting for Development Intelligence 2.0.x/5.0.x and Rational Insight 1.1.1.x](<http://www-01.ibm.com/support/docview.wss?uid=swg21679283>) for the detailed instructions for patch application.\n \n**RRDI 5.0 and 5.0.1 and 5.0.2 ** \n \n\n\n 1. If the Data Collection Component (DCC) or Jazz Reporting Service (JRS, also known as Report Builder) is used, perform this step first. \nReview the topics in [Security Bulletin: Multiple security vulnerabilities have been identified in Jazz Team Server shipped with Jazz Reporting Service (CVE-2016-0762,CVE-2016-6797)](<http://www-01.ibm.com/support/docview.wss?uid=swg21999756>) for addressing the listed vulnerability in the underlying Jazz Team Server. \n\n 2. If the Cognos-based reporting server is used, also perform this step. \nDownload the [IBM Cognos Business Intelligence 10.2.1.1 Interim Fix 18 (Implemented by file 10.2.5012.504)](<http://www-01.ibm.com/support/docview.wss?uid=swg24043288>). \nReview technote [1679283: Installing Cognos Business Intelligence 10.2.1.x fix pack in Rational Reporting for Development Intelligence 2.0.x/5.0.x and Rational Insight 1.1.1.x](<http://www-01.ibm.com/support/docview.wss?uid=swg21679283>) for the detailed instructions for patch application.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2018-06-17T05:20:07", "type": "ibm", "title": "Security Bulletin: Security vulnerabilities in Apache Tomcat affect Rational Reporting for Development Intelligence", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0762", "CVE-2016-5018", "CVE-2016-6794", "CVE-2016-6796", "CVE-2016-6797"], "modified": "2018-06-17T05:20:07", "id": "D27D7A3FAB54F4252945DE24C1BCEB0239D87CB0DB7641EF3375DE0B604D151D", "href": "https://www.ibm.com/support/pages/node/293947", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T01:48:31", "description": "## Summary\n\nThe Rational Insight is shipped with a version of the Apache Tomcat web server which contains security vulnerabilities that could have a potential security impact.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2016-0762](<https://vulners.com/cve/CVE-2016-0762>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the failure to process the user supplied password if the specified user name does not exist by the Realm implementation. An attacker could exploit this vulnerability to conduct a timing attack and determine valid usernames on the system. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/118407> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n**CVEID:** [CVE-2016-5018](<https://vulners.com/cve/CVE-2016-5018>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to bypass security restrictions. An attacker could exploit this vulnerability using a Tomcat utility method to bypass a configured SecurityManager. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/118406> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2016-6794](<https://vulners.com/cve/CVE-2016-6794>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to obtain sensitive information, caused by an error in the system property replacement feature. An attacker could exploit this vulnerability to bypass the SecurityManager and read system properties. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/118405> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2016-6796](<https://vulners.com/cve/CVE-2016-6796>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to bypass security restrictions. By modifying configuration parameters for the JSP Servlet, an attacker could exploit this vulnerability to bypass a configured SecurityManager. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/118404> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2016-6797](<https://vulners.com/cve/CVE-2016-6797>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to gain unauthorized access to the system, caused by an error in the ResourceLinkFactory. An attacker could exploit this vulnerability to gain access to arbitrary global JNDI resources. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/118403> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product(s) and Version(s) \n---|--- \nRational Insight 1.1, 1.1.1, 1.1.1.1 and 1.1.1.2| Cognos BI 10.1.1 \nRational Insight 1.1.1.3| Cognos BI 10.2.1 \nRational Insight 1.1.1.4, 1.1.1.5 and 1.1.1.6| Cognos BI 10.2.1 Fix pack 2 \nJazz Reporting Service 5.0, 5.0.1 and 5.0.2 \nRational Insight 1.1.1.7| Cognos BI 10.2.1 Fix pack 2 \nJazz Reporting Service 6.0 \n \n## Remediation/Fixes\n\n \nApply the recommended fixes to all affected versions of Rational Insight. \n \n**Rational Insight 1.1 ** \n \n\n\n * Download the [IBM Cognos Business Intelligence 10.1.1 Interim Fix 21 (Implemented by file 10.1.6306.520)](<http://www-01.ibm.com/support/docview.wss?uid=swg24043287>). \nReview technote [1679272: Install a Cognos Business Intelligence 10.1.1 fix package in Rational Insight 1.1](<http://www-01.ibm.com/support/docview.wss?uid=swg21679272>) for detailed instructions.\n \n[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035869>)**Rational Insight 1.1.1, 1.1.1.1 and 1.1.1.2 ** \n \n\n\n * Download the [IBM Cognos Business Intelligence 10.1.1 Interim Fix 21 (Implemented by file 10.1.6306.520)](<http://www-01.ibm.com/support/docview.wss?uid=swg24043287>). \nRead technote [1679281: Install a Cognos Business Intelligence 10.1.1 fix package in Rational Reporting for Development Intelligence 2.0.x and Rational Insight 1.1.1.x](<http://www-01.ibm.com/support/docview.wss?uid=swg21679281>) for the detailed instructions for patch application.\n \n[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035869>)**Rational Insight 1.1.1.3 ** \n \n\n\n * Download the [IBM Cognos Business Intelligence 10.2.1 Interim Fix 19 (Implemented by file 10.2.5000.537)](<http://www-01.ibm.com/support/docview.wss?uid=swg24043288>). \nReview technote [1679283: Installing Cognos Business Intelligence 10.2.1.x fix pack in Rational Reporting for Development Intelligence 2.0.x/5.0.x and Rational Insight 1.1.1.x](<http://www-01.ibm.com/support/docview.wss?uid=swg21679283>) for the detailed instructions for patch application.\n \n[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035869>)**Rational Insight 1.1.1.4 and 1.1.1.5 and 1.1.1.6 and 1.1.1.7 ** \n \n\n\n 1. If the Data Collection Component (DCC) or Jazz Reporting Service (JRS, also known as Report Builder) is used, perform this step first. \nReview the topics in [Security Bulletin: Multiple security vulnerabilities have been identified in Jazz Team Server shipped with Jazz Reporting Service (CVE-2016-0762,CVE-2016-6797)](<http://www-01.ibm.com/support/docview.wss?uid=swg21999756>) for addressing the listed vulnerability in the underlying Jazz Team Server. \n\n 2. If the Cognos-based reporting server is used, also perform this step. \nDownload the [IBM Cognos Business Intelligence 10.2.1.1 Interim Fix 18 (Implemented by file 10.2.5012.504)](<http://www-01.ibm.com/support/docview.wss?uid=swg24043288>). \nReview technote [1679283: Installing Cognos Business Intelligence 10.2.1.x fix pack in Rational Reporting for Development Intelligence 2.0.x/5.0.x and Rational Insight 1.1.1.x](<http://www-01.ibm.com/support/docview.wss?uid=swg21679283>) for the detailed instructions for patch application.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2018-06-17T05:20:08", "type": "ibm", "title": "Security Bulletin: Security vulnerabilities in Apache Tomcat affect Rational Insight", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0762", "CVE-2016-5018", "CVE-2016-6794", "CVE-2016-6796", "CVE-2016-6797"], "modified": "2018-06-17T05:20:08", "id": "FCEDD547799AE384A4D749F6F180AE8594D14E825F787E185F25A3AC75A35F08", "href": "https://www.ibm.com/support/pages/node/293949", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T05:39:57", "description": "## Summary\n\nThere are vulnerabilities reported in Apache Tomcat v6 that is used by WebSphere Cast Iron Solution. WebSphere Cast Iron Solution has remediated the affected versions.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-0762_](<https://vulners.com/cve/CVE-2016-0762>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the failure to process the user supplied password if the specified user name does not exist by the Realm implementation. An attacker could exploit this vulnerability to conduct a timing attack and determine valid usernames on the system. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118407_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118407>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n**CVEID:** [_CVE-2016-5018_](<https://vulners.com/cve/CVE-2016-5018>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to bypass security restrictions. An attacker could exploit this vulnerability using a Tomcat utility method to bypass a configured SecurityManager. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118406_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118406>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2016-6794_](<https://vulners.com/cve/CVE-2016-6794>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to obtain sensitive information, caused by an error in the system property replacement feature. An attacker could exploit this vulnerability to bypass the SecurityManager and read system properties. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118405_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118405>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-6796_](<https://vulners.com/cve/CVE-2016-6796>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to bypass security restrictions. By modifying configuration parameters for the JSP Servlet, an attacker could exploit this vulnerability to bypass a configured SecurityManager. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118404_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118404>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2016-6797_](<https://vulners.com/cve/CVE-2016-6797>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to gain unauthorized access to the system, caused by an error in the ResourceLinkFactory. An attacker could exploit this vulnerability to gain access to arbitrary global JNDI resources. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118403_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118403>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nThis vulnerability affects all versions of the product \n \nWebSphere Cast Iron Solution v 7.5.1.0, v 7.5.0.1, v 7.5.0.0 \nWebSphere Cast Iron Solution v 7.0.0.2, v 7.0.0.1, v 7.0.0.0 \nWebSphere Cast Iron Solution v 6.4.0.1, v 6.4.0.0 \nWebSphere Cast Iron Solution v 6.3.0.2, v 6.3.0.1, v 6.3.0.0\n\n## Remediation/Fixes\n\n \n\n\n_Product_| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \nCast Iron Appliance| v 7.5.1.0, \nv 7.5.0.1, \nv 7.5.0.0| LI79259| [iFix 7.5.1.0-CUMUIFIX-005](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Cast+Iron+Cloud+integration&release=7.5.1.0&platform=All&function=fixId&fixids=7.5.1.0-WS-WCI-20161103-1048_H7_64-CUMUIFIX-005.scrypt2,7.5.1.0-WS-WCI-20161103-1048_H7_64-CUMUIFIX-005.vcrypt2,7.5.1.0-WS-WCI-20161103-1048_H7_64-CUMUIFIX-005.32bit.sc-linux,7.5.1.0-WS-WCI-20161103-1048_H7_64-CUMUIFIX-005.sc-linux,7.5.1.0-WS-WCI-20161103-1048_H7_64-CUMUIFIX-005.32bit.sc-win,7.5.1.0-WS-WCI-20161103-1048_H7_64-CUMUIFIX-005.sc-win,7.5.1.0-WS-WCI-20161103-1049_H11_64-CUMUIFIX-005.32bit.studio,7.5.1.0-WS-WCI-20161103-1049_H11_64-CUMUIFIX-005.studio,7.5.1.0-WS-WCI-20161103-1048_H7_64-CUMUIFIX-005.docker&includeSupersedes=0>) \nCast Iron Appliance| v 7.0.0.2, \nv 7.0.0.1, \nv 7.0.0.0| LI79259| [iFix 7.0.0.2-CUMUIFIX-033](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Cast+Iron+Cloud+integration&release=7.0.0.2&platform=All&function=fixId&fixids=7.0.0.2-WS-WCI-20161103-1040_H8_64-CUMUIFIX-033.scrypt2,7.0.0.2-WS-WCI-20161103-1040_H8_64-CUMUIFIX-033.vcrypt2,7.0.0.2-WS-WCI-20161103-1040_H8_64-CUMUIFIX-033.32bit.sc-linux,7.0.0.2-WS-WCI-20161103-1040_H8_64-CUMUIFIX-033.32bit.sc-win7.0.0.2-WS-WCI-20161103-1040_H8_64-CUMUIFIX-033.sc-linux,7.0.0.2-WS-WCI-20161103-1040_H8_64-CUMUIFIX-033.sc-win,7.0.0.2-WS-WCI-20161103-1041_H9_64-CUMUIFIX-033.32bit.studio,7.0.0.2-WS-WCI-20161103-1041_H9_64-CUMUIFIX-033.studio&includeSupersedes=0>) \nCast Iron Appliance| v 6.4.0.1, \nv 6.4.0.0| LI79259| [iFix 6.4.0.1-CUMUIFIX-042](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Cast+Iron+Cloud+integration&release=6.4.0.1&platform=All&function=fixId&fixids=6.4.0.1-WS-WCI-20161103-1131_H3-CUMUIFIX-042.scrypt2,6.4.0.1-WS-WCI-20161103-1131_H3-CUMUIFIX-042.vcrypt2,6.4.0.1-WS-WCI-20161103-1131_H4-CUMUIFIX-042.studio&includeSupersedes=0>) \nCast Iron Appliance| v 6.3.0.2, \nv 6.3.0.1, \nv 6.3.0.0| LI79259| [iFix 6.3.0.2-CUMUIFIX-023](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Cast+Iron+Cloud+integration&release=6.3.0.2&platform=All&function=fixId&fixids=6.3.0.2-WS-WCI-20161103-1226_H4-CUMUIFIX-023.scrypt2,6.3.0.2-WS-WCI-20161103-1226_H4-CUMUIFIX-023.vcrypt2,6.3.0.2-WS-WCI-20161103-1506_H4-CUMUIFIX-023.studio&includeSupersedes=0>) \n \n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2019-11-18T13:57:34", "type": "ibm", "title": "Security Bulletin: IBM WebSphere Cast Iron Solution is affected by Apache Tomcat vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0762", "CVE-2016-5018", "CVE-2016-6794", "CVE-2016-6796", "CVE-2016-6797"], "modified": "2019-11-18T13:57:34", "id": "F5CDE8C22C4BBC6BB7CBF97A440438D883CD649212412738F8629A2D4E07BCFD", "href": "https://www.ibm.com/support/pages/node/559471", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-13T01:34:19", "description": "## Summary\n\nApache Tomcat is used by Storwize V7000 Unified. Storwize V7000 Unified has addressed the applicable CVEs. \n\n## Vulnerability Details\n\nThis bulletin relates to vulnerabilities in the Apache Tomcat component which is used to provide the product\u2019s management GUI. The CLI interface is unaffected. \n \n**CVEID:** [_CVE-2016-0762_](<https://vulners.com/cve/CVE-2016-0762>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the failure to process the user supplied password if the specified user name does not exist by the Realm implementation. An attacker could exploit this vulnerability to conduct a timing attack and determine valid usernames on the system. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118407_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118407>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n**CVEID:** [_CVE-2016-5018_](<https://vulners.com/cve/CVE-2016-5018>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to bypass security restrictions. An attacker could exploit this vulnerability using a Tomcat utility method to bypass a configured SecurityManager. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118406_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118406>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2016-6794_](<https://vulners.com/cve/CVE-2016-6794>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to obtain sensitive information, caused by an error in the system property replacement feature. An attacker could exploit this vulnerability to bypass the SecurityManager and read system properties. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118405_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118405>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:**[ _CVE-2016-6796_](<https://vulners.com/cve/CVE-2016-6796>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to bypass security restrictions. By modifying configuration parameters for the JSP Servlet, an attacker could exploit this vulnerability to bypass a configured SecurityManager. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118404_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118404>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2016-6797_](<https://vulners.com/cve/CVE-2016-6797>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to gain unauthorized access to the system, caused by an error in the ResourceLinkFactory. An attacker could exploit this vulnerability to gain access to arbitrary global JNDI resources. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118403_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118403>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nIBM Storwize V7000 Unified \nThe product is affected when running code releases 1.5.0.0 to 1.5.2.5 and 1.6.0.0 to 1.6.2.0\n\n## Remediation/Fixes\n\nA fix for these issues is in version 1.5.2.6 and 1.6.2.1 of IBM Storwize V7000 Unified. Customers running an affected version of IBM Storwize V7000 Unified should upgrade to 1.5.2.6 or 1.6.2.1 or a later version, so that the fix gets applied. \n \n[_Latest Storwize V7000 Unified Software_](<http://www-01.ibm.com/support/docview.wss?uid=ssg1S1003918&myns=s028&mynp=OCST5Q4U&mync=E>) \n \nPlease contact IBM support for assistance in upgrading your system.\n\n## Workarounds and Mitigations\n\nWorkaround(s): None \n \nMitigation(s) : Although IBM recommends that you install a level of code with a fix for this vulnerability, you can mitigate, although not eliminate, your risk until you have done so by ensuring that all users who have access to the system are authenticated by another security system such as a firewall.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2018-06-18T00:32:30", "type": "ibm", "title": "Security Bulletin: Tomcat apache vulnerability affects IBM Storwize V7000 Unified", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0762", "CVE-2016-5018", "CVE-2016-6794", "CVE-2016-6796", "CVE-2016-6797"], "modified": "2018-06-18T00:32:30", "id": "FEA72A089D1755DA76737B39FD3BC90F9FC3011626C35A4FAFB48AD0A4D10189", "href": "https://www.ibm.com/support/pages/node/696969", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T17:45:52", "description": "## Summary\n\nMultiple vulnerabilities in Apache Tomcat affect IBM UrbanCode Release\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2016-5018](<https://vulners.com/cve/CVE-2016-5018>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to bypass security restrictions. An attacker could exploit this vulnerability using a Tomcat utility method to bypass a configured SecurityManager. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/118406> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID:** [CVE-2016-6794](<https://vulners.com/cve/CVE-2016-6794>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to obtain sensitive information, caused by an error in the system property replacement feature. An attacker could exploit this vulnerability to bypass the SecurityManager and read system properties. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/118405> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID:** [CVE-2016-0762](<https://vulners.com/cve/CVE-2016-0762>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the failure to process the user supplied password if the specified user name does not exist by the Realm implementation. An attacker could exploit this vulnerability to conduct a timing attack and determine valid usernames on the system. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/118407> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID:** [CVE-2016-6796](<https://vulners.com/cve/CVE-2016-6796>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to bypass security restrictions. By modifying configuration parameters for the JSP Servlet, an attacker could exploit this vulnerability to bypass a configured SecurityManager. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/118404> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n**CVEID:** [CVE-2016-6797](<https://vulners.com/cve/CVE-2016-6797>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to gain unauthorized access to the system, caused by an error in the ResourceLinkFactory. An attacker could exploit this vulnerability to gain access to arbitrary global JNDI resources. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/118403> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n\n \n \n--- \n \n## Affected Products and Versions\n\nIBM UrbanCode Release 6.2.1.2\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the fixes as soon as practical. Review the information below regarding the available fixes. \n\nFor affected supporting products shipped with IBM UrbanCode Release, consult the following security bulletins for vulnerability details and fixes.\n\n**Product**| **VRMF**| **Remediation/First Fix** \n---|---|--- \nIBM UrbanCode Release| 6.2.1.2| [6.2.1.3](<https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Rational&product=ibm/Rational/UrbanCode+Release&release=6.2.1.0&platform=All&function=fixId&fixids=6.2.1.3-UrbanCode-Release&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) \n \n \n\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2018-06-17T22:33:29", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Apache Tomcat affect IBM UrbanCode Release", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0762", "CVE-2016-5018", "CVE-2016-6794", "CVE-2016-6796", "CVE-2016-6797"], "modified": "2018-06-17T22:33:29", "id": "BBD0BB9278125E79B44348E7A6E2FDFBBE0FF4AC9E9184823B714AE94FCDD740", "href": "https://www.ibm.com/support/pages/node/609287", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T01:49:56", "description": "## Summary\n\nApache Tomcat prior to version 6.0.48 is susceptible to several vulnerabilities.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2016-0762](<https://vulners.com/cve/CVE-2016-0762>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the failure to process the user supplied password if the specified user name does not exist by the Realm implementation. An attacker could exploit this vulnerability to conduct a timing attack and determine valid usernames on the system. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/118407> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n**CVEID:** [CVE-2016-5018](<https://vulners.com/cve/CVE-2016-5018>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to bypass security restrictions. An attacker could exploit this vulnerability using a Tomcat utility method to bypass a configured SecurityManager. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/118406> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2016-6794](<https://vulners.com/cve/CVE-2016-6794>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to obtain sensitive information, caused by an error in the system property replacement feature. An attacker could exploit this vulnerability to bypass the SecurityManager and read system properties. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/118405> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2016-6796](<https://vulners.com/cve/CVE-2016-6796>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to bypass security restrictions. By modifying configuration parameters for the JSP Servlet, an attacker could exploit this vulnerability to bypass a configured SecurityManager. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/118404> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2016-6797](<https://vulners.com/cve/CVE-2016-6797>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to gain unauthorized access to the system, caused by an error in the ResourceLinkFactory. An attacker could exploit this vulnerability to gain access to arbitrary global JNDI resources. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/118403> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n \n \n**CVEID:** [CVE-2016-6816](<https://vulners.com/cve/CVE-2016-6816>)** \nDESCRIPTION:** Apache Tomcat is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/119158> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n\n## Affected Products and Versions\n\n\u00b7 IBM QRadar SIEM 7.2.n\n\n## Remediation/Fixes\n\n\u2022 [_IBM QRadar/QRM/QVM/QRIF 7.2.8 Patch 4_](<https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=7.2.0&platform=Linux&function=fixId&fixids=7.2.8-QRADAR-QRSIEM-20170224202650&includeRequisites=1&includeSupersedes=0&downloadMethod=http&source=fc>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2018-06-16T21:50:43", "type": "ibm", "title": "Security Bulletin: Apache Tomcat as used in IBM QRadar SIEM is vulnerable to various CVE's", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0762", "CVE-2016-5018", "CVE-2016-6794", "CVE-2016-6796", "CVE-2016-6797", "CVE-2016-6816"], "modified": "2018-06-16T21:50:43", "id": "3410E09FDCBC57E565C72083D3A630854D64B8490C9907FC7A07113F787F18CE", "href": "https://www.ibm.com/support/pages/node/292995", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:44:48", "description": "## Summary\n\nMultiple vulnerabilities in Open Source Apache Tomcat reported by The Apache Software Foundation affect IBM Tivoli Application Dependency Discovery Manager \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-0762_](<https://vulners.com/cve/CVE-2016-0762>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the failure to process the user supplied password if the specified user name does not exist by the Realm implementation. An attacker could exploit this vulnerability to conduct a timing attack and determine valid usernames on the system. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118407_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118407>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n**CVEID:** [_CVE-2016-5018_](<https://vulners.com/cve/CVE-2016-5018>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to bypass security restrictions. An attacker could exploit this vulnerability using a Tomcat utility method to bypass a configured SecurityManager. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118406_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118406>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2016-6794_](<https://vulners.com/cve/CVE-2016-6794>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to obtain sensitive information, caused by an error in the system property replacement feature. An attacker could exploit this vulnerability to bypass the SecurityManager and read system properties. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118405_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118405>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-6796_](<https://vulners.com/cve/CVE-2016-6796>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to bypass security restrictions. By modifying configuration parameters for the JSP Servlet, an attacker could exploit this vulnerability to bypass a configured SecurityManager. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118404_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118404>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2016-6797_](<https://vulners.com/cve/CVE-2016-6797>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to gain unauthorized access to the system, caused by an error in the ResourceLinkFactory. An attacker could exploit this vulnerability to gain access to arbitrary global JNDI resources. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118403_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118403>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2016-6816_](<https://vulners.com/cve/CVE-2016-6816>)** \nDESCRIPTION:** Apache Tomcat is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119158_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119158>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\n**CVEID:** [_CVE-2016-8745_](<https://vulners.com/cve/CVE-2016-8745>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the improper handling of the send file code for the NIO HTTP connector when the Connector code for Tomcat 8.5.x is refactored. An attacker could exploit this vulnerability to obtain the session ID and the response body. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119642_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119642>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n## Affected Products and Versions\n\nTADDM 7.2.2.0 - 7.2.2.5 \nTADDM 7.3.0.0 (TADDM 7.3.0.1-3 - not affected - using WebSphere Liberty Profile) \n\n## Remediation/Fixes\n\nThere are eFixes prepared on top of the latest released FixPack for each stream: \n\n**Fix**| **VRMF**| **APAR**| **How to acquire fix** \n---|---|---|--- \nefix_TADDM73_tomcat7077_201411291020_1.zip| 7.3.0.0| None| [_Download eFix_](<ftp://ftp.ecurep.ibm.com/fromibm/tivoli/efix_TADDM73_tomcat7077_201411291020_1.zip>) \nefix_TADDM722_tomcat7077_FP520160209.zip| 7.2.2.5 \n| None| [_Download eFix_](<ftp://ftp.ecurep.ibm.com/fromibm/tivoli/efix_TADDM722_tomcat7077_FP520160209.zip>) \n \nPlease get familiar with eFix readme in etc/<efix_name>_readme.txt \nNote that the eFix requires manual deletion of the external/apache-tomcat directory. \n\n## Workarounds and Mitigations\n\nThe solution is to upgrade TADDM to use Tomcat version 7.0.77 \n \neFixes are prepared on top of the latest FixPack release, but if there were any custom changes made in a previous version of Apache Tomcat, please reapply them after the upgrade is finished.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2018-06-17T15:39:42", "type": "ibm", "title": "Security Bulletin: Open Source Apache Tomcat vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (TADDM)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0762", "CVE-2016-5018", "CVE-2016-6794", "CVE-2016-6796", "CVE-2016-6797", "CVE-2016-6816", "CVE-2016-8745"], "modified": "2018-06-17T15:39:42", "id": "6B0A5599577E8CC081B38DC85FFC053A3E597118CD8108314778BA17EC91A265", "href": "https://www.ibm.com/support/pages/node/559615", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:52:26", "description": "## Summary\n\nThis bulletin addresses several security vulnerabilities. \n \nIBM Cognos Business Intelligence has addressed a vulnerability where sensitive information can be revealed in its logs files. \n \nThere is a vulnerabilitiy in IBM\u00ae WebSphere Application Server Liberty. Liberty is used by IBM Cognos Business Intelligence version 10.2.2. This issue was disclosed as part of the IBM WebSphere Application Server Liberty updates. \n \nIBM Cognos Business Intelligence has addressed several Apache Tomcat vulnerabilities. \n\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-9985_](<https://vulners.com/cve/CVE-2016-9985>)** \nDESCRIPTION:** IBM Cognos Server stores highly sensitive information in log files that could be read by a local user. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120391_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120391>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n** ** \n**CVEID:** [_CVE-2016-5983_](<https://vulners.com/cve/CVE-2016-5983>)** \nDESCRIPTION:** IBM WebSphere Application Server could allow remote attackers to execute arbitrary Java code with a serialized object from untrusted sources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116468_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116468>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) \n\n**CVEID:** [_CVE-2016-0762_](<https://vulners.com/cve/CVE-2016-0762>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the failure to process the user supplied password if the specified user name does not exist by the Realm implementation. An attacker could exploit this vulnerability to conduct a timing attack and determine valid usernames on the system. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118407_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118407>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-5018_](<https://vulners.com/cve/CVE-2016-5018>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to bypass security restrictions. An attacker could exploit this vulnerability using a Tomcat utility method to bypass a configured SecurityManager. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118406_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118406>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2016-6794_](<https://vulners.com/cve/CVE-2016-6794>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to obtain sensitive information, caused by an error in the system property replacement feature. An attacker could exploit this vulnerability to bypass the SecurityManager and read system properties. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118405_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118405>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-6796_](<https://vulners.com/cve/CVE-2016-6796>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to bypass security restrictions. By modifying configuration parameters for the JSP Servlet, an attacker could exploit this vulnerability to bypass a configured SecurityManager. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118404_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118404>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2016-6797_](<https://vulners.com/cve/CVE-2016-6797>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to gain unauthorized access to the system, caused by an error in the ResourceLinkFactory. An attacker could exploit this vulnerability to gain access to arbitrary global JNDI resources. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118403_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118403>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2016-6816_](<https://vulners.com/cve/CVE-2016-6816>)** \nDESCRIPTION:** Apache Tomcat is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119158_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119158>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\n**CVEID:** [_CVE-2016-8735_](<https://vulners.com/cve/CVE-2016-8735>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to execute arbitrary code on the system, caused by an error in the JmxRemoteLifecycleListener. By sending specially crafted data to a JMX port, an attacker could exploit this vulnerability to execute arbitrary code on the system with elevated privileges. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119157_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119157>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n \n \n**CVEID:** [_CVE-2016-5388_](<https://vulners.com/cve/CVE-2016-5388>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to redirect HTTP traffic of CGI application, caused by the failure to protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable. By using a specially-crafted Proxy header in a HTTP request, an attacker could exploit this vulnerability to redirect outbound HTTP traffic to arbitrary proxy server. This is also known as the \"HTTPOXY\" vulnerability. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/115091_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/115091>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n## Affected Products and Versions\n\nIBM Cognos Business Intelligence Server 10.2.2 \nIBM Cognos Business Intelligence Server 10.2.1.1 \nIBM Cognos Business Intelligence Server 10.2.1 \nIBM Cognos Business Intelligence Server 10.2 \nIBM Cognos Business Intelligence Server 10.1.1\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the fix for versions listed as soon as practical. \n \n10.1.1: [](<http://www-01.ibm.com/support/docview.wss?uid=swg24042359>)[_http://www.ibm.com/support/docview.wss?uid=swg24043287_](<http://www.ibm.com/support/docview.wss?uid=swg24043287>) \n10.2.0: [_http://www.ibm.com/support/docview.wss?uid=swg24043288_](<http://www.ibm.com/support/docview.wss?uid=swg24043288>) \n10.2.1: [_http://www.ibm.com/support/docview.wss?uid=swg24043288_](<http://www.ibm.com/support/docview.wss?uid=swg24043288>) \n10.2.1.1: [_http://www.ibm.com/support/docview.wss?uid=swg24043288_](<http://www.ibm.com/support/docview.wss?uid=swg24043288>) \n10.2.2: [_http://www.ibm.com/support/docview.wss?uid=swg24043288_](<http://www.ibm.com/support/docview.wss?uid=swg24043288>)\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-15T23:17:50", "type": "ibm", "title": "Security Bulletin: IBM Cognos Business Intelligence Server 2017Q1 Security Updater : IBM Cognos Business Intelligence Server is affected by multiple vulnerabilities.", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0762", "CVE-2016-5018", "CVE-2016-5388", "CVE-2016-5983", "CVE-2016-6794", "CVE-2016-6796", "CVE-2016-6797", "CVE-2016-6816", "CVE-2016-8735", "CVE-2016-9985"], "modified": "2018-06-15T23:17:50", "id": "0C4F91C9AA7E146EDA1AA877B92C4C590E445AC7D2AC0E60ECCE4BA77A47F0EB", "href": "https://www.ibm.com/support/pages/node/293269", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-13T05:37:16", "description": "## Summary\n\nMultiple Apache Tomcat vulnerabilities affect IBM SONAS.\n\n## Vulnerability Details\n\nThis bulletin relates to vulnerabilities in the Apache Tomcat component which is used to provide the product\u2019s management GUI. The CLI interface is unaffected. \n \n**CVEID:** [_CVE-2016-0762_](<https://vulners.com/cve/CVE-2016-0762>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the failure to process the user supplied password if the specified user name does not exist by the Realm implementation. An attacker could exploit this vulnerability to conduct a timing attack and determine valid usernames on the system. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118407_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118407>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n**CVEID:** [_CVE-2016-5018_](<https://vulners.com/cve/CVE-2016-5018>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to bypass security restrictions. An attacker could exploit this vulnerability using a Tomcat utility method to bypass a configured SecurityManager. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118406_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118406>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2016-6794_](<https://vulners.com/cve/CVE-2016-6794>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to obtain sensitive information, caused by an error in the system property replacement feature. An attacker could exploit this vulnerability to bypass the SecurityManager and read system properties. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118405_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118405>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-6796_](<https://vulners.com/cve/CVE-2016-6796>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to bypass security restrictions. By modifying configuration parameters for the JSP Servlet, an attacker could exploit this vulnerability to bypass a configured SecurityManager. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118404_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118404>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2016-6797_](<https://vulners.com/cve/CVE-2016-6797>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to gain unauthorized access to the system, caused by an error in the ResourceLinkFactory. An attacker could exploit this vulnerability to gain access to arbitrary global JNDI resources. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118403_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118403>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n \n**CVEID:** [_CVE-2016-6816_](<https://vulners.com/cve/CVE-2016-6816>)** \nDESCRIPTION:** Apache Tomcat is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119158_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119158>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n\n**CVEID:** [_CVE-2016-6817_](<https://vulners.com/cve/CVE-2016-6817>)** \nDESCRIPTION:** Apache Tomcat is vulnerable to a denial of service. By sending a specially crafted HTTP/2 header, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119156_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119156>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-8735_](<https://vulners.com/cve/CVE-2016-8735>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to execute arbitrary code on the system, caused by an error in the JmxRemoteLifecycleListener. By sending specially crafted data to a JMX port, an attacker could exploit this vulnerability to execute arbitrary code on the system with elevated privileges. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119157_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119157>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nIBM SONAS \n \nThe product is affected when running a code releases 1.5.0.0 to 1.5.2.5. \n\n## Remediation/Fixes\n\nA fix for these issues is in version 1.5.2.6 of IBM SONAS. Customers running an affected version of SONAS should upgrade to 1.5.2.6 or a later version, so that the fix gets applied. \n \nPlease contact IBM support for assistance in upgrading your system.\n\n## Workarounds and Mitigations\n\nWorkaround(s): None \n \nMitigation(s) : Although IBM recommends that you install a level of code with a fix for this vulnerability, you can mitigate, although not eliminate, your risk until you have done so by ensuring that all users who have access to the system are authenticated by another security system such as a firewall.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-18T00:32:14", "type": "ibm", "title": "Security Bulletin: Multiple Apache Tomcat vulnerabilities affect IBM SONAS.", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0762", "CVE-2016-5018", "CVE-2016-6794", "CVE-2016-6796", "CVE-2016-6797", "CVE-2016-6816", "CVE-2016-6817", "CVE-2016-8735"], "modified": "2018-06-18T00:32:14", "id": "51AB1F7F50AE2546674F97D246115890E30F6672B86D6D523810D29C5BAE0D62", "href": "https://www.ibm.com/support/pages/node/696923", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:52:24", "description": "## Summary\n\nIBM OpenPages GRC Platform has addressed potential security exposure due to multiple vulnerabilities in Apache Tomcat.\n\n## Vulnerability Details\n\n \n**CVEID:** [_CVE-2017-6056_](<https://vulners.com/cve/CVE-2017-6056>)** \nDESCRIPTION:** Apache Tomcat is vulnerable to a denial of service, caused by a programming error in the servlet and JSP engine. A remote attacker could exploit this vulnerability to cause the server to enter into an infinite loop. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/122312_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/122312>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVE-ID**: [CVE-2017-5647](<https://vulners.com/cve/CVE-2017-5647>) \n**Description**: Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an error in the processing of pipelined requests in send file. An attacker could exploit this vulnerability to obtain sensitive information from the wrong response. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: [_https://exchange.xforce.ibmcloud.com/vulnerabilities/124400_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/124400>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n \n**CVEID:** [_CVE-2016-6816_](<https://vulners.com/cve/CVE-2016-6816>)** \nDESCRIPTION:** Apache Tomcat is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119158_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119158>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n\n**CVEID:** [_CVE-2016-8735_](<https://vulners.com/cve/CVE-2016-8735>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to execute arbitrary code on the system, caused by an error in the JmxRemoteLifecycleListener. By sending specially crafted data to a JMX port, an attacker could exploit this vulnerability to execute arbitrary code on the system with elevated privileges. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119157_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119157>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n \n \n**CVEID:** [CVE-2016-0762](<https://vulners.com/cve/CVE-2016-0762>)** \nDESCRIPTION:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the failure to process the user supplied password if the specified user name does not exist by the Realm implementation. An attacker could exploit this vulnerability to conduct a timing attack and determine valid usernames on the system. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/118407> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n**CVEID:** [CVE-2016-5018](<https://vulners.com/cve/CVE-2016-5018>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to bypass security restrictions. An attacker could exploit this vulnerability using a Tomcat utility method to bypass a configured SecurityManager. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/118406> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2016-6794](<https://vulners.com/cve/CVE-2016-6794>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to obtain sensitive information, caused by an error in the system property replacement feature. An attacker could exploit this vulnerability to bypass the SecurityManager and read system properties. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/118405> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2016-6796](<https://vulners.com/cve/CVE-2016-6796>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to bypass security restrictions. By modifying configuration parameters for the JSP Servlet, an attacker could exploit this vulnerability to bypass a configured SecurityManager. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/118404> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2016-6797](<https://vulners.com/cve/CVE-2016-6797>)** \nDESCRIPTION:** Apache Tomcat could allow a local attacker to gain unauthorized access to the system, caused by an error in the ResourceLinkFactory. An attacker could exploit this vulnerability to gain access to arbitrary global JNDI resources. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/118403> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n \n\n\n## Affected Products and Versions\n\nIBM OpenPages GRC Platform version 7.1\n\n## Remediation/Fixes\n\nA fix has been created for each affected version of the named product. Download and install the fix as soon as possible. Fixes and installation instructions are provided at the URLs listed below: \n \n\n\n**Fix**| **Download URL** \n---|--- \nFor OpenPages GRC Platform **7.1.0 through 7.1.0.3 ** \n\\- Apply 7.1 Fix Pack 4 (7.1.0.4) or later| [_http://www.ibm.com/support/docview.wss?uid=swg24043897_](<http://www.ibm.com/support/docview.wss?uid=swg24043897>) \n \nFor OpenPages GRC Platform v7.0.x customers, IBM recommends upgrading to a fixed, supported version/release/platform of the product. \n \n\n\n## Workarounds and Mitigations\n\nNone known, apply fixes.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-15T23:48:06", "type": "ibm", "title": "Security Bulletin: IBM OpenPages GRC Platform has addressed multiple Apache Tomcat vulnerabilities.", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0762", "CVE-2016-5018", "CVE-2016-6794", "CVE-2016-6796", "CVE-2016-6797", "CVE-2016-6816", "CVE-2016-8735", "CVE-2017-5647", "CVE-2017-6056"], "modified": "2018-06-15T23:48:06", "id": "AB8332BB49251697A40C4A181070CC821286458CE2114BD526688971705EBC0B", "href": "https://www.ibm.com/support/pages/node/296623", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:54:23", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 6 used by IBM C

Fedora 23 : 1:tomcat (2016-4094bd4ad6) (httpoxy)

Description

Related