Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2009-2021 Tenable Network Security, Inc.MANDRAKE_MDKSA-2007-241.NASL
HistoryApr 23, 2009 - 12:00 a.m.

Mandrake Linux Security Advisory : tomcat5 (MDKSA-2007:241)

2009-04-2300:00:00
This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.
www.tenable.com
17
JSON

A number of vulnerabilities were found in Tomcat :

A directory traversal vulnerability, when using certain proxy modules, allows a remote attacker to read arbitrary files via a … (dot dot) sequence with various slash, backslash, or url-encoded backslash characters (CVE-2007-0450; affects Mandriva Linux 2007.1 only).

Multiple cross-site scripting vulnerabilities in certain JSP files allow remote attackers to inject arbitrary web script or HTML (CVE-2007-2449).

Multiple cross-site scripting vulnerabilities in the Manager and Host Manager web applications allow remote authenticated users to inject arbitrary web script or HTML (CVE-2007-2450).

Tomcat treated single quotes as delimiters in cookies, which could cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks (CVE-2007-3382).

Tomcat did not properly handle the ’ character sequence in a cookie value, which could cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks (CVE-2007-3385).

A cross-site scripting vulnerability in the Host Manager servlet allowed remote attackers to inject arbitrary HTML and web script via crafted attacks (CVE-2007-3386).

Finally, an absolute path traversal vulnerability, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag (CVE-2007-5461).

The updated packages have been patched to correct these issues.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandrake Linux Security Advisory MDKSA-2007:241. 
# The text itself is copyright (C) Mandriva S.A.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(38147);
  script_version("1.14");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2007-0450", "CVE-2007-2449", "CVE-2007-2450", "CVE-2007-3382", "CVE-2007-3385", "CVE-2007-3386", "CVE-2007-5461");
  script_xref(name:"MDKSA", value:"2007:241");

  script_name(english:"Mandrake Linux Security Advisory : tomcat5 (MDKSA-2007:241)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandrake Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A number of vulnerabilities were found in Tomcat :

A directory traversal vulnerability, when using certain proxy modules,
allows a remote attacker to read arbitrary files via a .. (dot dot)
sequence with various slash, backslash, or url-encoded backslash
characters (CVE-2007-0450; affects Mandriva Linux 2007.1 only).

Multiple cross-site scripting vulnerabilities in certain JSP files
allow remote attackers to inject arbitrary web script or HTML
(CVE-2007-2449).

Multiple cross-site scripting vulnerabilities in the Manager and Host
Manager web applications allow remote authenticated users to inject
arbitrary web script or HTML (CVE-2007-2450).

Tomcat treated single quotes as delimiters in cookies, which could
cause sensitive information such as session IDs to be leaked and allow
remote attackers to conduct session hijacking attacks (CVE-2007-3382).

Tomcat did not properly handle the ' character sequence in a cookie
value, which could cause sensitive information such as session IDs to
be leaked and allow remote attackers to conduct session hijacking
attacks (CVE-2007-3385).

A cross-site scripting vulnerability in the Host Manager servlet
allowed remote attackers to inject arbitrary HTML and web script via
crafted attacks (CVE-2007-3386).

Finally, an absolute path traversal vulnerability, under certain
configurations, allows remote authenticated users to read arbitrary
files via a WebDAV write request that specifies an entity with a
SYSTEM tag (CVE-2007-5461).

The updated packages have been patched to correct these issues."
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
  script_cwe_id(22, 79, 200);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tomcat5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tomcat5-admin-webapps");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tomcat5-common-lib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tomcat5-jasper");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tomcat5-jasper-javadoc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tomcat5-jsp-2.0-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tomcat5-jsp-2.0-api-javadoc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tomcat5-server-lib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tomcat5-servlet-2.4-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tomcat5-servlet-2.4-api-javadoc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tomcat5-webapps");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2008.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2007/12/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK2007.1", reference:"tomcat5-5.5.17-6.2.4.1mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", reference:"tomcat5-admin-webapps-5.5.17-6.2.4.1mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", reference:"tomcat5-common-lib-5.5.17-6.2.4.1mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", reference:"tomcat5-jasper-5.5.17-6.2.4.1mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", reference:"tomcat5-jasper-javadoc-5.5.17-6.2.4.1mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", reference:"tomcat5-jsp-2.0-api-5.5.17-6.2.4.1mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", reference:"tomcat5-jsp-2.0-api-javadoc-5.5.17-6.2.4.1mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", reference:"tomcat5-server-lib-5.5.17-6.2.4.1mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", reference:"tomcat5-servlet-2.4-api-5.5.17-6.2.4.1mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", reference:"tomcat5-servlet-2.4-api-javadoc-5.5.17-6.2.4.1mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", reference:"tomcat5-webapps-5.5.17-6.2.4.1mdv2007.1", yank:"mdv")) flag++;

if (rpm_check(release:"MDK2008.0", reference:"tomcat5-5.5.23-9.2.10.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"tomcat5-admin-webapps-5.5.23-9.2.10.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"tomcat5-common-lib-5.5.23-9.2.10.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"tomcat5-jasper-5.5.23-9.2.10.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"tomcat5-jasper-javadoc-5.5.23-9.2.10.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"tomcat5-jsp-2.0-api-5.5.23-9.2.10.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"tomcat5-jsp-2.0-api-javadoc-5.5.23-9.2.10.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"tomcat5-server-lib-5.5.23-9.2.10.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"tomcat5-servlet-2.4-api-5.5.23-9.2.10.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"tomcat5-servlet-2.4-api-javadoc-5.5.23-9.2.10.1mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"tomcat5-webapps-5.5.23-9.2.10.1mdv2008.0", yank:"mdv")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
mandrivalinuxtomcat5p-cpe:/a:mandriva:linux:tomcat5
mandrivalinuxtomcat5-admin-webappsp-cpe:/a:mandriva:linux:tomcat5-admin-webapps
mandrivalinuxtomcat5-common-libp-cpe:/a:mandriva:linux:tomcat5-common-lib
mandrivalinuxtomcat5-jasperp-cpe:/a:mandriva:linux:tomcat5-jasper
mandrivalinuxtomcat5-jasper-javadocp-cpe:/a:mandriva:linux:tomcat5-jasper-javadoc
mandrivalinuxtomcat5-jsp-2.0-apip-cpe:/a:mandriva:linux:tomcat5-jsp-2.0-api
mandrivalinuxtomcat5-jsp-2.0-api-javadocp-cpe:/a:mandriva:linux:tomcat5-jsp-2.0-api-javadoc
mandrivalinuxtomcat5-server-libp-cpe:/a:mandriva:linux:tomcat5-server-lib
mandrivalinuxtomcat5-servlet-2.4-apip-cpe:/a:mandriva:linux:tomcat5-servlet-2.4-api
mandrivalinuxtomcat5-servlet-2.4-api-javadocp-cpe:/a:mandriva:linux:tomcat5-servlet-2.4-api-javadoc
Rows per page:
1-10 of 131

Related

openvas 39
tomcat 8
nessus 43
fedora 5
redhat 7
altlinux 1
centos 3
osv 10
debian 3
oraclelinux 3
seebug 4
veracode 8
securityvulns 10
atlassian 2
jvn 4
ubuntucve 10
exploitpack 1
packetstorm 3
prion 10
cve 10
github 7
cert 1
checkpoint_advisories 2
gentoo 1
exploitdb 1
redhatcve 1
hackerone 1
debiancve 1
openvas
openvas
Mandriva Update for tomcat5 MDKSA-2007:241 (tomcat5)
2009-04-09 00:00:00
Mandriva Update for tomcat5 MDKSA-2007:241 (tomcat5)
2009-04-09 00:00:00
Fedora Update for tomcat5 FEDORA-2007-3474
2009-02-27 00:00:00
tomcat
tomcat
Fixed in Apache Tomcat 6.0.14
2007-08-13 00:00:00
Fixed in Apache Tomcat 5.5.25, 5.0.SVN
2007-09-08 00:00:00
Fixed in Apache Tomcat 4.1.37
2005-10-06 00:00:00
nessus
nessus
Apache Tomcat 5.0.x <= 5.0.30 / 5.5.x < 5.5.25 Multiple Vulnerabilities
2010-12-07 00:00:00
Apache Tomcat < 6.0.14 Multiple Vulnerabilities
2019-01-11 00:00:00
Fedora 8 : tomcat5-5.5.25-1jpp.1.fc8 (2007-3474)
2007-11-20 00:00:00
fedora
fedora
[SECURITY] Fedora 8 Update: tomcat5-5.5.25-1jpp.1.fc8
2007-11-17 05:37:36
[SECURITY] Fedora 7 Update: tomcat5-5.5.25-1jpp.1.fc7
2007-11-17 05:34:43
[SECURITY] Fedora 7 Update: tomcat5-5.5.26-1jpp.2.fc7
2008-02-13 04:55:03
redhat
redhat
(RHSA-2007:0876) Moderate: tomcat security update
2007-10-11 00:00:00
(RHSA-2007:0871) Moderate: tomcat security update
2007-09-26 00:00:00
(RHSA-2008:0195) Moderate: tomcat security update
2008-04-28 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 5 package tomcat5 version 0:5.5.25-alt1_1.1jpp5.0
2007-11-30 00:00:00
centos
centos
tomcat5 security update
2007-09-28 08:11:50
tomcat5 security update
2007-07-22 15:57:46
tomcat5 security update
2008-03-19 00:04:06
osv
osv
tomcat5 - several vulnerabilities
2008-01-07 00:00:00
tomcat5.5 several vulnerabilities
2008-01-03 00:00:00
Apache Tomcat treats single quotes as delimiters in cookies
2022-05-01 18:13:14
debian
debian
[SECURITY] [DSA 1447-1] New tomcat5.5 packages fix several vulnerabilities
2008-01-03 21:54:49
[SECURITY] [DSA 1453-1] New tomcat5 packages fix several vulnerabilities
2008-01-07 18:41:20
[SECURITY] [DSA 1468-1] New tomcat5.5 packages fix several vulnerabilities
2008-01-20 15:17:40
oraclelinux
oraclelinux
Moderate: tomcat security update
2007-09-26 00:00:00
Moderate: tomcat security update
2007-07-17 00:00:00
Moderate: tomcat security update
2008-03-11 00:00:00
seebug
seebug
Apache Tomcat多个远程信息泄露漏洞
2007-08-23 00:00:00
Apache Tomcat Host Manager Servlet跨站脚本执行漏洞
2007-08-23 00:00:00
Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
2014-07-01 00:00:00
veracode
veracode
Session Hijacking
2018-11-13 05:10:16
Information Disclosure
2019-03-25 08:40:44
Cross-Site Scripting (XSS)
2018-11-12 09:08:34
securityvulns
securityvulns
Apache Tomcat multiple security vulnerabilities
2007-08-14 00:00:00
Apache Tomcat crossite scripting
2007-06-14 00:00:00
CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities &#40;Updated - v1.1&#41;
2009-01-28 00:00:00
atlassian
atlassian
Upgrade standalone Tomcat to 5.5.25
2008-01-15 04:23:59
Upgrade standalone Tomcat to 5.5.25
2008-01-15 04:23:59
jvn
jvn
JVN#59851336 Apache Tomcat Host Manager cross-site scripting vulnerability
2007-08-15 00:00:00
JVN#64851600 Apache Tomcat sample web application cross-site scripting vulnerability
2007-06-15 00:00:00
JVN#07100457 Apache Tomcat cross-site scripting vulnerability
2007-06-15 00:00:00
ubuntucve
ubuntucve
CVE-2007-3386
2007-08-14 00:00:00
CVE-2007-3385
2007-08-14 00:00:00
CVE-2007-3382
2007-08-14 00:00:00
exploitpack
exploitpack
Apache Tomcat 6.0.15 - Cookie Quote Handling Remote Information Disclosure
2008-02-09 00:00:00
packetstorm
packetstorm
CVE-2007-3386.txt
2007-08-14 00:00:00
CVE-2007-2449.txt
2007-06-15 00:00:00
SA-20070314-0.txt
2007-03-20 00:00:00
prion
prion
Cross site scripting
2007-08-14 22:17:00
Design/Logic Flaw
2007-08-14 22:17:00
Session fixation
2007-08-14 22:17:00
cve
cve
CVE-2007-3386
2007-08-14 22:17:00
CVE-2007-5461
2007-10-15 18:17:00
CVE-2007-3385
2007-08-14 22:17:00
github
github
Apache Tomcat Mishandles Character Sequence in Cookies
2022-05-01 18:13:14
Apache Tomcat treats single quotes as delimiters in cookies
2022-05-01 18:13:14
Apache Tomcat Directory Traversal
2022-05-01 17:44:16
cert
cert
Apache Tomcat fails to properly handle cookies containing single quotes
2007-08-14 00:00:00
checkpoint_advisories
checkpoint_advisories
Apache Tomcat WebDav Remote Information Disclosure (CVE-2007-5461)
2013-11-18 00:00:00
Apache Tomcat URIencoding Directory Traversal (CVE-2007-0450; CVE-2008-2938)
2009-11-01 00:00:00
gentoo
gentoo
Tomcat: Information disclosure
2007-05-01 00:00:00
exploitdb
exploitdb
Apache Tomcat 6.0.15 - Cookie Quote Handling Remote Information Disclosure
2008-02-09 00:00:00
redhatcve
redhatcve
CVE-2007-5731
2019-10-04 21:11:49
hackerone
hackerone
Starbucks: RCE and Complete Server Takeover of http://www.█████.starbucks.com.sg/
2019-02-27 10:58:19
debiancve
debiancve
CVE-2007-1860
2007-05-25 18:30:00
JSON
Related for MANDRAKE_MDKSA-2007-241.NASL
openvas39tomcat8nessus43fedora5redhat7altlinux1centos3osv10debian3oraclelinux3seebug4veracode8securityvulns10atlassian2jvn4ubuntucve10exploitpack1packetstorm3prion10cve10github7cert1checkpoint_advisories2gentoo1exploitdb1redhatcve1hackerone1debiancve1