Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2009-2021 Tenable Network Security, Inc.MANDRIVA_MDVSA-2008-188.NASL
HistoryApr 23, 2009 - 12:00 a.m.

Mandriva Linux Security Advisory : tomcat5 (MDVSA-2008:188)

2009-04-2300:00:00
This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.
www.tenable.com
16
JSON

A number of vulnerabilities have been discovered in the Apache Tomcat server :

The default catalina.policy in the JULI logging component did not restrict certain permissions for web applications which could allow a remote attacker to modify logging configuration options and overwrite arbitrary files (CVE-2007-5342).

A cross-site scripting vulnerability was found in the HttpServletResponse.sendError() method which could allow a remote attacker to inject arbitrary web script or HTML via forged HTTP headers (CVE-2008-1232).

A cross-site scripting vulnerability was found in the host manager application that could allow a remote attacker to inject arbitrary web script or HTML via the hostname parameter (CVE-2008-1947).

A traversal vulnerability was found when using a RequestDispatcher in combination with a servlet or JSP that could allow a remote attacker to utilize a specially crafted request parameter to access protected web resources (CVE-2008-2370).

A traversal vulnerability was found when the ‘allowLinking’ and ‘URIencoding’ settings were actived which could allow a remote attacker to use a UTF-8-encoded request to extend their privileges and obtain local files accessible to the Tomcat process (CVE-2008-2938).

The updated packages have been patched to correct these issues.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandriva Linux Security Advisory MDVSA-2008:188. 
# The text itself is copyright (C) Mandriva S.A.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(36926);
  script_version("1.19");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2007-5342", "CVE-2008-1232", "CVE-2008-1947", "CVE-2008-2370", "CVE-2008-2938");
  script_xref(name:"MDVSA", value:"2008:188");

  script_name(english:"Mandriva Linux Security Advisory : tomcat5 (MDVSA-2008:188)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandriva Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A number of vulnerabilities have been discovered in the Apache Tomcat
server :

The default catalina.policy in the JULI logging component did not
restrict certain permissions for web applications which could allow a
remote attacker to modify logging configuration options and overwrite
arbitrary files (CVE-2007-5342).

A cross-site scripting vulnerability was found in the
HttpServletResponse.sendError() method which could allow a remote
attacker to inject arbitrary web script or HTML via forged HTTP
headers (CVE-2008-1232).

A cross-site scripting vulnerability was found in the host manager
application that could allow a remote attacker to inject arbitrary web
script or HTML via the hostname parameter (CVE-2008-1947).

A traversal vulnerability was found when using a RequestDispatcher in
combination with a servlet or JSP that could allow a remote attacker
to utilize a specially crafted request parameter to access protected
web resources (CVE-2008-2370).

A traversal vulnerability was found when the 'allowLinking' and
'URIencoding' settings were actived which could allow a remote
attacker to use a UTF-8-encoded request to extend their privileges and
obtain local files accessible to the Tomcat process (CVE-2008-2938).

The updated packages have been patched to correct these issues."
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"d2_elliot_name", value:"Apache Tomcat File Disclosure");
  script_set_attribute(attribute:"exploit_framework_d2_elliot", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack');
  script_cwe_id(22, 79, 264);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tomcat5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tomcat5-admin-webapps");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tomcat5-common-lib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tomcat5-jasper");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tomcat5-jasper-eclipse");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tomcat5-jasper-javadoc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tomcat5-jsp-2.0-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tomcat5-jsp-2.0-api-javadoc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tomcat5-server-lib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tomcat5-servlet-2.4-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tomcat5-servlet-2.4-api-javadoc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tomcat5-webapps");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2008.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2008.1");

  script_set_attribute(attribute:"patch_publication_date", value:"2008/09/05");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK2008.0", reference:"tomcat5-5.5.23-9.2.10.2mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"tomcat5-admin-webapps-5.5.23-9.2.10.2mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"tomcat5-common-lib-5.5.23-9.2.10.2mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"tomcat5-jasper-5.5.23-9.2.10.2mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"tomcat5-jasper-javadoc-5.5.23-9.2.10.2mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"tomcat5-jsp-2.0-api-5.5.23-9.2.10.2mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"tomcat5-jsp-2.0-api-javadoc-5.5.23-9.2.10.2mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"tomcat5-server-lib-5.5.23-9.2.10.2mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"tomcat5-servlet-2.4-api-5.5.23-9.2.10.2mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"tomcat5-servlet-2.4-api-javadoc-5.5.23-9.2.10.2mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"tomcat5-webapps-5.5.23-9.2.10.2mdv2008.0", yank:"mdv")) flag++;

if (rpm_check(release:"MDK2008.1", reference:"tomcat5-5.5.25-1.2.1.1mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"tomcat5-admin-webapps-5.5.25-1.2.1.1mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"tomcat5-common-lib-5.5.25-1.2.1.1mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"tomcat5-jasper-5.5.25-1.2.1.1mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"tomcat5-jasper-eclipse-5.5.25-1.2.1.1mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"tomcat5-jasper-javadoc-5.5.25-1.2.1.1mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"tomcat5-jsp-2.0-api-5.5.25-1.2.1.1mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"tomcat5-jsp-2.0-api-javadoc-5.5.25-1.2.1.1mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"tomcat5-server-lib-5.5.25-1.2.1.1mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"tomcat5-servlet-2.4-api-5.5.25-1.2.1.1mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"tomcat5-servlet-2.4-api-javadoc-5.5.25-1.2.1.1mdv2008.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.1", reference:"tomcat5-webapps-5.5.25-1.2.1.1mdv2008.1", yank:"mdv")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
mandrivalinuxtomcat5p-cpe:/a:mandriva:linux:tomcat5
mandrivalinuxtomcat5-admin-webappsp-cpe:/a:mandriva:linux:tomcat5-admin-webapps
mandrivalinuxtomcat5-common-libp-cpe:/a:mandriva:linux:tomcat5-common-lib
mandrivalinuxtomcat5-jasperp-cpe:/a:mandriva:linux:tomcat5-jasper
mandrivalinuxtomcat5-jasper-eclipsep-cpe:/a:mandriva:linux:tomcat5-jasper-eclipse
mandrivalinuxtomcat5-jasper-javadocp-cpe:/a:mandriva:linux:tomcat5-jasper-javadoc
mandrivalinuxtomcat5-jsp-2.0-apip-cpe:/a:mandriva:linux:tomcat5-jsp-2.0-api
mandrivalinuxtomcat5-jsp-2.0-api-javadocp-cpe:/a:mandriva:linux:tomcat5-jsp-2.0-api-javadoc
mandrivalinuxtomcat5-server-libp-cpe:/a:mandriva:linux:tomcat5-server-lib
mandrivalinuxtomcat5-servlet-2.4-apip-cpe:/a:mandriva:linux:tomcat5-servlet-2.4-api
Rows per page:
1-10 of 141

Related

openvas 42
nessus 42
redhat 8
centos 2
oraclelinux 2
fedora 5
tomcat 5
vmware 4
securityvulns 17
ubuntucve 5
cve 6
osv 8
prion 6
github 6
atlassian 2
veracode 5
seebug 9
f5 7
packetstorm 5
debian 2
dsquare 1
exploitpack 2
cert 1
checkpoint_advisories 2
d2 1
exploitdb 2
gentoo 1
ibm 1
openvas
openvas
Mandriva Update for tomcat5 MDVSA-2008:188 (tomcat5)
2009-04-09 00:00:00
Mandriva Update for tomcat5 MDVSA-2008:188 (tomcat5)
2009-04-09 00:00:00
RedHat Update for tomcat RHSA-2008:0648-01
2009-03-06 00:00:00
nessus
nessus
Scientific Linux Security Update : tomcat on SL5.x i386/x86_64
2012-08-01 00:00:00
Fedora 9 : tomcat6-6.0.18-1.1.fc9 (2008-7977)
2008-09-12 00:00:00
Fedora 9 : tomcat5-5.5.27-0jpp.2.fc9 (2008-8113)
2008-09-17 00:00:00
redhat
redhat
(RHSA-2008:0648) Important: tomcat security update
2008-08-27 00:00:00
(RHSA-2008:0864) Important: tomcat security update
2008-10-02 00:00:00
(RHSA-2008:0862) Important: tomcat security update
2008-10-02 00:00:00
centos
centos
tomcat5 security update
2008-08-28 22:01:41
tomcat5 security update
2008-03-19 00:04:06
oraclelinux
oraclelinux
tomcat security update
2008-08-27 00:00:00
Moderate: tomcat security update
2008-03-11 00:00:00
fedora
fedora
[SECURITY] Fedora 9 Update: tomcat5-5.5.27-0jpp.2.fc9
2008-09-16 23:25:10
[SECURITY] Fedora 9 Update: tomcat6-6.0.18-1.1.fc9
2008-09-11 17:17:43
[SECURITY] Fedora 8 Update: tomcat5-5.5.27-0jpp.2.fc8
2008-09-16 23:28:35
tomcat
tomcat
Fixed in Apache Tomcat 6.0.18
2008-07-31 00:00:00
Fixed in Apache Tomcat 5.5.27
2008-09-08 00:00:00
Fixed in Apache Tomcat 4.1.39
2008-01-07 00:00:00
vmware
vmware
VirtualCenter Update 4 and ESX patch update Tomcat to version 5.5.27
2009-02-23 00:00:00
VirtualCenter Update 4 and ESX patch update Tomcat to version 5.5.27
2009-02-23 00:00:00
VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components
2009-11-20 00:00:00
securityvulns
securityvulns
Apache Tomcat multiple security vulnerabilities
2009-01-28 00:00:00
[CVE-2007-5342] Apache Tomcat's default security policy is too open
2007-12-26 00:00:00
Apache Tomcat weak default permissions
2007-12-26 00:00:00
ubuntucve
ubuntucve
CVE-2008-2938
2008-08-13 00:00:00
CVE-2007-5342
2007-12-27 00:00:00
CVE-2008-1232
2008-08-04 00:00:00
cve
cve
CVE-2008-2938
2008-08-13 00:41:00
CVE-2007-5342
2007-12-27 22:46:00
CVE-2008-1947
2008-06-04 19:32:00
osv
osv
Apache Tomcat Directory Traversal vulnerability
2022-05-01 23:55:04
JULI logging component in Apache Tomcat does not restrict certain permissions for web applications
2022-05-01 18:32:22
Apache Tomcat Cross-site scripting (XSS) vulnerability
2022-05-01 23:37:49
prion
prion
Directory traversal
2008-08-13 00:41:00
Design/Logic Flaw
2007-12-27 22:46:00
Cross site scripting
2008-08-04 01:41:00
github
github
Apache Tomcat Directory Traversal vulnerability
2022-05-01 23:55:04
JULI logging component in Apache Tomcat does not restrict certain permissions for web applications
2022-05-01 18:32:22
Apache Tomcat Cross-site scripting (XSS) vulnerability
2022-05-01 23:45:13
atlassian
atlassian
Upgrade standalone Tomcat to 5.5.25
2008-01-15 04:23:59
Upgrade standalone Tomcat to 5.5.25
2008-01-15 04:23:59
veracode
veracode
Restriction Bypass
2019-03-25 08:40:44
Cross-site Scripting (XSS)
2018-11-09 07:06:07
Directory Traversal
2018-11-09 07:23:15
seebug
seebug
Apache Tomcat JULI日志组件默认安全策略漏洞
2007-12-26 00:00:00
Apache Tomcat HttpServletResponse.sendError()跨站脚本漏洞
2008-08-04 00:00:00
Apache Tomcat主机管理器跨站脚本漏洞
2008-06-05 00:00:00
f5
f5
SOL9110 - Apache Tomcat information disclosure vulnerability - CVE-2008-2370
2008-09-01 00:00:00
K9109 : Apache Tomcat cross-site scripting vulnerability CVE-2008-1947
2013-03-19 00:00:00
SOL9108 - Apache Tomcat Cross-site scripting (XSS) vulnerability - CVE-2008-1232
2008-09-01 00:00:00
packetstorm
packetstorm
CVE-2008-1947.txt
2008-06-03 00:00:00
tomcat-traverse.txt
2008-08-13 00:00:00
Oracle Containers For Java Traversal
2009-01-21 00:00:00
debian
debian
[SECURITY] [DSA 1593-1] New tomcat5.5 packages cross-site scripting
2008-06-09 19:38:32
[SECURITY] [DSA 1447-1] New tomcat5.5 packages fix several vulnerabilities
2008-01-03 21:54:49
dsquare
dsquare
Apache Tomcat File Disclosure
2012-02-01 00:00:00
exploitpack
exploitpack
Apache Tomcat 6.0.18 - utf8 Directory Traversal (PoC)
2008-08-11 00:00:00
toutvirtual virtualiq pro 3.2 - Multiple Vulnerabilities
2009-11-07 00:00:00
cert
cert
Apache Tomcat UTF8 Directory Traversal Vulnerability
2008-08-19 00:00:00
checkpoint_advisories
checkpoint_advisories
Preemptive Protection against Apache Tomcat allowLinking URIencoding Directory Traversal Vulnerability
2008-08-19 00:00:00
Apache Tomcat URIencoding Directory Traversal (CVE-2007-0450; CVE-2008-2938)
2009-11-01 00:00:00
d2
d2
DSquare Exploit Pack: D2SEC_TOMCAT_UTF8
2008-08-13 00:41:00
exploitdb
exploitdb
Apache Tomcat < 6.0.18 - 'utf8' Directory Traversal (PoC)
2008-08-11 00:00:00
toutvirtual virtualiq pro 3.2 - Multiple Vulnerabilities
2009-11-07 00:00:00
gentoo
gentoo
Tomcat: Multiple vulnerabilities
2008-04-10 00:00:00
ibm
ibm
Security Bulletin: TADDM affected by multiple vulnerabilities due to Apache Tomcat libraries
2023-01-27 10:54:22
JSON
Related for MANDRIVA_MDVSA-2008-188.NASL
openvas42nessus42redhat8centos2oraclelinux2fedora5tomcat5vmware4securityvulns17ubuntucve5cve6osv8prion6github6atlassian2veracode5seebug9f57packetstorm5debian2dsquare1exploitpack2cert1checkpoint_advisories2d21exploitdb2gentoo1ibm1