MiracleLinux 4 : tomcat6-6.0.24-52.AXS4 (AXSA:2013-279:02)

🗓️ 16 Jan 2026 00:00:00Reported by TenableType

MiracleLinux 4 Tomcat6 6.0.24-52.AXS4 is affected by multiple vulnerabilities per advisory.

Reporter	Title	Published	Views	Family All 489
FreeBSD	tomcat -- denial of service	4 Dec 201200:00	–	freebsd
FreeBSD	tomcat -- bypass of security constraints	4 Dec 201200:00	–	freebsd
IBM Security Bulletins	Security Bulletin: IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities	16 Jun 202221:33	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Rational Collaborative Lifecycle Management 4.0.1 (CVE-2012-5885, CVE-2012-5886, CVE-2012-5887)	28 Apr 202118:35	–	ibm
IBM Security Bulletins	Security Bulletin: SONAS Update Includes Fixes for Multiple Vendor Security Vulnerabilities	26 Sep 202204:23	–	ibm
IBM Security Bulletins	Security Bulletin: Apache Log4j Vulnerabilities Affect IBM Sterling B2B Integrator	6 Oct 202114:56	–	ibm
IBM Security Bulletins	Security Bulletin: Storwize V7000 Unified V1.3.2.3 and V1.4.0.0 Include Fixes for Multiple Vendor Security Vulnerabilities	26 Sep 202204:23	–	ibm
Tenable Nessus	Apache Tomcat 7.0.x < 7.0.30 DIGEST Authentication Multiple Security Weaknesses	26 Nov 201200:00	–	nessus
Tenable Nessus	Apache Tomcat 6.0.x < 6.0.36 Multiple Vulnerabilities	26 Nov 201200:00	–	nessus
Tenable Nessus	Apache Tomcat 7.0.x < 7.0.28 Header Parsing Remote Denial of Service	26 Nov 201200:00	–	nessus

Source	Link
tsn	www.tsn.miraclelinux.com/en/node/3912
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Miracle Linux Security Advisory AXSA:2013-279:02.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(289779);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/02/09");

  script_cve_id(
    "CVE-2012-3546",
    "CVE-2012-4534",
    "CVE-2012-5885",
    "CVE-2012-5886",
    "CVE-2012-5887"
  );

  script_name(english:"MiracleLinux 4 : tomcat6-6.0.24-52.AXS4 (AXSA:2013-279:02)");

  script_set_attribute(attribute:"synopsis", value:
"The remote MiracleLinux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the
AXSA:2013-279:02 advisory.

    Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet
    and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by
    Sun under the Java Community Process.
    Tomcat is developed in an open and participatory environment and released under the Apache Software
    License version 2.0. Tomcat is intended to be a collaboration of the best-of-breed developers from around
    the world.
    Security issues fixed with this release:
     CVE-2012-3546
    org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when
    FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a
    previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
     CVE-2012-4534
    org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when
    the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a
    denial of service (infinite loop) by terminating the connection during the reading of a response.
     CVE-2012-5885
    The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache
    Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce)
    values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for
    remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a
    different vulnerability than CVE-2011-1184.
     CVE-2012-5886
    The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before
    6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state,
    which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
     CVE-2012-5887
    The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before
    6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with
    enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access
    restrictions by sniffing the network for valid requests.
    Fixed bugs:
     Due to a mistake in the spec file, Apache Tomcat initscripts were located in the /etc/init.d directory.
    They should be located in the /etc/rc.d/init.d directory. This has been fixed by updatign the spec file.
     When a web application used its own class loader, the Tomcat WebappClassLoader could end up in a deadlock
    when compiling JSPs because of a synchronization bug. This has been fixed.
     When changing the TOMCAT_USER in the /etc/tomcat6/tomcat6.conf file to a user whose UID differed from the
    user GID, the status returned an incorrect tomcat6 status. This has been fixed.
     Tomcat returned a message that the resource was not available when trying to import a non-existing page
    with JavaScript fragments in the URL parameters. Tomcat now supports HTML filtering and instead reports
    that the resource is missing.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://tsn.miraclelinux.com/en/node/3912");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-5887");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"vendor_severity", value:"High");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/11/06");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/03/29");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:tomcat6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:tomcat6-el-2.1-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:tomcat6-jsp-2.1-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:tomcat6-lib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:tomcat6-servlet-2.5-api");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:miracle:linux:4");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Miracle Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/MiracleLinux/release", "Host/MiracleLinux/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'MIRACLE LINUX' >!< os_product) audit(AUDIT_OS_NOT, 'MIRACLE LINUX');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'MIRACLE LINUX');
if (! preg(pattern:"^4([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'MiracleLinux 4.x', 'MIRACLE LINUX ' + os_version);

if (!get_kb_item('Host/MiracleLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'ppc' >!< cpu && 's390' >!< cpu && 'x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'MIRACLE LINUX', cpu);

var constraints = [
  {
    'release': '4',
    'pkgs': [
      {'reference':'tomcat6-6.0.24-52.AXS4', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'tomcat6-el-2.1-api-6.0.24-52.AXS4', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'tomcat6-jsp-2.1-api-6.0.24-52.AXS4', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'tomcat6-lib-6.0.24-52.AXS4', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'tomcat6-servlet-2.5-api-6.0.24-52.AXS4', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}
if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'tomcat6 / tomcat6-el-2.1-api / tomcat6-jsp-2.1-api / tomcat6-lib / etc');
}

09 Feb 2026 00:00Current

6.2Medium risk

Vulners AI Score6.2

CVSS 25

EPSS0.2277