MiracleLinux 3 : tomcat5-5.5.23-0jpp.38.0.1.AXS3 (AXSA:2013-370:01)

🗓️ 16 Jan 2026 00:00:00Reported by TenableType

MiracleLinux 3 Tomcat update fixes CVE-2012-3546, CVE-2012-5885, CVE-2012-5886.

Reporter	Title	Published	Views	Family All 464
IBM Security Bulletins	Security Bulletin: IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities	16 Jun 202221:33	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Rational Collaborative Lifecycle Management 4.0.1 (CVE-2012-5885, CVE-2012-5886, CVE-2012-5887)	28 Apr 202118:35	–	ibm
IBM Security Bulletins	Security Bulletin: SONAS Update Includes Fixes for Multiple Vendor Security Vulnerabilities	26 Sep 202204:23	–	ibm
IBM Security Bulletins	Security Bulletin: Apache Log4j Vulnerabilities Affect IBM Sterling B2B Integrator	6 Oct 202114:56	–	ibm
IBM Security Bulletins	Security Bulletin: Storwize V7000 Unified V1.3.2.3 and V1.4.0.0 Include Fixes for Multiple Vendor Security Vulnerabilities	26 Sep 202204:23	–	ibm
Tenable Nessus	Apache Tomcat 7.0.x < 7.0.30 DIGEST Authentication Multiple Security Weaknesses	26 Nov 201200:00	–	nessus
Tenable Nessus	Apache Tomcat 6.0.x < 6.0.36 Multiple Vulnerabilities	26 Nov 201200:00	–	nessus
Tenable Nessus	Apache Tomcat 7.0.x < 7.0.12 Multiple Vulnerabilities	7 Apr 201100:00	–	nessus
Tenable Nessus	Amazon Linux AMI : tomcat6 (ALAS-2011-25)	4 Sep 201300:00	–	nessus
Tenable Nessus	CentOS 6 : tomcat6 (CESA-2011:1780)	23 Dec 201100:00	–	nessus

Source	Link
tsn	www.tsn.miraclelinux.com/en/node/4018
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Miracle Linux Security Advisory AXSA:2013-370:01.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(290018);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/16");

  script_cve_id(
    "CVE-2012-3546",
    "CVE-2012-5885",
    "CVE-2012-5886",
    "CVE-2012-5887"
  );

  script_name(english:"MiracleLinux 3 : tomcat5-5.5.23-0jpp.38.0.1.AXS3 (AXSA:2013-370:01)");

  script_set_attribute(attribute:"synopsis", value:
"The remote MiracleLinux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the
AXSA:2013-370:01 advisory.

    Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet
    and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by
    Sun under the Java Community Process.
    Tomcat is developed in an open and participatory environment and released under the Apache Software
    License. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world.
    We invite you to participate in this open development project. To learn more about getting involved, click
    here.
    Security issues fixed with this release:
    CVE-2012-3546
    org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when
    FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a
    previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
    CVE-2012-5885
    The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache
    Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce)
    values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for
    remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a
    different vulnerability than CVE-2011-1184.
    CVE-2012-5886
    The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before
    6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state,
    which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
    CVE-2012-5887
    The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before
    6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with
    enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access
    restrictions by sniffing the network for valid requests.
    Fixed bugs:
     The RELINK script is now called only if required bu the user: this solves some potential data loss
    windows when a problem occured duting Tomcat start if the RELINK script was running.
     Previously, the tomcat server would remove the single- or double-quotes from cookie names but the then
    the cookie values would be empty when passed to a servlet. This has been fixed.
     The OPTION request did not return the TRACE method as an allowed method and incorrectly reported TRACE as
    an allowed method. This has been fixed.
     Previously, Tomcat crashed with a NullPointerException if the context.xml file did not specify the
    docBase property. This situation is now handled and the path name to the context is used as
    docBase.Reminder: when deploying a context, the docBase attribute is mandatory.
     On IBM S/390 and 64-bit PowerPC systems, the Tomcat Administration Tool crashed and accessing failed with
    HTTP 404 because the JSP pre-compilation was disabled. JSP is now pre-compiled to prevent compilation at
    runtime and the Tomcat Administration Tool is accessible.
     tomcat reported a NullPointerException when a context was deployed with a web application and the
    etc/localhost/[webapp].xml file existed; this has been fixed.
     Added the missing tomcat-juli.jar library in Tomcat which prevented java.util.logging from working.
     The /etc/init.d/tomcat5 script returned an incorrect exit status when stopped. This has been fixed.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://tsn.miraclelinux.com/en/node/4018");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-5887");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"vendor_severity", value:"High");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/11/06");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/04/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:tomcat5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:tomcat5-admin-webapps");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:tomcat5-common-lib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:tomcat5-jasper");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:tomcat5-jasper-javadoc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:tomcat5-jsp-2.0-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:tomcat5-jsp-2.0-api-javadoc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:tomcat5-server-lib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:tomcat5-servlet-2.4-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:tomcat5-servlet-2.4-api-javadoc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:tomcat5-webapps");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:miracle:linux:3");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Miracle Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/MiracleLinux/release", "Host/MiracleLinux/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'MIRACLE LINUX' >!< os_product) audit(AUDIT_OS_NOT, 'MIRACLE LINUX');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'MIRACLE LINUX');
if (! preg(pattern:"^3([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'MiracleLinux 3.x', 'MIRACLE LINUX ' + os_version);

if (!get_kb_item('Host/MiracleLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'ppc' >!< cpu && 's390' >!< cpu && 'x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'MIRACLE LINUX', cpu);

var constraints = [
  {
    'release': '3',
    'pkgs': [
      {'reference':'tomcat5-5.5.23-0jpp.38.0.1.AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'tomcat5-admin-webapps-5.5.23-0jpp.38.0.1.AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'tomcat5-common-lib-5.5.23-0jpp.38.0.1.AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'tomcat5-jasper-5.5.23-0jpp.38.0.1.AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'tomcat5-jasper-javadoc-5.5.23-0jpp.38.0.1.AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'tomcat5-jsp-2.0-api-5.5.23-0jpp.38.0.1.AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.38.0.1.AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'tomcat5-server-lib-5.5.23-0jpp.38.0.1.AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'tomcat5-servlet-2.4-api-5.5.23-0jpp.38.0.1.AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.38.0.1.AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'tomcat5-webapps-5.5.23-0jpp.38.0.1.AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}
if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'tomcat5 / tomcat5-admin-webapps / tomcat5-common-lib / etc');
}

16 Jan 2026 00:00Current

6.3Medium risk

Vulners AI Score6.3

CVSS 25

EPSS0.02237