| Reporter | Title | Published | Views | Family All 1411 |
|---|---|---|---|---|
| SUSE-SU-2025:02013-1 Security update for pam | 18 Jun 202518:05 | – | osv | |
| SUSE-SU-2025:02159-1 Security update for apache-commons-fileupload | 27 Jun 202514:56 | – | osv | |
| SUSE-SU-2025:02184-1 Security update for jakarta-commons-fileupload | 1 Jul 202508:14 | – | osv | |
| SUSE-SU-2025:02214-1 Security update for tomcat | 3 Jul 202508:04 | – | osv | |
| SUSE-SU-2025:02261-1 Security update for tomcat10 | 9 Jul 202517:40 | – | osv | |
| SUSE-SU-2025:02280-1 Security update for tomcat | 10 Jul 202516:04 | – | osv | |
| SUSE-SU-2025:02745-1 Security update for tomcat | 11 Aug 202506:20 | – | osv | |
| SUSE-SU-2025:02978-1 Security update for tomcat10 | 25 Aug 202513:45 | – | osv | |
| SUSE-SU-2025:02979-1 Security update for tomcat11 | 25 Aug 202513:46 | – | osv | |
| SUSE-SU-2025:03024-1 Security update for tomcat | 29 Aug 202512:40 | – | osv |
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(278724);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/04/02");
script_cve_id(
"CVE-2025-6020",
"CVE-2025-8941",
"CVE-2025-31650",
"CVE-2025-31651",
"CVE-2025-48976",
"CVE-2025-48988",
"CVE-2025-49124",
"CVE-2025-49125",
"CVE-2025-52434",
"CVE-2025-52520",
"CVE-2025-53506"
);
script_name(english:"Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-7.0.1.10)");
script_set_attribute(attribute:"synopsis", value:
"The Nutanix AOS host is affected by multiple vulnerabilities .");
script_set_attribute(attribute:"description", value:
"The version of AOS installed on the remote host is prior to 7.0.1.10. It is, therefore, affected by multiple
vulnerabilities as referenced in the NXSA-AOS-7.0.1.10 advisory.
- Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset
of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some
rewrite rules. If those rewrite rules effectively enforced security constraints, those constraints could
be bypassed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.5, from 10.1.0-M1 through
10.1.39, from 9.0.0.M1 through 9.0.102. The following versions were EOL at the time the CVE was created
but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. Users
are recommended to upgrade to version [FIXED_VERSION], which fixes the issue. (CVE-2025-31651)
- Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in
Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from
2.0.0-M1 before 2.0.0-M4. Users are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fix the
issue. (CVE-2025-48976)
- Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects
Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through
9.0.105. The following versions were EOL at the time the CVE was created but are known to be affected:
8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to
version 11.0.8, 10.1.42 or 9.0.106, which fix the issue. (CVE-2025-48988)
- Untrusted Search Path vulnerability in Apache Tomcat installer for Windows. During installation, the
Tomcat installer for Windows used icacls.exe without specifying a full path. This issue affects Apache
Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0 through 10.1.41, from 9.0.23 through 9.0.105. The
following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through
8.5.100 and 7.0.95 through 7.0.109. Other EOL versions may also be affected. Users are recommended to
upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue. (CVE-2025-49124)
- Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat. When using
PreResources or PostResources mounted other than at the root of the web application, it was possible to
access those resources via an unexpected path. That path was likely not to be protected by the same
security constraints as the expected path, allowing those security constraints to be bypassed. This issue
affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1
through 9.0.105. The following versions were EOL at the time the CVE was created but are known to be
affected: 8.5.0 through 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to
upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue. (CVE-2025-49125)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
# https://portal.nutanix.com/page/documents/security-advisories/release-advisories/details?id=NXSA-AOS-7.0.1.10
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?77beae81");
script_set_attribute(attribute:"solution", value:
"Update the Nutanix AOS software to the recommended version. Before upgrading: if this cluster is registered with Prism
Central, ensure that Prism Central has been upgraded first to a compatible version. Refer to the Software Product
Interoperability page on the Nutanix portal.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H");
script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:P");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-31651");
script_set_attribute(attribute:"cvss4_score_source", value:"CVE-2025-52434");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2025/04/08");
script_set_attribute(attribute:"patch_publication_date", value:"2025/12/15");
script_set_attribute(attribute:"plugin_publication_date", value:"2025/12/15");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:nutanix:aos");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2025-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("nutanix_collect.nasl");
script_require_keys("Host/Nutanix/Data/lts", "Host/Nutanix/Data/Service", "Host/Nutanix/Data/Version", "Host/Nutanix/Data/arch");
exit(0);
}
include('vcf.inc');
include('vcf_extras.inc');
var app_info = vcf::nutanix::get_app_info();
var constraints = [
{ 'fixed_version' : '7.0.1.10', 'equal' : '6.7', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.10 or higher.' },
{ 'fixed_version' : '7.0.1.10', 'equal' : '6.7.0.5', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.10 or higher.' },
{ 'fixed_version' : '7.0.1.10', 'equal' : '6.7.0.6', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.10 or higher.' },
{ 'fixed_version' : '7.0.1.10', 'equal' : '6.7.1', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.10 or higher.' },
{ 'fixed_version' : '7.0.1.10', 'equal' : '6.7.1.5', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.10 or higher.' },
{ 'fixed_version' : '7.0.1.10', 'equal' : '6.7.1.6', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.10 or higher.' },
{ 'fixed_version' : '7.0.1.10', 'equal' : '6.7.1.7', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.10 or higher.' },
{ 'fixed_version' : '7.0.1.10', 'equal' : '6.7.1.8', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.10 or higher.' },
{ 'fixed_version' : '7.0.1.10', 'equal' : '6.8', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.10 or higher.' },
{ 'fixed_version' : '7.0.1.10', 'equal' : '6.8.0.1', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.10 or higher.' },
{ 'fixed_version' : '7.0.1.10', 'equal' : '6.8.0.5', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.10 or higher.' },
{ 'fixed_version' : '7.0.1.10', 'equal' : '6.8.1', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.10 or higher.' },
{ 'fixed_version' : '7.0.1.10', 'equal' : '6.8.1.5', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.10 or higher.' },
{ 'fixed_version' : '7.0.1.10', 'equal' : '6.8.1.6', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.10 or higher.' },
{ 'fixed_version' : '7.0.1.10', 'equal' : '6.8.1.7', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.10 or higher.' },
{ 'fixed_version' : '7.0.1.10', 'equal' : '6.8.1.8', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.10 or higher.' },
{ 'fixed_version' : '7.0.1.10', 'equal' : '6.8.1.9', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.10 or higher.' },
{ 'fixed_version' : '7.0.1.10', 'equal' : '6.10', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.10 or higher.' },
{ 'fixed_version' : '7.0.1.10', 'equal' : '6.10.0.5', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.10 or higher.' },
{ 'fixed_version' : '7.0.1.10', 'equal' : '6.10.1', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.10 or higher.' },
{ 'fixed_version' : '7.0.1.10', 'equal' : '6.10.1.5', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.10 or higher.' },
{ 'fixed_version' : '7.0.1.10', 'equal' : '6.10.1.6', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.10 or higher.' },
{ 'fixed_version' : '7.0.1.10', 'equal' : '6.10.1.7', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.10 or higher.' },
{ 'fixed_version' : '7.0.1.10', 'equal' : '6.10.1.8', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.10 or higher.' },
{ 'fixed_version' : '7.0.1.10', 'equal' : '6.10.1.9', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.10 or higher.' },
{ 'fixed_version' : '7.0.1.10', 'equal' : '6.10.1.10', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.10 or higher.' },
{ 'fixed_version' : '7.0.1.10', 'equal' : '6.10.1.11', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.10 or higher.' },
{ 'fixed_version' : '7.0.1.10', 'equal' : '7.0', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.10 or higher.' },
{ 'fixed_version' : '7.0.1.10', 'equal' : '7.0.0.5', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.10 or higher.' },
{ 'fixed_version' : '7.0.1.10', 'equal' : '7.0.1', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.10 or higher.' },
{ 'fixed_version' : '7.0.1.10', 'equal' : '7.0.1.5', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.10 or higher.' },
{ 'fixed_version' : '7.0.1.10', 'equal' : '7.0.1.6', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.10 or higher.' },
{ 'fixed_version' : '7.0.1.10', 'equal' : '7.0.1.7', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.10 or higher.' },
{ 'fixed_version' : '7.0.1.10', 'equal' : '7.0.1.8', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.10 or higher.' },
{ 'fixed_version' : '7.0.1.10', 'equal' : '7.0.1.9', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.10 or higher.' },
{ 'fixed_version' : '7.0.1.10', 'equal' : '6.7', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.10 or higher.' },
{ 'fixed_version' : '7.0.1.10', 'equal' : '6.7.0.5', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.10 or higher.' },
{ 'fixed_version' : '7.0.1.10', 'equal' : '6.7.0.6', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.10 or higher.' },
{ 'fixed_version' : '7.0.1.10', 'equal' : '6.7.1', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.10 or higher.' },
{ 'fixed_version' : '7.0.1.10', 'equal' : '6.7.1.5', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.10 or higher.' },
{ 'fixed_version' : '7.0.1.10', 'equal' : '6.7.1.6', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.10 or higher.' },
{ 'fixed_version' : '7.0.1.10', 'equal' : '6.7.1.7', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.10 or higher.' },
{ 'fixed_version' : '7.0.1.10', 'equal' : '6.7.1.8', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.10 or higher.' },
{ 'fixed_version' : '7.0.1.10', 'equal' : '6.8', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.10 or higher.' },
{ 'fixed_version' : '7.0.1.10', 'equal' : '6.8.0.1', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.10 or higher.' },
{ 'fixed_version' : '7.0.1.10', 'equal' : '6.8.0.5', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.10 or higher.' },
{ 'fixed_version' : '7.0.1.10', 'equal' : '6.8.1', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.10 or higher.' },
{ 'fixed_version' : '7.0.1.10', 'equal' : '6.8.1.5', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.10 or higher.' },
{ 'fixed_version' : '7.0.1.10', 'equal' : '6.8.1.6', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.10 or higher.' },
{ 'fixed_version' : '7.0.1.10', 'equal' : '6.8.1.7', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.10 or higher.' },
{ 'fixed_version' : '7.0.1.10', 'equal' : '6.8.1.8', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.10 or higher.' },
{ 'fixed_version' : '7.0.1.10', 'equal' : '6.8.1.9', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.10 or higher.' },
{ 'fixed_version' : '7.0.1.10', 'equal' : '6.10', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.10 or higher.' },
{ 'fixed_version' : '7.0.1.10', 'equal' : '6.10.0.5', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.10 or higher.' },
{ 'fixed_version' : '7.0.1.10', 'equal' : '6.10.1', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.10 or higher.' },
{ 'fixed_version' : '7.0.1.10', 'equal' : '6.10.1.5', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.10 or higher.' },
{ 'fixed_version' : '7.0.1.10', 'equal' : '6.10.1.6', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.10 or higher.' },
{ 'fixed_version' : '7.0.1.10', 'equal' : '6.10.1.7', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.10 or higher.' },
{ 'fixed_version' : '7.0.1.10', 'equal' : '6.10.1.8', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.10 or higher.' },
{ 'fixed_version' : '7.0.1.10', 'equal' : '6.10.1.9', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.10 or higher.' },
{ 'fixed_version' : '7.0.1.10', 'equal' : '6.10.1.10', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.10 or higher.' },
{ 'fixed_version' : '7.0.1.10', 'equal' : '6.10.1.11', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.10 or higher.' },
{ 'fixed_version' : '7.0.1.10', 'equal' : '7.0', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.10 or higher.' },
{ 'fixed_version' : '7.0.1.10', 'equal' : '7.0.0.5', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.10 or higher.' },
{ 'fixed_version' : '7.0.1.10', 'equal' : '7.0.1', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.10 or higher.' },
{ 'fixed_version' : '7.0.1.10', 'equal' : '7.0.1.5', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.10 or higher.' },
{ 'fixed_version' : '7.0.1.10', 'equal' : '7.0.1.6', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.10 or higher.' },
{ 'fixed_version' : '7.0.1.10', 'equal' : '7.0.1.7', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.10 or higher.' },
{ 'fixed_version' : '7.0.1.10', 'equal' : '7.0.1.8', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.10 or higher.' },
{ 'fixed_version' : '7.0.1.10', 'equal' : '7.0.1.9', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 7.0.1.10 or higher.' }
];
vcf::nutanix::check_version_and_report(
app_info:app_info,
constraints:constraints,
severity:SECURITY_HOLE
);
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation