Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2021 Tenable Network Security, Inc.OPENSUSE-2012-129.NASL
HistoryJun 13, 2014 - 12:00 a.m.

openSUSE Security Update : tomcat6 (openSUSE-2012-129)

2014-06-1300:00:00
This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.
www.tenable.com
20
JSON

Tomcat was vulnerable to a hash collision attack which allowed remote attackers to mount DoS attacks.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2012-129.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(74554);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2011-3375", "CVE-2011-4858");

  script_name(english:"openSUSE Security Update : tomcat6 (openSUSE-2012-129)");
  script_summary(english:"Check for the openSUSE-2012-129 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Tomcat was vulnerable to a hash collision attack which allowed remote
attackers to mount DoS attacks."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=712784"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=727543"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=742477"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=743055"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected tomcat6 packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtcnative-1-0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtcnative-1-0-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtcnative-1-0-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtcnative-1-0-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat6-admin-webapps");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat6-docs-webapp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat6-el-1_0-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat6-javadoc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat6-jsp-2_1-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat6-lib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat6-servlet-2_5-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat6-webapps");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.1");

  script_set_attribute(attribute:"patch_publication_date", value:"2012/02/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE12\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE12.1", reference:"libtcnative-1-0-1.3.3-3.4.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"libtcnative-1-0-debuginfo-1.3.3-3.4.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"libtcnative-1-0-debugsource-1.3.3-3.4.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"libtcnative-1-0-devel-1.3.3-3.4.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"tomcat6-6.0.33-3.4.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"tomcat6-admin-webapps-6.0.33-3.4.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"tomcat6-docs-webapp-6.0.33-3.4.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"tomcat6-el-1_0-api-6.0.33-3.4.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"tomcat6-javadoc-6.0.33-3.4.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"tomcat6-jsp-2_1-api-6.0.33-3.4.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"tomcat6-lib-6.0.33-3.4.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"tomcat6-servlet-2_5-api-6.0.33-3.4.2") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"tomcat6-webapps-6.0.33-3.4.2") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libtcnative-1-0 / libtcnative-1-0-debuginfo / etc");
}
VendorProductVersionCPE
novellopensuselibtcnative-1-0p-cpe:/a:novell:opensuse:libtcnative-1-0
novellopensuselibtcnative-1-0-debuginfop-cpe:/a:novell:opensuse:libtcnative-1-0-debuginfo
novellopensuselibtcnative-1-0-debugsourcep-cpe:/a:novell:opensuse:libtcnative-1-0-debugsource
novellopensuselibtcnative-1-0-develp-cpe:/a:novell:opensuse:libtcnative-1-0-devel
novellopensusetomcat6p-cpe:/a:novell:opensuse:tomcat6
novellopensusetomcat6-admin-webappsp-cpe:/a:novell:opensuse:tomcat6-admin-webapps
novellopensusetomcat6-docs-webappp-cpe:/a:novell:opensuse:tomcat6-docs-webapp
novellopensusetomcat6-el-1_0-apip-cpe:/a:novell:opensuse:tomcat6-el-1_0-api
novellopensusetomcat6-javadocp-cpe:/a:novell:opensuse:tomcat6-javadoc
novellopensusetomcat6-jsp-2_1-apip-cpe:/a:novell:opensuse:tomcat6-jsp-2_1-api
Rows per page:
1-10 of 141

Related

openvas 28
nessus 31
ubuntu 1
osv 4
debiancve 3
checkpoint_advisories 1
prion 3
github 3
cve 4
seebug 3
ubuntucve 3
securityvulns 6
centos 2
redhat 10
cvelist 1
oraclelinux 2
tomcat 2
ibm 7
debian 1
exploitpack 1
exploitdb 1
vmware 2
gentoo 1
openvas
openvas
Ubuntu Update for tomcat6 USN-1359-1
2012-02-21 00:00:00
Ubuntu: Security Advisory (USN-1359-1)
2012-02-21 00:00:00
SUSE: Security Advisory (SUSE-SU-2012:0144-1)
2021-06-09 00:00:00
nessus
nessus
Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : tomcat6 vulnerabilities (USN-1359-1)
2012-02-14 00:00:00
Apache Tomcat 6.0.x < 6.0.35 Multiple Vulnerabilities
2012-02-22 00:00:00
Apache Tomcat 6.x < 6.0.35 Multiple Vulnerabilities
2011-12-12 00:00:00
ubuntu
ubuntu
Tomcat vulnerabilities
2012-02-13 00:00:00
osv
osv
Improper Input Validation in Apache Tomcat
2022-05-14 03:52:45
Apache Tomcat Exposes IP Addresses and HTTP Headers of Requests
2022-05-17 05:33:28
Denial of Service in Apache Tomcat
2022-05-04 00:27:43
debiancve
debiancve
CVE-2011-4858
2012-01-05 19:55:00
CVE-2011-3375
2012-01-19 04:01:00
CVE-2012-0022
2012-01-19 04:01:00
checkpoint_advisories
checkpoint_advisories
Apache Tomcat Parameter Hash Collision Denial of Service - Ver2 (CVE-2011-4858)
2014-04-16 00:00:00
prion
prion
Code injection
2012-01-05 19:55:00
Design/Logic Flaw
2012-01-19 04:01:00
Design/Logic Flaw
2012-01-19 04:01:00
github
github
Improper Input Validation in Apache Tomcat
2022-05-14 03:52:45
Apache Tomcat Exposes IP Addresses and HTTP Headers of Requests
2022-05-17 05:33:28
Denial of Service in Apache Tomcat
2022-05-04 00:27:43
cve
cve
CVE-2011-4858
2012-01-05 19:55:00
CVE-2011-3375
2012-01-19 04:01:00
CVE-2012-0022
2012-01-19 04:01:00
seebug
seebug
Apache Tomcat Request Information Disclosure
2012-01-18 00:00:00
Apache Tomcat่ฏทๆฑ‚ๅฏน่ฑกๅฎ‰ๅ…จ้™ๅˆถ็ป•่ฟ‡ๆผๆดž
2012-02-04 00:00:00
PHP Hash Table Collision Proof Of Concept
2014-07-01 00:00:00
ubuntucve
ubuntucve
CVE-2011-3375
2012-01-18 00:00:00
CVE-2012-0022
2012-01-18 00:00:00
CVE-2011-4858
2012-01-05 00:00:00
securityvulns
securityvulns
[SECURITY] CVE-2011-3375 Apache Tomcat Information disclosure
2012-01-20 00:00:00
Apache Tomcat security vulnerabilities
2012-01-20 00:00:00
[security bulletin] HPSBMU02894 rev.1 - HP Network Node Manager I &#40;NNMi&#41; for HP-UX, Linux, Solaris, and Windows, Remote Denial of Service &#40;DoS&#41;, Unauthorized Access, Execution of Arbitrary Code
2013-07-29 00:00:00
centos
centos
tomcat6 security update
2012-04-11 20:13:41
tomcat5 security update
2012-04-11 19:16:37
redhat
redhat
(RHSA-2012:0474) Moderate: tomcat5 security update
2012-04-11 00:00:00
(RHSA-2012:0475) Moderate: tomcat6 security update
2012-04-11 00:00:00
(RHSA-2012:0681) Moderate: tomcat6 security and bug fix update
2012-05-21 16:31:40
cvelist
cvelist
CVE-2012-0022
2012-01-19 02:00:00
oraclelinux
oraclelinux
tomcat6 security update
2012-04-11 00:00:00
tomcat5 security update
2012-04-11 00:00:00
tomcat
tomcat
Fixed in Apache Tomcat 7.0.22
2011-10-01 00:00:00
Fixed in Apache Tomcat 6.0.35
2011-12-05 00:00:00
ibm
ibm
Security Bulletin: Tivoli Workload Dynamic Console Vulnerability exposure in Tivoli Integrated Portal component
2022-09-26 03:29:56
Security Bulletin: Tivoli Key Lifecycle Manager can be affected by multiple vulnerabilities in Tivoli Integrated Portal (CVE-2013-0464, CVE-2012-3325, CVE-2011-4858)
2022-09-25 21:06:56
Security Bulletin: Tivoli Storage Productivity Center, multiple security vulnerabilities in IBM Tivoli Integrated Portal (CVE-2013-0464, CVE-2012-3325, CVE-2011-4858)
2022-09-26 22:21:32
debian
debian
[SECURITY] [DSA 2401-1] tomcat6 security update
2012-02-02 19:48:08
exploitpack
exploitpack
PHP Hash Table Collision - Denial of Service (PoC)
2012-01-03 00:00:00
exploitdb
exploitdb
PHP Hash Table Collision - Denial of Service (PoC)
2012-01-03 00:00:00
vmware
vmware
VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, Workstation, Player, ESXi and ESX address several security issues
2012-03-15 00:00:00
VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, ESXi and ESX address several security issues
2012-03-15 00:00:00
gentoo
gentoo
Apache Tomcat: Multiple vulnerabilities
2012-06-24 00:00:00
JSON
Related for OPENSUSE-2012-129.NASL
openvas28nessus31ubuntu1osv4debiancve3checkpoint_advisories1prion3github3cve4seebug3ubuntucve3securityvulns6centos2redhat10cvelist1oraclelinux2tomcat2ibm7debian1exploitpack1exploitdb1vmware2gentoo1