Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2021 Tenable Network Security, Inc.OPENSUSE-2016-384.NASL
HistoryMar 24, 2016 - 12:00 a.m.

openSUSE Security Update : tomcat (openSUSE-2016-384)

2016-03-2400:00:00
This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.
www.tenable.com
23
JSON

This update for tomcat fixes the following issues :

Tomcat 8 was updated from 8.0.23 to 8.0.32, to fix bugs and security issues.

Fixed security issues :

  • CVE-2015-5174: Directory traversal vulnerability in RequestUtil.java in Apache Tomcat allowed remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /…
    (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory. (bsc#967967)

  • CVE-2015-5346: Session fixation vulnerability in Apache Tomcat when different session settings are used for deployments of multiple versions of the same web application, might have allowed remote attackers to hijack web sessions by leveraging use of a requestedSessionSSL field for an unintended request, related to CoyoteAdapter.java and Request.java.
    (bsc#967814)

  • CVE-2015-5345: The Mapper component in Apache Tomcat processes redirects before considering security constraints and Filters, which allowed remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character. (bsc#967965)

  • CVE-2015-5351: The (1) Manager and (2) Host Manager applications in Apache Tomcat established sessions and send CSRF tokens for arbitrary new requests, which allowed remote attackers to bypass a CSRF protection mechanism by using a token. (bsc#967812)

  • CVE-2016-0706: Apache Tomcat did not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allowed remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application. (bsc#967815)

  • CVE-2016-0714: The session-persistence implementation in Apache Tomcat mishandled session attributes, which allowed remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session. (bsc#967964)

  • CVE-2016-0763: The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat did not consider whether ResourceLinkFactory.setGlobalContext callers are authorized, which allowed remote authenticated users to bypass intended SecurityManager restrictions and read or write to arbitrary application data, or cause a denial of service (application disruption), via a web application that sets a crafted global context.
    (bsc#967966)

The full changes can be read on:
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html

This update was imported from the SUSE:SLE-12-SP1:Update update project.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2016-384.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(90136);
  script_version("2.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2015-5174", "CVE-2015-5345", "CVE-2015-5346", "CVE-2015-5351", "CVE-2016-0706", "CVE-2016-0714", "CVE-2016-0763");

  script_name(english:"openSUSE Security Update : tomcat (openSUSE-2016-384)");
  script_summary(english:"Check for the openSUSE-2016-384 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update for tomcat fixes the following issues :

Tomcat 8 was updated from 8.0.23 to 8.0.32, to fix bugs and security
issues.

Fixed security issues :

  - CVE-2015-5174: Directory traversal vulnerability in
    RequestUtil.java in Apache Tomcat allowed remote
    authenticated users to bypass intended SecurityManager
    restrictions and list a parent directory via a /..
    (slash dot dot) in a pathname used by a web application
    in a getResource, getResourceAsStream, or
    getResourcePaths call, as demonstrated by the
    $CATALINA_BASE/webapps directory. (bsc#967967)

  - CVE-2015-5346: Session fixation vulnerability in Apache
    Tomcat when different session settings are used for
    deployments of multiple versions of the same web
    application, might have allowed remote attackers to
    hijack web sessions by leveraging use of a
    requestedSessionSSL field for an unintended request,
    related to CoyoteAdapter.java and Request.java.
    (bsc#967814)

  - CVE-2015-5345: The Mapper component in Apache Tomcat
    processes redirects before considering security
    constraints and Filters, which allowed remote attackers
    to determine the existence of a directory via a URL that
    lacks a trailing / (slash) character. (bsc#967965)

  - CVE-2015-5351: The (1) Manager and (2) Host Manager
    applications in Apache Tomcat established sessions and
    send CSRF tokens for arbitrary new requests, which
    allowed remote attackers to bypass a CSRF protection
    mechanism by using a token. (bsc#967812)

  - CVE-2016-0706: Apache Tomcat did not place
    org.apache.catalina.manager.StatusManagerServlet on the
    org/apache/catalina/core/RestrictedServlets.properties
    list, which allowed remote authenticated users to bypass
    intended SecurityManager restrictions and read arbitrary
    HTTP requests, and consequently discover session ID
    values, via a crafted web application. (bsc#967815)

  - CVE-2016-0714: The session-persistence implementation in
    Apache Tomcat mishandled session attributes, which
    allowed remote authenticated users to bypass intended
    SecurityManager restrictions and execute arbitrary code
    in a privileged context via a web application that
    places a crafted object in a session. (bsc#967964)

  - CVE-2016-0763: The setGlobalContext method in
    org/apache/naming/factory/ResourceLinkFactory.java in
    Apache Tomcat did not consider whether
    ResourceLinkFactory.setGlobalContext callers are
    authorized, which allowed remote authenticated users to
    bypass intended SecurityManager restrictions and read or
    write to arbitrary application data, or cause a denial
    of service (application disruption), via a web
    application that sets a crafted global context.
    (bsc#967966)

The full changes can be read on:
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html

This update was imported from the SUSE:SLE-12-SP1:Update update
project."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://tomcat.apache.org/tomcat-8.0-doc/changelog.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=967812"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=967814"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=967815"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=967964"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=967965"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=967966"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=967967"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected tomcat packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat-admin-webapps");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat-docs-webapp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat-el-3_0-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat-embed");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat-javadoc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat-jsp-2_3-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat-jsvc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat-lib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat-servlet-3_1-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat-webapps");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.1");

  script_set_attribute(attribute:"patch_publication_date", value:"2016/03/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/24");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE42\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);



flag = 0;

if ( rpm_check(release:"SUSE42.1", reference:"tomcat-8.0.32-5.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"tomcat-admin-webapps-8.0.32-5.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"tomcat-docs-webapp-8.0.32-5.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"tomcat-el-3_0-api-8.0.32-5.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"tomcat-embed-8.0.32-5.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"tomcat-javadoc-8.0.32-5.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"tomcat-jsp-2_3-api-8.0.32-5.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"tomcat-jsvc-8.0.32-5.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"tomcat-lib-8.0.32-5.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"tomcat-servlet-3_1-api-8.0.32-5.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"tomcat-webapps-8.0.32-5.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc");
}
VendorProductVersionCPE
novellopensusetomcatp-cpe:/a:novell:opensuse:tomcat
novellopensusetomcat-admin-webappsp-cpe:/a:novell:opensuse:tomcat-admin-webapps
novellopensusetomcat-docs-webappp-cpe:/a:novell:opensuse:tomcat-docs-webapp
novellopensusetomcat-el-3_0-apip-cpe:/a:novell:opensuse:tomcat-el-3_0-api
novellopensusetomcat-embedp-cpe:/a:novell:opensuse:tomcat-embed
novellopensusetomcat-javadocp-cpe:/a:novell:opensuse:tomcat-javadoc
novellopensusetomcat-jsp-2_3-apip-cpe:/a:novell:opensuse:tomcat-jsp-2_3-api
novellopensusetomcat-jsvcp-cpe:/a:novell:opensuse:tomcat-jsvc
novellopensusetomcat-libp-cpe:/a:novell:opensuse:tomcat-lib
novellopensusetomcat-servlet-3_1-apip-cpe:/a:novell:opensuse:tomcat-servlet-3_1-api
Rows per page:
1-10 of 121

Related

atlassian 3
suse 4
ibm 30
openvas 35
mageia 1
symantec 1
tomcat 8
nessus 42
debian 4
redhat 6
osv 8
ubuntu 1
amazon 5
oraclelinux 3
f5 7
centos 2
freebsd 2
cloudfoundry 1
gentoo 1
prion 6
cve 7
github 7
veracode 3
ubuntucve 5
debiancve 7
atlassian
atlassian
Upgrade Tomcat to the latest 8.0.x release
2016-02-19 00:04:16
Upgrade Tomcat to the latest 8.0.x release
2016-02-19 00:04:16
Upgrade Tomcat to the latest 8.0.x release
2016-02-19 00:04:16
suse
suse
Security update for tomcat (important)
2016-03-18 19:13:35
Security update for tomcat (important)
2016-03-15 15:12:43
Security update for tomcat (important)
2016-03-23 18:09:46
ibm
ibm
Security Bulletin: A vulnerability in Apache Tomcat affects Rational Insight (CVE-2015-5174)
2018-06-17 05:14:27
Security Bulletin: Security vulnerabilities in Apache Tomcat affects multiple IBM Rational products based on IBM's Jazz technology (CVE-2015-5345, CVE-2015-5346, CVE-2015-5351, CVE-2016-0706, CVE-2015-5174, others)
2021-04-28 18:35:50
Security Bulletin: Multiple security vulnerabilities have been identified in Jazz Team Server shipped with Jazz Reporting Service (CVE-2015-5345, CVE-2015-5346, CVE-2015-5351, CVE-2016-0706, CVE-2016-0714, CVE-2016-0763, CVE-2015-5174)
2018-06-17 05:10:46
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2016:0769-1)
2021-04-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2016:0822-1)
2021-04-19 00:00:00
Mageia: Security Advisory (MGASA-2016-0090)
2016-03-03 00:00:00
mageia
mageia
Updated tomcat packages fix security vulnerabilities
2016-03-02 21:28:46
symantec
symantec
SA118 : February 2016 Apache Tomcat Vulnerabilities
2016-03-15 08:00:00
tomcat
tomcat
Fixed in Apache Tomcat 9.0.0.M3
2016-01-05 00:00:00
Fixed in Apache Tomcat 8.0.32
2016-02-08 00:00:00
Fixed in Apache Tomcat 7.0.68
2016-02-16 00:00:00
nessus
nessus
RHEL 6 : JBoss Web Server (RHSA-2016:1087)
2016-05-19 00:00:00
Apache Tomcat < 9.0.0.M3 Multiple Vulnerabilities
2019-01-11 00:00:00
Apache Tomcat 9.0.x < 9.0.0.M3 Multiple Vulnerabilities
2019-05-13 00:00:00
debian
debian
[SECURITY] [DLA 435-1] tomcat6 security update
2016-02-27 19:09:41
[SECURITY] [DSA 3609-1] tomcat8 security update
2016-06-29 19:54:21
[SECURITY] [DSA 3552-1] tomcat7 security update
2016-04-17 18:44:26
redhat
redhat
(RHSA-2016:1088) Moderate: Red Hat JBoss Web Server 3.0.3 update
2016-05-17 16:10:14
(RHSA-2016:1087) Moderate: Red Hat JBoss Web Server 3.0.3 update
2016-05-17 16:09:53
(RHSA-2016:2807) Important: Red Hat JBoss Web Server 2.1.2 security update for Tomcat 7
2016-11-17 20:28:33
osv
osv
tomcat6 - security update
2016-02-27 00:00:00
tomcat7 - security update
2016-04-17 00:00:00
Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat
2022-05-14 01:10:16
ubuntu
ubuntu
Tomcat vulnerabilities
2016-07-05 00:00:00
amazon
amazon
Medium: tomcat8
2016-03-29 15:30:00
Medium: tomcat7
2016-03-29 15:30:00
Medium: tomcat6
2016-03-29 15:30:00
oraclelinux
oraclelinux
tomcat security, bug fix, and enhancement update
2016-11-09 00:00:00
tomcat6 security and bug fix update
2016-10-10 00:00:00
tomcat security, bug fix, and enhancement update
2017-08-07 00:00:00
f5
f5
SOL30971148 - Apache Tomcat 6.x vulnerabilities CVE-2015-5174, CVE-2015-5345, CVE-2016-0706, and CVE-2016-0714
2016-03-22 00:00:00
SOL51025324 - Apache Tomcat 7.x vulnerabilities CVE-2015-5346, CVE-2015-5351, and CVE-2016-0763
2016-03-22 00:00:00
K51025324 : Apache Tomcat 7.x vulnerabilities CVE-2015-5346, CVE-2015-5351, and CVE-2016-0763
2016-03-22 00:00:00
centos
centos
tomcat security update
2016-11-25 15:49:52
tomcat6 security update
2016-10-11 18:36:02
freebsd
freebsd
tomcat -- multiple vulnerabilities
2016-02-22 00:00:00
tomcat -- multiple vulnerabilities
2016-02-22 00:00:00
cloudfoundry
cloudfoundry
USN-3024-1: tomcat6, tomcat7 vulnerabilities | Cloud Foundry
2017-01-19 00:00:00
gentoo
gentoo
Apache Tomcat: Multiple vulnerabilities
2017-05-18 00:00:00
prion
prion
Session fixation
2016-02-25 01:59:00
Cross site request forgery (csrf)
2016-02-25 01:59:00
Directory traversal
2016-02-25 01:59:00
cve
cve
CVE-2015-5346
2016-02-25 01:59:00
CVE-2015-5174
2016-02-25 01:59:00
CVE-2016-0763
2016-02-25 01:59:00
github
github
Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat
2022-05-14 01:10:16
Improper Neutralization of Input During Web Page Generation in Apache Tomcat
2022-05-14 03:13:01
Apache Tomcat allows remote attackers to bypass a CSRF protection mechanism by using a token
2022-05-14 03:13:01
veracode
veracode
Information Disclosure
2019-01-15 09:14:42
Directory Traversal
2019-01-15 09:09:27
Directory Information Disclosure
2019-01-15 09:11:49
ubuntucve
ubuntucve
CVE-2015-5346
2016-02-24 00:00:00
CVE-2015-5174
2016-02-24 00:00:00
CVE-2015-5351
2016-02-24 00:00:00
debiancve
debiancve
CVE-2015-5346
2016-02-25 01:59:00
CVE-2015-5351
2016-02-25 01:59:00
CVE-2015-5174
2016-02-25 01:59:00
JSON
Related for OPENSUSE-2016-384.NASL
atlassian3suse4ibm30openvas35mageia1symantec1tomcat8nessus42debian4redhat6osv8ubuntu1amazon5oraclelinux3f57centos2freebsd2cloudfoundry1gentoo1prion6cve7github7veracode3ubuntucve5debiancve7