Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2010-0580.NASL
HistoryAug 03, 2010 - 12:00 a.m.

RHEL 5 : tomcat5 (RHSA-2010:0580)

2010-08-0300:00:00
This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
26
JSON

Updated tomcat5 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.

A flaw was found in the way Tomcat handled the Transfer-Encoding header in HTTP requests. A specially crafted HTTP request could prevent Tomcat from sending replies, or cause Tomcat to return truncated replies, or replies containing data related to the requests of other users, for all subsequent HTTP requests. (CVE-2010-2227)

The Tomcat security update RHSA-2009:1164 did not, unlike the erratum text stated, provide a fix for CVE-2009-0781, a cross-site scripting (XSS) flaw in the examples calendar application. With some web browsers, remote attackers could use this flaw to inject arbitrary web script or HTML via the ‘time’ parameter. (CVE-2009-2696)

Two directory traversal flaws were found in the Tomcat deployment process. A specially crafted WAR file could, when deployed, cause a file to be created outside of the web root into any directory writable by the Tomcat user, or could lead to the deletion of files in the Tomcat host’s work directory. (CVE-2009-2693, CVE-2009-2902)

Users of Tomcat should upgrade to these updated packages, which contain backported patches to resolve these issues. Tomcat must be restarted for this update to take effect.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2010:0580. The text 
# itself is copyright (C) Red Hat, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(48231);
  script_version("1.23");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2009-0781", "CVE-2009-2693", "CVE-2009-2696", "CVE-2009-2902", "CVE-2010-2227");
  script_xref(name:"RHSA", value:"2010:0580");

  script_name(english:"RHEL 5 : tomcat5 (RHSA-2010:0580)");
  script_summary(english:"Checks the rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Red Hat host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Updated tomcat5 packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

Apache Tomcat is a servlet container for the Java Servlet and
JavaServer Pages (JSP) technologies.

A flaw was found in the way Tomcat handled the Transfer-Encoding
header in HTTP requests. A specially crafted HTTP request could
prevent Tomcat from sending replies, or cause Tomcat to return
truncated replies, or replies containing data related to the requests
of other users, for all subsequent HTTP requests. (CVE-2010-2227)

The Tomcat security update RHSA-2009:1164 did not, unlike the erratum
text stated, provide a fix for CVE-2009-0781, a cross-site scripting
(XSS) flaw in the examples calendar application. With some web
browsers, remote attackers could use this flaw to inject arbitrary web
script or HTML via the 'time' parameter. (CVE-2009-2696)

Two directory traversal flaws were found in the Tomcat deployment
process. A specially crafted WAR file could, when deployed, cause a
file to be created outside of the web root into any directory writable
by the Tomcat user, or could lead to the deletion of files in the
Tomcat host's work directory. (CVE-2009-2693, CVE-2009-2902)

Users of Tomcat should upgrade to these updated packages, which
contain backported patches to resolve these issues. Tomcat must be
restarted for this update to take effect."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2009-2693"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2009-2696"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2009-2902"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2010-2227"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://tomcat.apache.org/security-5.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHSA-2010:0580"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(22, 79);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat5-admin-webapps");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat5-common-lib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat5-jasper");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat5-jasper-javadoc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat5-jsp-2.0-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat5-jsp-2.0-api-javadoc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat5-server-lib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat5-servlet-2.4-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat5-servlet-2.4-api-javadoc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat5-webapps");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");

  script_set_attribute(attribute:"vuln_publication_date", value:"2009/03/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2010/08/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/08/03");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2010:0580";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;
  if (rpm_check(release:"RHEL5", cpu:"i386", reference:"tomcat5-5.5.23-0jpp.9.el5_5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"tomcat5-5.5.23-0jpp.9.el5_5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"tomcat5-5.5.23-0jpp.9.el5_5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"i386", reference:"tomcat5-admin-webapps-5.5.23-0jpp.9.el5_5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"tomcat5-admin-webapps-5.5.23-0jpp.9.el5_5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"tomcat5-admin-webapps-5.5.23-0jpp.9.el5_5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"i386", reference:"tomcat5-common-lib-5.5.23-0jpp.9.el5_5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"tomcat5-common-lib-5.5.23-0jpp.9.el5_5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"tomcat5-common-lib-5.5.23-0jpp.9.el5_5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"i386", reference:"tomcat5-jasper-5.5.23-0jpp.9.el5_5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"tomcat5-jasper-5.5.23-0jpp.9.el5_5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"tomcat5-jasper-5.5.23-0jpp.9.el5_5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"i386", reference:"tomcat5-jasper-javadoc-5.5.23-0jpp.9.el5_5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"tomcat5-jasper-javadoc-5.5.23-0jpp.9.el5_5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"tomcat5-jasper-javadoc-5.5.23-0jpp.9.el5_5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"i386", reference:"tomcat5-jsp-2.0-api-5.5.23-0jpp.9.el5_5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"tomcat5-jsp-2.0-api-5.5.23-0jpp.9.el5_5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"tomcat5-jsp-2.0-api-5.5.23-0jpp.9.el5_5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"i386", reference:"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.9.el5_5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.9.el5_5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.9.el5_5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"i386", reference:"tomcat5-server-lib-5.5.23-0jpp.9.el5_5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"tomcat5-server-lib-5.5.23-0jpp.9.el5_5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"tomcat5-server-lib-5.5.23-0jpp.9.el5_5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"i386", reference:"tomcat5-servlet-2.4-api-5.5.23-0jpp.9.el5_5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"tomcat5-servlet-2.4-api-5.5.23-0jpp.9.el5_5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"tomcat5-servlet-2.4-api-5.5.23-0jpp.9.el5_5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"i386", reference:"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.9.el5_5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.9.el5_5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.9.el5_5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"i386", reference:"tomcat5-webapps-5.5.23-0jpp.9.el5_5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"tomcat5-webapps-5.5.23-0jpp.9.el5_5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"tomcat5-webapps-5.5.23-0jpp.9.el5_5")) flag++;

  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "tomcat5 / tomcat5-admin-webapps / tomcat5-common-lib / etc");
  }
}
VendorProductVersionCPE
redhatenterprise_linuxtomcat5p-cpe:/a:redhat:enterprise_linux:tomcat5
redhatenterprise_linuxtomcat5-admin-webappsp-cpe:/a:redhat:enterprise_linux:tomcat5-admin-webapps
redhatenterprise_linuxtomcat5-common-libp-cpe:/a:redhat:enterprise_linux:tomcat5-common-lib
redhatenterprise_linuxtomcat5-jasperp-cpe:/a:redhat:enterprise_linux:tomcat5-jasper
redhatenterprise_linuxtomcat5-jasper-javadocp-cpe:/a:redhat:enterprise_linux:tomcat5-jasper-javadoc
redhatenterprise_linuxtomcat5-jsp-2.0-apip-cpe:/a:redhat:enterprise_linux:tomcat5-jsp-2.0-api
redhatenterprise_linuxtomcat5-jsp-2.0-api-javadocp-cpe:/a:redhat:enterprise_linux:tomcat5-jsp-2.0-api-javadoc
redhatenterprise_linuxtomcat5-server-libp-cpe:/a:redhat:enterprise_linux:tomcat5-server-lib
redhatenterprise_linuxtomcat5-servlet-2.4-apip-cpe:/a:redhat:enterprise_linux:tomcat5-servlet-2.4-api
redhatenterprise_linuxtomcat5-servlet-2.4-api-javadocp-cpe:/a:redhat:enterprise_linux:tomcat5-servlet-2.4-api-javadoc
Rows per page:
1-10 of 121

Related

openvas 66
nessus 61
centos 2
redhat 8
oraclelinux 2
veracode 4
prion 5
cve 5
debian 1
ubuntu 3
securityvulns 9
tomcat 8
myhack58 1
github 4
osv 4
fedora 6
altlinux 3
ubuntucve 4
packetstorm 1
gentoo 1
ibm 1
openvas
openvas
CentOS Update for tomcat5 CESA-2010:0580 centos5 i386
2011-08-09 00:00:00
RedHat Update for tomcat5 RHSA-2010:0580-01
2010-08-06 00:00:00
RedHat Update for tomcat5 RHSA-2010:0580-01
2010-08-06 00:00:00
nessus
nessus
Oracle Linux 5 : tomcat5 (ELSA-2010-0580)
2013-07-12 00:00:00
Scientific Linux Security Update : tomcat5 on SL5.x i386/x86_64
2012-08-01 00:00:00
CentOS 5 : tomcat5 (CESA-2010:0580)
2010-08-03 00:00:00
centos
centos
tomcat5 security update
2010-08-03 00:39:04
tomcat5 security update
2009-07-29 17:30:22
redhat
redhat
(RHSA-2010:0580) Important: tomcat5 security update
2010-08-02 00:00:00
(RHSA-2010:0582) Important: tomcat5 security update
2010-08-02 00:00:00
(RHSA-2010:0119) Low: JBoss Enterprise Web Server 1.0.1 update
2010-02-23 00:00:00
oraclelinux
oraclelinux
tomcat5 security update
2010-08-02 00:00:00
tomcat security update
2009-07-21 00:00:00
veracode
veracode
Cross-Site Scripting (XSS)
2020-04-10 00:46:42
Directory Traversal
2018-11-09 01:47:07
Arbitrary File Overwrite
2018-11-09 02:39:18
prion
prion
Cross site scripting
2010-08-05 18:17:00
Buffer overflow
2010-07-13 17:30:00
Directory traversal
2010-01-28 20:30:00
cve
cve
CVE-2009-2696
2010-08-05 18:17:00
CVE-2009-2902
2010-01-28 20:30:00
CVE-2010-2227
2010-07-13 17:30:00
debian
debian
[SECURITY] [DSA 2207-1] tomcat5.5 security update
2011-03-29 22:35:34
ubuntu
ubuntu
Tomcat vulnerabilities
2010-02-11 00:00:00
Tomcat vulnerability
2010-08-25 00:00:00
Tomcat vulnerabilities
2009-06-15 00:00:00
securityvulns
securityvulns
[SECURITY] CVE-2009-2901 Apache Tomcat insecure partial deploy after failed undeploy
2010-01-26 00:00:00
[security bulletin] HPSBMA02535 SSRT100029 rev.1 - HP Performance Manager, Remote Unauthorized Access, Cross Site Scripting &#40;XSS&#41;, Denial of Service &#40;DoS&#41;
2010-05-20 00:00:00
Apache Tomcat DoS and information leak
2010-07-13 00:00:00
tomcat
tomcat
Fixed in Apache Tomcat 6.0.24
2010-01-21 00:00:00
Fixed in Apache Tomcat 5.5.29
2010-04-20 00:00:00
Fixed in Apache Tomcat 7.0.2
2010-08-11 00:00:00
myhack58
myhack58
Tomcat remote denial of service vulnerability analysis(CVE-2 0 1 0-2 2 2 7)-vulnerability warning-the black bar safety net
2010-11-23 00:00:00
github
github
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Apache Tomcat
2022-05-02 03:39:48
Apache Tomcat does not properly handle an invalid Transfer-Encoding header
2022-05-14 01:17:03
Apache Tomcat Directory Traversal vulnerability
2022-05-02 03:37:48
osv
osv
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Apache Tomcat
2022-05-02 03:39:48
Apache Tomcat does not properly handle an invalid Transfer-Encoding header
2022-05-14 01:17:03
Apache Tomcat Directory Traversal vulnerability
2022-05-02 03:37:48
fedora
fedora
[SECURITY] Fedora 14 Update: tomcat6-6.0.26-14.fc14
2010-11-14 21:34:08
[SECURITY] Fedora 13 Update: tomcat6-6.0.26-11.fc13
2010-11-01 20:57:28
[SECURITY] Fedora 12 Update: tomcat6-6.0.26-3.fc12
2010-11-01 20:55:02
altlinux
altlinux
Security fix for the ALT Linux 5 package tomcat6 version 0:6.0.26-alt2_11jpp6
2010-10-18 00:00:00
Security fix for the ALT Linux 5 package tomcat6 version 0:6.0.26-alt4_16jpp6.M50P.1
2011-04-13 00:00:00
Security fix for the ALT Linux 5 package tomcat6 version 0:6.0.18-alt6_8jpp5
2010-01-14 00:00:00
ubuntucve
ubuntucve
CVE-2009-2902
2010-01-28 00:00:00
CVE-2009-2693
2010-01-28 00:00:00
CVE-2010-2227
2010-07-13 00:00:00
packetstorm
packetstorm
Apache Tomcat Cross Site Scripting
2009-03-06 00:00:00
gentoo
gentoo
Apache Tomcat: Multiple vulnerabilities
2012-06-24 00:00:00
ibm
ibm
Security Bulletin: TADDM affected by multiple vulnerabilities due to Apache Tomcat libraries
2023-01-27 10:54:22
JSON
Related for REDHAT-RHSA-2010-0580.NASL
openvas66nessus61centos2redhat8oraclelinux2veracode4prion5cve5debian1ubuntu3securityvulns9tomcat8myhack581github4osv4fedora6altlinux3ubuntucve4packetstorm1gentoo1ibm1