Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2017-2493.NASL
HistoryAug 23, 2017 - 12:00 a.m.

RHEL 6 / 7 : JBoss Web Server (RHSA-2017:2493)

2017-08-2300:00:00
This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
30
JSON

An update is now available for Red Hat JBoss Enterprise Web Server 2.1.2 for Red Hat Enterprise Linux 6 and Red Hat JBoss Enterprise Web Server 2.1.2 for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.

This release provides an update to OpenSSL and Tomcat 6/7 for Red Hat JBoss Web Server 2.1.2. The updates are documented in the Release Notes document linked to in the References.

Users of Red Hat JBoss Web Server 2.1.2 should upgrade to these updated packages, which resolve several security issues.

Security Fix(es) :

  • A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support. (CVE-2016-6304)

  • A vulnerability was discovered in tomcat’s handling of pipelined requests when ‘Sendfile’ was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. (CVE-2017-5647)

  • A vulnerability was discovered in the error page mechanism in Tomcat’s DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page. (CVE-2017-5664)

  • A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients. (CVE-2016-8610)

Red Hat would like to thank the OpenSSL project for reporting CVE-2016-6304 and Shi Lei (Gear Team of Qihoo 360 Inc.) for reporting CVE-2016-8610. Upstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original reporter of CVE-2016-6304.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2017:2493. The text 
# itself is copyright (C) Red Hat, Inc.
#

include("compat.inc");

if (description)
{
  script_id(102692);
  script_version("3.6");
  script_cvs_date("Date: 2019/10/24 15:35:43");

  script_cve_id("CVE-2016-6304", "CVE-2016-8610", "CVE-2017-5647", "CVE-2017-5664");
  script_xref(name:"RHSA", value:"2017:2493");

  script_name(english:"RHEL 6 / 7 : JBoss Web Server (RHSA-2017:2493)");
  script_summary(english:"Checks the rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Red Hat host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"An update is now available for Red Hat JBoss Enterprise Web Server
2.1.2 for Red Hat Enterprise Linux 6 and Red Hat JBoss Enterprise Web
Server 2.1.2 for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security
impact of Important. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL)
and Transport Layer Security (TLS) protocols, as well as a
full-strength general-purpose cryptography library.

Apache Tomcat is a servlet container for the Java Servlet and
JavaServer Pages (JSP) technologies.

This release provides an update to OpenSSL and Tomcat 6/7 for Red Hat
JBoss Web Server 2.1.2. The updates are documented in the Release
Notes document linked to in the References.

Users of Red Hat JBoss Web Server 2.1.2 should upgrade to these
updated packages, which resolve several security issues.

Security Fix(es) :

* A memory leak flaw was found in the way OpenSSL handled TLS status
request extension data during session renegotiation. A remote attacker
could cause a TLS server using OpenSSL to consume an excessive amount
of memory and, possibly, exit unexpectedly after exhausting all
available memory, if it enabled OCSP stapling support. (CVE-2016-6304)

* A vulnerability was discovered in tomcat's handling of pipelined
requests when 'Sendfile' was used. If sendfile processing completed
quickly, it was possible for the Processor to be added to the
processor cache twice. This could lead to invalid responses or
information disclosure. (CVE-2017-5647)

* A vulnerability was discovered in the error page mechanism in
Tomcat's DefaultServlet implementation. A crafted HTTP request could
cause undesired side effects, possibly including the removal or
replacement of the custom error page. (CVE-2017-5664)

* A denial of service flaw was found in the way the TLS/SSL protocol
defined processing of ALERT packets during a connection handshake. A
remote attacker could use this flaw to make a TLS/SSL server consume
an excessive amount of CPU and fail to accept connections from other
clients. (CVE-2016-8610)

Red Hat would like to thank the OpenSSL project for reporting
CVE-2016-6304 and Shi Lei (Gear Team of Qihoo 360 Inc.) for reporting
CVE-2016-8610. Upstream acknowledges Shi Lei (Gear Team of Qihoo 360
Inc.) as the original reporter of CVE-2016-6304."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/articles/3155411"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHSA-2017:2493"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2016-6304"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2016-8610"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2017-5647"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2017-5664"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-perl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-static");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat6-admin-webapps");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat6-docs-webapp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat6-el-2.1-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat6-javadoc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat6-jsp-2.1-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat6-lib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat6-log4j");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat6-maven-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat6-servlet-2.5-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat6-webapps");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat7");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat7-admin-webapps");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat7-docs-webapp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat7-el-2.2-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat7-javadoc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat7-jsp-2.2-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat7-lib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat7-log4j");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat7-maven-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat7-servlet-3.0-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tomcat7-webapps");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/09/26");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/08/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/08/23");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^(6|7)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x / 7.x", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2017:2493";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;

  if (! (rpm_exists(release:"RHEL6", rpm:"jws-2") || rpm_exists(release:"RHEL7", rpm:"jws-2"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "JBoss Web Server");

  if (rpm_check(release:"RHEL6", cpu:"i686", reference:"jbcs-httpd24-openssl-1.0.2h-13.jbcs.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"jbcs-httpd24-openssl-1.0.2h-13.jbcs.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"i686", reference:"jbcs-httpd24-openssl-debuginfo-1.0.2h-13.jbcs.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"jbcs-httpd24-openssl-debuginfo-1.0.2h-13.jbcs.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"i686", reference:"jbcs-httpd24-openssl-devel-1.0.2h-13.jbcs.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"jbcs-httpd24-openssl-devel-1.0.2h-13.jbcs.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"i686", reference:"jbcs-httpd24-openssl-libs-1.0.2h-13.jbcs.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"jbcs-httpd24-openssl-libs-1.0.2h-13.jbcs.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"i686", reference:"jbcs-httpd24-openssl-perl-1.0.2h-13.jbcs.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"jbcs-httpd24-openssl-perl-1.0.2h-13.jbcs.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"i686", reference:"jbcs-httpd24-openssl-static-1.0.2h-13.jbcs.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"jbcs-httpd24-openssl-static-1.0.2h-13.jbcs.el6")) flag++;
  if (rpm_check(release:"RHEL6", reference:"tomcat6-6.0.41-17_patch_04.ep6.el6")) flag++;
  if (rpm_check(release:"RHEL6", reference:"tomcat6-admin-webapps-6.0.41-17_patch_04.ep6.el6")) flag++;
  if (rpm_check(release:"RHEL6", reference:"tomcat6-docs-webapp-6.0.41-17_patch_04.ep6.el6")) flag++;
  if (rpm_check(release:"RHEL6", reference:"tomcat6-el-2.1-api-6.0.41-17_patch_04.ep6.el6")) flag++;
  if (rpm_check(release:"RHEL6", reference:"tomcat6-javadoc-6.0.41-17_patch_04.ep6.el6")) flag++;
  if (rpm_check(release:"RHEL6", reference:"tomcat6-jsp-2.1-api-6.0.41-17_patch_04.ep6.el6")) flag++;
  if (rpm_check(release:"RHEL6", reference:"tomcat6-lib-6.0.41-17_patch_04.ep6.el6")) flag++;
  if (rpm_check(release:"RHEL6", reference:"tomcat6-log4j-6.0.41-17_patch_04.ep6.el6")) flag++;
  if (rpm_check(release:"RHEL6", reference:"tomcat6-maven-devel-6.0.41-17_patch_04.ep6.el6")) flag++;
  if (rpm_check(release:"RHEL6", reference:"tomcat6-servlet-2.5-api-6.0.41-17_patch_04.ep6.el6")) flag++;
  if (rpm_check(release:"RHEL6", reference:"tomcat6-webapps-6.0.41-17_patch_04.ep6.el6")) flag++;
  if (rpm_check(release:"RHEL6", reference:"tomcat7-7.0.54-25_patch_05.ep6.el6")) flag++;
  if (rpm_check(release:"RHEL6", reference:"tomcat7-admin-webapps-7.0.54-25_patch_05.ep6.el6")) flag++;
  if (rpm_check(release:"RHEL6", reference:"tomcat7-docs-webapp-7.0.54-25_patch_05.ep6.el6")) flag++;
  if (rpm_check(release:"RHEL6", reference:"tomcat7-el-2.2-api-7.0.54-25_patch_05.ep6.el6")) flag++;
  if (rpm_check(release:"RHEL6", reference:"tomcat7-javadoc-7.0.54-25_patch_05.ep6.el6")) flag++;
  if (rpm_check(release:"RHEL6", reference:"tomcat7-jsp-2.2-api-7.0.54-25_patch_05.ep6.el6")) flag++;
  if (rpm_check(release:"RHEL6", reference:"tomcat7-lib-7.0.54-25_patch_05.ep6.el6")) flag++;
  if (rpm_check(release:"RHEL6", reference:"tomcat7-log4j-7.0.54-25_patch_05.ep6.el6")) flag++;
  if (rpm_check(release:"RHEL6", reference:"tomcat7-maven-devel-7.0.54-25_patch_05.ep6.el6")) flag++;
  if (rpm_check(release:"RHEL6", reference:"tomcat7-servlet-3.0-api-7.0.54-25_patch_05.ep6.el6")) flag++;
  if (rpm_check(release:"RHEL6", reference:"tomcat7-webapps-7.0.54-25_patch_05.ep6.el6")) flag++;

  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"jbcs-httpd24-openssl-1.0.2h-13.jbcs.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"jbcs-httpd24-openssl-debuginfo-1.0.2h-13.jbcs.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"jbcs-httpd24-openssl-devel-1.0.2h-13.jbcs.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"jbcs-httpd24-openssl-libs-1.0.2h-13.jbcs.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"jbcs-httpd24-openssl-perl-1.0.2h-13.jbcs.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"jbcs-httpd24-openssl-static-1.0.2h-13.jbcs.el7")) flag++;
  if (rpm_check(release:"RHEL7", reference:"tomcat6-6.0.41-17_patch_04.ep6.el7")) flag++;
  if (rpm_check(release:"RHEL7", reference:"tomcat6-admin-webapps-6.0.41-17_patch_04.ep6.el7")) flag++;
  if (rpm_check(release:"RHEL7", reference:"tomcat6-docs-webapp-6.0.41-17_patch_04.ep6.el7")) flag++;
  if (rpm_check(release:"RHEL7", reference:"tomcat6-el-2.1-api-6.0.41-17_patch_04.ep6.el7")) flag++;
  if (rpm_check(release:"RHEL7", reference:"tomcat6-javadoc-6.0.41-17_patch_04.ep6.el7")) flag++;
  if (rpm_check(release:"RHEL7", reference:"tomcat6-jsp-2.1-api-6.0.41-17_patch_04.ep6.el7")) flag++;
  if (rpm_check(release:"RHEL7", reference:"tomcat6-lib-6.0.41-17_patch_04.ep6.el7")) flag++;
  if (rpm_check(release:"RHEL7", reference:"tomcat6-log4j-6.0.41-17_patch_04.ep6.el7")) flag++;
  if (rpm_check(release:"RHEL7", reference:"tomcat6-maven-devel-6.0.41-17_patch_04.ep6.el7")) flag++;
  if (rpm_check(release:"RHEL7", reference:"tomcat6-servlet-2.5-api-6.0.41-17_patch_04.ep6.el7")) flag++;
  if (rpm_check(release:"RHEL7", reference:"tomcat6-webapps-6.0.41-17_patch_04.ep6.el7")) flag++;
  if (rpm_check(release:"RHEL7", reference:"tomcat7-7.0.54-25_patch_05.ep6.el7")) flag++;
  if (rpm_check(release:"RHEL7", reference:"tomcat7-admin-webapps-7.0.54-25_patch_05.ep6.el7")) flag++;
  if (rpm_check(release:"RHEL7", reference:"tomcat7-docs-webapp-7.0.54-25_patch_05.ep6.el7")) flag++;
  if (rpm_check(release:"RHEL7", reference:"tomcat7-el-2.2-api-7.0.54-25_patch_05.ep6.el7")) flag++;
  if (rpm_check(release:"RHEL7", reference:"tomcat7-javadoc-7.0.54-25_patch_05.ep6.el7")) flag++;
  if (rpm_check(release:"RHEL7", reference:"tomcat7-jsp-2.2-api-7.0.54-25_patch_05.ep6.el7")) flag++;
  if (rpm_check(release:"RHEL7", reference:"tomcat7-lib-7.0.54-25_patch_05.ep6.el7")) flag++;
  if (rpm_check(release:"RHEL7", reference:"tomcat7-log4j-7.0.54-25_patch_05.ep6.el7")) flag++;
  if (rpm_check(release:"RHEL7", reference:"tomcat7-maven-devel-7.0.54-25_patch_05.ep6.el7")) flag++;
  if (rpm_check(release:"RHEL7", reference:"tomcat7-servlet-3.0-api-7.0.54-25_patch_05.ep6.el7")) flag++;
  if (rpm_check(release:"RHEL7", reference:"tomcat7-webapps-7.0.54-25_patch_05.ep6.el7")) flag++;

  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "jbcs-httpd24-openssl / jbcs-httpd24-openssl-debuginfo / etc");
  }
}
VendorProductVersionCPE
redhatenterprise_linuxjbcs-httpd24-opensslp-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl
redhatenterprise_linuxjbcs-httpd24-openssl-debuginfop-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-debuginfo
redhatenterprise_linuxjbcs-httpd24-openssl-develp-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-devel
redhatenterprise_linuxjbcs-httpd24-openssl-libsp-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-libs
redhatenterprise_linuxjbcs-httpd24-openssl-perlp-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-perl
redhatenterprise_linuxjbcs-httpd24-openssl-staticp-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-static
redhatenterprise_linuxtomcat6p-cpe:/a:redhat:enterprise_linux:tomcat6
redhatenterprise_linuxtomcat6-admin-webappsp-cpe:/a:redhat:enterprise_linux:tomcat6-admin-webapps
redhatenterprise_linuxtomcat6-docs-webappp-cpe:/a:redhat:enterprise_linux:tomcat6-docs-webapp
redhatenterprise_linuxtomcat6-el-2.1-apip-cpe:/a:redhat:enterprise_linux:tomcat6-el-2.1-api
Rows per page:
1-10 of 301

Related

redhat 9
nessus 37
oraclelinux 2
ibm 40
ubuntu 1
openvas 27
centos 3
debian 8
tomcat 7
ubuntucve 4
cve 4
osv 11
fedora 3
veracode 7
myhack58 3
archlinux 2
redhatcve 2
amazon 4
debiancve 4
mageia 1
f5 6
prion 4
github 2
freebsd_advisory 1
paloalto 1
freebsd 1
zdt 1
hackerone 1
alpinelinux 1
checkpoint_advisories 1
openssl 1
redhat
redhat
(RHSA-2017:2494) Important: Red Hat JBoss Web Server 2 security update
2017-08-21 15:21:48
(RHSA-2017:2493) Important: Red Hat JBoss Web Server 2 security update
2017-08-21 15:21:19
(RHSA-2017:1802) Important: Red Hat JBoss Web Server Service Pack 1 security update
2017-07-25 17:45:08
nessus
nessus
Symantec Content Analysis < 2.3.5.1 affected by Multiple Vulnerabilities (SYMSA1419)
2019-05-31 00:00:00
RHEL 6 / 7 : Red Hat JBoss Web Server 3.1.0 Service Pack 1 (RHSA-2017:1801)
2018-08-29 00:00:00
CentOS 6 : tomcat6 (CESA-2017:3080)
2017-10-31 00:00:00
oraclelinux
oraclelinux
tomcat security update
2017-07-27 00:00:00
tomcat6 security update
2017-10-29 00:00:00
ibm
ibm
Security Bulletin: Security vulnerabilities have been identified in Jazz Team Server shipped with Jazz Reporting Service
2018-06-17 05:22:45
Security Bulletin: Security vulnerabilities have been identified in Jazz Reporting Service shipped with Rational Reporting for Development Intelligence
2018-06-17 05:22:45
Security Bulletin: Security vulnerabilities have been identified in Jazz Reporting Service shipped with Rational Insight
2018-06-17 05:22:46
ubuntu
ubuntu
Tomcat vulnerabilities
2018-01-08 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-3519-1)
2018-01-09 00:00:00
RedHat Update for tomcat6 RHSA-2017:3080-01
2017-10-30 00:00:00
CentOS Update for tomcat6 CESA-2017:3080 centos6
2017-11-02 00:00:00
centos
centos
tomcat6 security update
2017-10-30 11:27:14
tomcat security update
2017-07-27 15:49:22
openssl security update
2017-02-21 11:44:42
debian
debian
[SECURITY] [DLA 924-2] tomcat7 regression update
2017-05-10 20:08:15
[SECURITY] [DSA 3891-1] tomcat8 security update
2017-06-22 08:05:13
[SECURITY] [DLA 996-1] tomcat7 security update
2017-06-20 21:34:44
tomcat
tomcat
Fixed in Apache Tomcat 7.0.77
2017-04-02 00:00:00
Fixed in Apache Tomcat 8.0.44
2017-05-16 00:00:00
Fixed in Apache Tomcat 8.5.15
2017-05-10 00:00:00
ubuntucve
ubuntucve
CVE-2017-5647
2017-04-17 00:00:00
CVE-2017-5664
2017-06-06 00:00:00
CVE-2016-8610
2016-10-24 00:00:00
cve
cve
CVE-2017-5647
2017-04-17 16:59:00
CVE-2017-5664
2017-06-06 14:29:00
CVE-2016-8610
2017-11-13 22:29:00
osv
osv
tomcat8 - security update
2017-06-22 00:00:00
tomcat7 - security update
2017-06-22 00:00:00
tomcat7 - security update
2017-06-20 00:00:00
fedora
fedora
[SECURITY] Fedora 24 Update: tomcat-8.0.44-1.fc24
2017-06-29 23:50:43
[SECURITY] Fedora 25 Update: tomcat-8.0.44-1.fc25
2017-06-30 00:50:27
[SECURITY] Fedora 26 Update: tomcat-8.0.44-1.fc26
2017-07-07 23:13:38
veracode
veracode
Security Constraint Bypass
2017-06-07 02:00:46
Denial Of Service (DoS) In SSL Alert Handling
2019-01-15 09:15:53
Information Disclosure
2017-04-11 05:42:07
myhack58
myhack58
Tomcat Security Constraint Bypass CVE-2017-5664 analysis-vulnerability warning-the black bar safety net
2017-07-27 00:00:00
Apache Tomcat security restrictions bypass Vulnerability, CVE-2017-5664-a vulnerability warning-the black bar safety net
2017-06-12 00:00:00
Upgrade the openssl version to fix high-risk vulnerabilities--“the OpenSSL Red Alert”vulnerability-vulnerability warning-the black bar safety net
2016-10-29 00:00:00
archlinux
archlinux
[ASA-201706-7] tomcat8: access restriction bypass
2017-06-06 00:00:00
[ASA-201706-6] tomcat7: access restriction bypass
2017-06-06 00:00:00
redhatcve
redhatcve
CVE-2017-5664
2021-02-07 15:15:32
CVE-2017-5647
2017-04-11 12:48:12
amazon
amazon
Important: tomcat8
2017-07-06 17:25:00
Important: tomcat6
2017-04-20 06:17:00
Important: tomcat7
2017-07-06 17:24:00
debiancve
debiancve
CVE-2017-5664
2017-06-06 14:29:00
CVE-2017-5647
2017-04-17 16:59:00
CVE-2016-8610
2017-11-13 22:29:00
mageia
mageia
Updated tomcat packages fix security vulnerability
2017-06-30 00:40:57
f5
f5
K49000195 : Apache Tomcat vulnerability CVE-2017-5647
2017-05-05 00:00:00
K01225001 : Apache Tomcat vulnerability CVE-2017-5664
2017-06-23 00:00:00
K11307303 : OpenSSL vulnerability CVE-2016-8610
2016-11-21 00:00:00
prion
prion
Server side request forgery (ssrf)
2017-04-17 16:59:00
Design/Logic Flaw
2017-06-06 14:29:00
Code injection
2017-11-13 22:29:00
github
github
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
2022-05-14 01:10:16
Improper Handling of Exceptional Conditions in Apache Tomcat
2022-05-13 01:46:15
freebsd_advisory
freebsd_advisory
FreeBSD-SA-16:35.openssl
2016-11-02 00:00:00
paloalto
paloalto
OpenSSL Vulnerability
2017-06-07 00:25:00
freebsd
freebsd
FreeBSD -- OpenSSL Remote DoS vulnerability
2016-11-02 00:00:00
zdt
zdt
OpenSSL OCSP Status Request Extension Unbounded Memory Growth Vulnerability
2016-10-21 00:00:00
hackerone
hackerone
Internet Bug Bounty: OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
2017-03-29 01:24:57
alpinelinux
alpinelinux
CVE-2016-6304
2016-09-26 19:59:00
checkpoint_advisories
checkpoint_advisories
OpenSSL OCSP Extension Unbounded Memory Denial of Service (CVE-2016-6304)
2016-09-22 00:00:00
openssl
openssl
Vulnerability in OpenSSL CVE-2016-6304
2016-09-22 00:00:00
JSON
Related for REDHAT-RHSA-2017-2493.NASL
redhat9nessus37oraclelinux2ibm40ubuntu1openvas27centos3debian8tomcat7ubuntucve4cve4osv11fedora3veracode7myhack583archlinux2redhatcve2amazon4debiancve4mageia1f56prion4github2freebsd_advisory1paloalto1freebsd1zdt1hackerone1alpinelinux1checkpoint_advisories1openssl1