Oracle Solaris Third-Party Patch Update for multiple vulnerabilities in Apache Tomca
Reporter | Title | Published | Views | Family All 199 |
---|---|---|---|---|
Tenable Nessus | Apache Tomcat 6.0.x < 6.0.36 Multiple Vulnerabilities | 21 Nov 201200:00 | – | nessus |
Tenable Nessus | Apache Tomcat 6.0.x < 6.0.36 Multiple Vulnerabilities | 26 Nov 201200:00 | – | nessus |
Tenable Nessus | Apache Tomcat 6.0.x < 6.0.36 Multiple Vulnerabilities | 26 Nov 201200:00 | – | nessus |
Tenable Nessus | Fedora 16 : tomcat-7.0.33-1.fc16 (2012-20151) | 20 Dec 201200:00 | – | nessus |
Tenable Nessus | RHEL 5 / 6 : JBoss Web Server (RHSA-2013:0266) | 26 Jun 201400:00 | – | nessus |
Tenable Nessus | SuSE 11.2 Security Update : tomcat6 (SAT Patch Number 7208) | 4 Feb 201300:00 | – | nessus |
Tenable Nessus | Scientific Linux Security Update : tomcat6 on SL6.x (noarch) (20130311) | 13 Mar 201300:00 | – | nessus |
Tenable Nessus | CentOS 6 : tomcat6 (CESA-2013:0623) | 13 Mar 201300:00 | – | nessus |
Tenable Nessus | RHEL 6 : tomcat6 (RHSA-2013:0623) | 12 Mar 201300:00 | – | nessus |
Tenable Nessus | Debian DSA-2725-1 : tomcat6 - several vulnerabilities | 19 Jul 201300:00 | – | nessus |
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from the Oracle Third Party software advisories.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(80791);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2012-2733", "CVE-2012-3546", "CVE-2012-4431", "CVE-2012-4534", "CVE-2012-5885", "CVE-2012-5886", "CVE-2012-5887");
script_name(english:"Oracle Solaris Third-Party Patch Update : tomcat (multiple_vulnerabilities_in_apache_tomcat3)");
script_summary(english:"Check for the 'entire' version.");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Solaris system is missing a security patch for third-party
software."
);
script_set_attribute(
attribute:"description",
value:
"The remote Solaris system is missing necessary patches to address
security updates :
- java/org/apache/coyote/http11/InternalNioInputBuffer.jav
a in the HTTP NIO connector in Apache Tomcat 6.x before
6.0.36 and 7.x before 7.0.28 does not properly restrict
the request-header size, which allows remote attackers
to cause a denial of service (memory consumption) via a
large amount of header data. (CVE-2012-2733)
- org/apache/catalina/realm/RealmBase.java in Apache
Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when
FORM authentication is used, allows remote attackers to
bypass security-constraint checks by leveraging a
previous setUserPrincipal call and then placing
/j_security_check at the end of a URI. (CVE-2012-3546)
- org/apache/catalina/filters/CsrfPreventionFilter.java in
Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32
allows remote attackers to bypass the cross-site request
forgery (CSRF) protection mechanism via a request that
lacks a session identifier. (CVE-2012-4431)
- org/apache/tomcat/util/net/NioEndpoint.java in Apache
Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the
NIO connector is used in conjunction with sendfile and
HTTPS, allows remote attackers to cause a denial of
service (infinite loop) by terminating the connection
during the reading of a response. (CVE-2012-4534)
- The replay-countermeasure functionality in the HTTP
Digest Access Authentication implementation in Apache
Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x
before 7.0.30 tracks cnonce (aka client nonce) values
instead of nonce (aka server nonce) and nc (aka
nonce-count) values, which makes it easier for remote
attackers to bypass intended access restrictions by
sniffing the network for valid requests, a different
vulnerability than CVE-2011-1184. (CVE-2012-5885)
- The HTTP Digest Access Authentication implementation in
Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36,
and 7.x before 7.0.30 caches information about the
authenticated user within the session state, which makes
it easier for remote attackers to bypass authentication
via vectors related to the session ID. (CVE-2012-5886)
- The HTTP Digest Access Authentication implementation in
Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36,
and 7.x before 7.0.30 does not properly check for stale
nonce values in conjunction with enforcement of proper
credentials, which makes it easier for remote attackers
to bypass intended access restrictions by sniffing the
network for valid requests. (CVE-2012-5887)"
);
# https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?4a913f44"
);
# https://blogs.oracle.com/sunsecurity/multiple-vulnerabilities-in-apache-tomcat
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?ce09309a"
);
script_set_attribute(attribute:"solution", value:"Upgrade to Solaris 11.1.4.5.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:11.1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:tomcat");
script_set_attribute(attribute:"patch_publication_date", value:"2014/04/01");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/19");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Solaris Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Solaris11/release", "Host/Solaris11/pkg-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("solaris.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Solaris11/release");
if (isnull(release)) audit(AUDIT_OS_NOT, "Solaris11");
pkg_list = solaris_pkg_list_leaves();
if (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, "Solaris pkg-list packages");
if (empty_or_null(egrep(string:pkg_list, pattern:"^tomcat$"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "tomcat");
flag = 0;
if (solaris_check_release(release:"0.5.11-0.175.1.4.0.5.0", sru:"SRU 4.5") > 0) flag++;
if (flag)
{
set_kb_item(name:'www/0/XSRF', value:TRUE);
error_extra = 'Affected package : tomcat\n' + solaris_get_report2();
error_extra = ereg_replace(pattern:"version", replace:"OS version", string:error_extra);
if (report_verbosity > 0) security_warning(port:0, extra:error_extra);
else security_warning(0);
exit(0);
}
else audit(AUDIT_PACKAGE_NOT_AFFECTED, "tomcat");
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo