Oracle Solaris Third-Party Patch Update : tomcat (multiple_vulnerabilities_in_apache_tomcat3)
2015-01-19T00:00:00
ID SOLARIS11_TOMCAT_20140401.NASL Type nessus Reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. Modified 2021-01-02T00:00:00
Description
The remote Solaris system is missing necessary patches to address
security updates :
java/org/apache/coyote/http11/InternalNioInputBuffer.jav
a in the HTTP NIO connector in Apache Tomcat 6.x before
6.0.36 and 7.x before 7.0.28 does not properly restrict
the request-header size, which allows remote attackers
to cause a denial of service (memory consumption) via a
large amount of header data. (CVE-2012-2733)
org/apache/catalina/realm/RealmBase.java in Apache
Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when
FORM authentication is used, allows remote attackers to
bypass security-constraint checks by leveraging a
previous setUserPrincipal call and then placing
/j_security_check at the end of a URI. (CVE-2012-3546)
org/apache/catalina/filters/CsrfPreventionFilter.java in
Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32
allows remote attackers to bypass the cross-site request
forgery (CSRF) protection mechanism via a request that
lacks a session identifier. (CVE-2012-4431)
org/apache/tomcat/util/net/NioEndpoint.java in Apache
Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the
NIO connector is used in conjunction with sendfile and
HTTPS, allows remote attackers to cause a denial of
service (infinite loop) by terminating the connection
during the reading of a response. (CVE-2012-4534)
The replay-countermeasure functionality in the HTTP
Digest Access Authentication implementation in Apache
Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x
before 7.0.30 tracks cnonce (aka client nonce) values
instead of nonce (aka server nonce) and nc (aka
nonce-count) values, which makes it easier for remote
attackers to bypass intended access restrictions by
sniffing the network for valid requests, a different
vulnerability than CVE-2011-1184. (CVE-2012-5885)
The HTTP Digest Access Authentication implementation in
Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36,
and 7.x before 7.0.30 caches information about the
authenticated user within the session state, which makes
it easier for remote attackers to bypass authentication
via vectors related to the session ID. (CVE-2012-5886)
The HTTP Digest Access Authentication implementation in
Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36,
and 7.x before 7.0.30 does not properly check for stale
nonce values in conjunction with enforcement of proper
credentials, which makes it easier for remote attackers
to bypass intended access restrictions by sniffing the
network for valid requests. (CVE-2012-5887)
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from the Oracle Third Party software advisories.
#
include("compat.inc");
if (description)
{
script_id(80791);
script_version("1.6");
script_cvs_date("Date: 2019/10/16 10:34:21");
script_cve_id("CVE-2012-2733", "CVE-2012-3546", "CVE-2012-4431", "CVE-2012-4534", "CVE-2012-5885", "CVE-2012-5886", "CVE-2012-5887");
script_name(english:"Oracle Solaris Third-Party Patch Update : tomcat (multiple_vulnerabilities_in_apache_tomcat3)");
script_summary(english:"Check for the 'entire' version.");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Solaris system is missing a security patch for third-party
software."
);
script_set_attribute(
attribute:"description",
value:
"The remote Solaris system is missing necessary patches to address
security updates :
- java/org/apache/coyote/http11/InternalNioInputBuffer.jav
a in the HTTP NIO connector in Apache Tomcat 6.x before
6.0.36 and 7.x before 7.0.28 does not properly restrict
the request-header size, which allows remote attackers
to cause a denial of service (memory consumption) via a
large amount of header data. (CVE-2012-2733)
- org/apache/catalina/realm/RealmBase.java in Apache
Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when
FORM authentication is used, allows remote attackers to
bypass security-constraint checks by leveraging a
previous setUserPrincipal call and then placing
/j_security_check at the end of a URI. (CVE-2012-3546)
- org/apache/catalina/filters/CsrfPreventionFilter.java in
Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32
allows remote attackers to bypass the cross-site request
forgery (CSRF) protection mechanism via a request that
lacks a session identifier. (CVE-2012-4431)
- org/apache/tomcat/util/net/NioEndpoint.java in Apache
Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the
NIO connector is used in conjunction with sendfile and
HTTPS, allows remote attackers to cause a denial of
service (infinite loop) by terminating the connection
during the reading of a response. (CVE-2012-4534)
- The replay-countermeasure functionality in the HTTP
Digest Access Authentication implementation in Apache
Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x
before 7.0.30 tracks cnonce (aka client nonce) values
instead of nonce (aka server nonce) and nc (aka
nonce-count) values, which makes it easier for remote
attackers to bypass intended access restrictions by
sniffing the network for valid requests, a different
vulnerability than CVE-2011-1184. (CVE-2012-5885)
- The HTTP Digest Access Authentication implementation in
Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36,
and 7.x before 7.0.30 caches information about the
authenticated user within the session state, which makes
it easier for remote attackers to bypass authentication
via vectors related to the session ID. (CVE-2012-5886)
- The HTTP Digest Access Authentication implementation in
Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36,
and 7.x before 7.0.30 does not properly check for stale
nonce values in conjunction with enforcement of proper
credentials, which makes it easier for remote attackers
to bypass intended access restrictions by sniffing the
network for valid requests. (CVE-2012-5887)"
);
# https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?4a913f44"
);
# https://blogs.oracle.com/sunsecurity/multiple-vulnerabilities-in-apache-tomcat
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?ce09309a"
);
script_set_attribute(attribute:"solution", value:"Upgrade to Solaris 11.1.4.5.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:11.1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:tomcat");
script_set_attribute(attribute:"patch_publication_date", value:"2014/04/01");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/19");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Solaris Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Solaris11/release", "Host/Solaris11/pkg-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("solaris.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Solaris11/release");
if (isnull(release)) audit(AUDIT_OS_NOT, "Solaris11");
pkg_list = solaris_pkg_list_leaves();
if (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, "Solaris pkg-list packages");
if (empty_or_null(egrep(string:pkg_list, pattern:"^tomcat$"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "tomcat");
flag = 0;
if (solaris_check_release(release:"0.5.11-0.175.1.4.0.5.0", sru:"SRU 4.5") > 0) flag++;
if (flag)
{
set_kb_item(name:'www/0/XSRF', value:TRUE);
error_extra = 'Affected package : tomcat\n' + solaris_get_report2();
error_extra = ereg_replace(pattern:"version", replace:"OS version", string:error_extra);
if (report_verbosity > 0) security_warning(port:0, extra:error_extra);
else security_warning(0);
exit(0);
}
else audit(AUDIT_PACKAGE_NOT_AFFECTED, "tomcat");
{"id": "SOLARIS11_TOMCAT_20140401.NASL", "bulletinFamily": "scanner", "title": "Oracle Solaris Third-Party Patch Update : tomcat (multiple_vulnerabilities_in_apache_tomcat3)", "description": "The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - java/org/apache/coyote/http11/InternalNioInputBuffer.jav\n a in the HTTP NIO connector in Apache Tomcat 6.x before\n 6.0.36 and 7.x before 7.0.28 does not properly restrict\n the request-header size, which allows remote attackers\n to cause a denial of service (memory consumption) via a\n large amount of header data. (CVE-2012-2733)\n\n - org/apache/catalina/realm/RealmBase.java in Apache\n Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when\n FORM authentication is used, allows remote attackers to\n bypass security-constraint checks by leveraging a\n previous setUserPrincipal call and then placing\n /j_security_check at the end of a URI. (CVE-2012-3546)\n\n - org/apache/catalina/filters/CsrfPreventionFilter.java in\n Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32\n allows remote attackers to bypass the cross-site request\n forgery (CSRF) protection mechanism via a request that\n lacks a session identifier. (CVE-2012-4431)\n\n - org/apache/tomcat/util/net/NioEndpoint.java in Apache\n Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the\n NIO connector is used in conjunction with sendfile and\n HTTPS, allows remote attackers to cause a denial of\n service (infinite loop) by terminating the connection\n during the reading of a response. (CVE-2012-4534)\n\n - The replay-countermeasure functionality in the HTTP\n Digest Access Authentication implementation in Apache\n Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x\n before 7.0.30 tracks cnonce (aka client nonce) values\n instead of nonce (aka server nonce) and nc (aka\n nonce-count) values, which makes it easier for remote\n attackers to bypass intended access restrictions by\n sniffing the network for valid requests, a different\n vulnerability than CVE-2011-1184. (CVE-2012-5885)\n\n - The HTTP Digest Access Authentication implementation in\n Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36,\n and 7.x before 7.0.30 caches information about the\n authenticated user within the session state, which makes\n it easier for remote attackers to bypass authentication\n via vectors related to the session ID. (CVE-2012-5886)\n\n - The HTTP Digest Access Authentication implementation in\n Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36,\n and 7.x before 7.0.30 does not properly check for stale\n nonce values in conjunction with enforcement of proper\n credentials, which makes it easier for remote attackers\n to bypass intended access restrictions by sniffing the\n network for valid requests. (CVE-2012-5887)", "published": "2015-01-19T00:00:00", "modified": "2021-01-02T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "href": "https://www.tenable.com/plugins/nessus/80791", "reporter": "This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?ce09309a", "http://www.nessus.org/u?4a913f44"], "cvelist": ["CVE-2012-5887", "CVE-2012-4431", "CVE-2012-2733", "CVE-2011-1184", "CVE-2012-3546", "CVE-2012-5886", "CVE-2012-4534", "CVE-2012-5885"], "type": "nessus", "lastseen": "2021-01-01T05:49:24", "edition": 24, "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "f5", "idList": ["F5:K54891070"]}, {"type": "nessus", "idList": ["ORACLELINUX_ELSA-2013-0623.NASL", "CENTOS_RHSA-2013-0623.NASL", "SUSE_11_TOMCAT6-130107.NASL", "REDHAT-RHSA-2013-0623.NASL", "FEDORA_2012-20151.NASL", "TOMCAT_6_0_36.NASL", "REDHAT-RHSA-2013-0647.NASL", "SL_20130311_TOMCAT6_ON_SL6_X.NASL", "REDHAT-RHSA-2013-0266.NASL", "DEBIAN_DSA-2725.NASL"]}, {"type": "redhat", "idList": ["RHSA-2013:0623", "RHSA-2013:0632", "RHSA-2013:0266", "RHSA-2013:0265", "RHSA-2013:0648", "RHSA-2013:0640", "RHSA-2013:0629", "RHSA-2013:0631", "RHSA-2013:0647", "RHSA-2013:0726"]}, {"type": "centos", "idList": ["CESA-2013:0623", "CESA-2013:0640"]}, {"type": "openvas", "idList": ["OPENVAS:892725", "OPENVAS:870958", "OPENVAS:1361412562310870965", "OPENVAS:881689", "OPENVAS:1361412562310123666", "OPENVAS:1361412562310881689", "OPENVAS:870965", "OPENVAS:1361412562310892725", "OPENVAS:1361412562310123663", "OPENVAS:1361412562310870958"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2725-1:3350C"]}, {"type": "cve", "idList": ["CVE-2012-5886", "CVE-2012-5887", "CVE-2012-4534", "CVE-2012-2733", "CVE-2012-4431", "CVE-2012-3546", "CVE-2012-5885", "CVE-2011-1184"]}, {"type": "ubuntu", "idList": ["USN-1685-1", "USN-1637-1"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:28803", "SECURITYVULNS:DOC:28773", "SECURITYVULNS:VULN:12747", "SECURITYVULNS:DOC:28804", "SECURITYVULNS:DOC:27069", "SECURITYVULNS:VULN:12725", "SECURITYVULNS:DOC:28802"]}, {"type": "vmware", "idList": ["VMSA-2013-0006"]}, {"type": "oraclelinux", "idList": ["ELSA-2013-0640", "ELSA-2013-0623"]}, {"type": "fedora", "idList": ["FEDORA:7E5312097C"]}, {"type": "thn", "idList": ["THN:109F3CE2A5819B3E1345F63EBB346D6C"]}, {"type": "gentoo", "idList": ["GLSA-201412-29"]}, {"type": "atlassian", "idList": ["ATLASSIAN:CONF-29345", "ATLASSIAN:CONFSERVER-29345", "ATLASSIAN:CONFCLOUD-29345"]}, {"type": "freebsd", "idList": ["953911FE-51EF-11E2-8E34-0022156E8794"]}, {"type": "seebug", "idList": ["SSV:60497"]}], "modified": "2021-01-01T05:49:24", "rev": 2}, "score": {"value": 5.5, "vector": "NONE", "modified": "2021-01-01T05:49:24", "rev": 2}, "vulnersScore": 5.5}, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle Third Party software advisories.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80791);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/10/16 10:34:21\");\n\n script_cve_id(\"CVE-2012-2733\", \"CVE-2012-3546\", \"CVE-2012-4431\", \"CVE-2012-4534\", \"CVE-2012-5885\", \"CVE-2012-5886\", \"CVE-2012-5887\");\n\n script_name(english:\"Oracle Solaris Third-Party Patch Update : tomcat (multiple_vulnerabilities_in_apache_tomcat3)\");\n script_summary(english:\"Check for the 'entire' version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Solaris system is missing a security patch for third-party\nsoftware.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - java/org/apache/coyote/http11/InternalNioInputBuffer.jav\n a in the HTTP NIO connector in Apache Tomcat 6.x before\n 6.0.36 and 7.x before 7.0.28 does not properly restrict\n the request-header size, which allows remote attackers\n to cause a denial of service (memory consumption) via a\n large amount of header data. (CVE-2012-2733)\n\n - org/apache/catalina/realm/RealmBase.java in Apache\n Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when\n FORM authentication is used, allows remote attackers to\n bypass security-constraint checks by leveraging a\n previous setUserPrincipal call and then placing\n /j_security_check at the end of a URI. (CVE-2012-3546)\n\n - org/apache/catalina/filters/CsrfPreventionFilter.java in\n Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32\n allows remote attackers to bypass the cross-site request\n forgery (CSRF) protection mechanism via a request that\n lacks a session identifier. (CVE-2012-4431)\n\n - org/apache/tomcat/util/net/NioEndpoint.java in Apache\n Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the\n NIO connector is used in conjunction with sendfile and\n HTTPS, allows remote attackers to cause a denial of\n service (infinite loop) by terminating the connection\n during the reading of a response. (CVE-2012-4534)\n\n - The replay-countermeasure functionality in the HTTP\n Digest Access Authentication implementation in Apache\n Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x\n before 7.0.30 tracks cnonce (aka client nonce) values\n instead of nonce (aka server nonce) and nc (aka\n nonce-count) values, which makes it easier for remote\n attackers to bypass intended access restrictions by\n sniffing the network for valid requests, a different\n vulnerability than CVE-2011-1184. (CVE-2012-5885)\n\n - The HTTP Digest Access Authentication implementation in\n Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36,\n and 7.x before 7.0.30 caches information about the\n authenticated user within the session state, which makes\n it easier for remote attackers to bypass authentication\n via vectors related to the session ID. (CVE-2012-5886)\n\n - The HTTP Digest Access Authentication implementation in\n Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36,\n and 7.x before 7.0.30 does not properly check for stale\n nonce values in conjunction with enforcement of proper\n credentials, which makes it easier for remote attackers\n to bypass intended access restrictions by sniffing the\n network for valid requests. (CVE-2012-5887)\"\n );\n # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a913f44\"\n );\n # https://blogs.oracle.com/sunsecurity/multiple-vulnerabilities-in-apache-tomcat\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ce09309a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Solaris 11.1.4.5.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:11.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:tomcat\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\", \"Host/Solaris11/pkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\npkg_list = solaris_pkg_list_leaves();\nif (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, \"Solaris pkg-list packages\");\n\nif (empty_or_null(egrep(string:pkg_list, pattern:\"^tomcat$\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat\");\n\nflag = 0;\n\nif (solaris_check_release(release:\"0.5.11-0.175.1.4.0.5.0\", sru:\"SRU 4.5\") > 0) flag++;\n\nif (flag)\n{\n set_kb_item(name:'www/0/XSRF', value:TRUE);\n error_extra = 'Affected package : tomcat\\n' + solaris_get_report2();\n error_extra = ereg_replace(pattern:\"version\", replace:\"OS version\", string:error_extra);\n if (report_verbosity > 0) security_warning(port:0, extra:error_extra);\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_PACKAGE_NOT_AFFECTED, \"tomcat\");\n", "naslFamily": "Solaris Local Security Checks", "pluginID": "80791", "cpe": ["cpe:/o:oracle:solaris:11.1", "p-cpe:/a:oracle:solaris:tomcat"], "scheme": null}
{"f5": [{"lastseen": "2019-05-08T20:21:11", "bulletinFamily": "software", "cvelist": ["CVE-2012-5887", "CVE-2011-1184", "CVE-2012-5886", "CVE-2012-5885"], "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP AAM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 | Not vulnerable | None \nBIG-IP AFM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 | Not vulnerable | None \nBIG-IP Analytics | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP APM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP ASM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP DNS | None | 13.0.0 \n12.0.0 - 12.1.2 | Not vulnerable | None \nBIG-IP Edge Gateway | None | 11.2.1 | Not vulnerable | None \nBIG-IP GTM | None | 11.4.1 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP Link Controller | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP PEM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 | Not vulnerable | None \nBIG-IP PSM | None | 11.4.1 | Not vulnerable | None \nBIG-IP WebAccelerator | None | 11.2.1 | Not vulnerable | None \nBIG-IP WebSafe | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 | Not vulnerable | None \nARX | None | 6.2.0 - 6.4.0 | Not vulnerable | None \nEnterprise Manager | None | 3.1.1 | Not vulnerable | None \nBIG-IQ Cloud | None | 4.4.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Device | None | 4.4.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Security | None | 4.4.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ ADC | None | 4.5.0 | Not vulnerable | None \nBIG-IQ Centralized Management | None | 5.0.0 - 5.3.0 \n4.6.0 | Not vulnerable | None \nBIG-IQ Cloud and Orchestration | None | 1.0.0 | Not vulnerable | None \nF5 iWorkflow | None | 2.0.0 - 2.3.0 | Not vulnerable | None \nLineRate | None | 2.5.0 - 2.6.2 | Not vulnerable | None \nTraffix SDC | None | 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0 | Not vulnerable | None\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "edition": 1, "modified": "2017-10-12T00:09:00", "published": "2017-10-12T00:09:00", "id": "F5:K54891070", "href": "https://support.f5.com/csp/article/K54891070", "title": "Tomcat vulnerabilities CVE-2012-5885, CVE-2012-5886, and CVE-2012-5887", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "nessus": [{"lastseen": "2020-09-14T19:09:29", "description": "According to its self-reported version number, the instance of Apache\nTomcat 6.0 listening on the remote host is prior to Tomcat 6.0.36. It\nis, therefore, affected by multiple vulnerabilities :\n\n - A flaw exists within the parseHeaders() function that\n allows for a crafted header to cause a remote denial of\n service. (CVE-2012-2733)\n\n - An error exists related to FORM authentication that\n allows a security bypass if 'j_security_check' is\n appended to the request. (CVE-2012-3546)\n\n - An error exists in the file\n 'filters/CsrfPreventionFilter.java' that allows\n cross-site request forgery (XSRF) attacks to bypass\n the filtering. This can allow access to protected\n resources without a session identifier. (CVE-2012-4431)\n\n - An error exists related to the 'NIO' connector when\n HTTPS and 'sendfile' are enabled that can force the\n application into an infinite loop. (CVE-2012-4534)\n\n - Replay-countermeasure functionality in HTTP Digest\n Access Authentication tracks cnonce values instead of\n nonce values, which makes it easier for attackers to\n bypass access restrictions by sniffing the network for\n valid requests. (CVE-2012-5885)\n\n - The HTTP Digest Access Authentication implementation\n caches information about the authenticated user, which\n allows an attacker to bypass authentication via session\n ID. (CVE-2012-5886)\n\n - The HTTP Digest Access Authentication implementation\n does not properly check for stale nonce values with\n enforcement of proper credentials, which allows an\n attacker to bypass restrictions by sniffing requests.\n (CVE-2012-5887)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.", "edition": 24, "cvss3": {"score": 5.3, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "published": "2012-11-21T00:00:00", "title": "Apache Tomcat 6.0.x < 6.0.36 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5887", "CVE-2012-4431", "CVE-2012-2733", "CVE-2012-3546", "CVE-2012-5886", "CVE-2012-4534", "CVE-2012-5885"], "modified": "2012-11-21T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_6_0_36.NASL", "href": "https://www.tenable.com/plugins/nessus/62987", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(62987);\n script_version(\"1.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/11\");\n\n script_cve_id(\n \"CVE-2012-2733\",\n \"CVE-2012-3546\",\n \"CVE-2012-4431\",\n \"CVE-2012-4534\",\n \"CVE-2012-5885\",\n \"CVE-2012-5886\",\n \"CVE-2012-5887\"\n );\n script_bugtraq_id(56402, 56403, 56812, 56813, 56814);\n\n script_name(english:\"Apache Tomcat 6.0.x < 6.0.36 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the Apache Tomcat version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apache Tomcat server is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the instance of Apache\nTomcat 6.0 listening on the remote host is prior to Tomcat 6.0.36. It\nis, therefore, affected by multiple vulnerabilities :\n\n - A flaw exists within the parseHeaders() function that\n allows for a crafted header to cause a remote denial of\n service. (CVE-2012-2733)\n\n - An error exists related to FORM authentication that\n allows a security bypass if 'j_security_check' is\n appended to the request. (CVE-2012-3546)\n\n - An error exists in the file\n 'filters/CsrfPreventionFilter.java' that allows\n cross-site request forgery (XSRF) attacks to bypass\n the filtering. This can allow access to protected\n resources without a session identifier. (CVE-2012-4431)\n\n - An error exists related to the 'NIO' connector when\n HTTPS and 'sendfile' are enabled that can force the\n application into an infinite loop. (CVE-2012-4534)\n\n - Replay-countermeasure functionality in HTTP Digest\n Access Authentication tracks cnonce values instead of\n nonce values, which makes it easier for attackers to\n bypass access restrictions by sniffing the network for\n valid requests. (CVE-2012-5885)\n\n - The HTTP Digest Access Authentication implementation\n caches information about the authenticated user, which\n allows an attacker to bypass authentication via session\n ID. (CVE-2012-5886)\n\n - The HTTP Digest Access Authentication implementation\n does not properly check for stale nonce values with\n enforcement of proper credentials, which allows an\n attacker to bypass restrictions by sniffing requests.\n (CVE-2012-5887)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.36\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/fulldisclosure/2012/Dec/72\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/fulldisclosure/2012/Dec/73\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/fulldisclosure/2012/Dec/74\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Apache Tomcat version 6.0.36 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-5887\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/07/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/10/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/11/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n\n exit(0);\n}\n\ninclude(\"tomcat_version.inc\");\n\ntomcat_check_version(fixed:\"6.0.36\", min:\"6.0.0\", severity:SECURITY_WARNING, xsrf:TRUE, granularity_regex:\"^6(\\.0)?$\");\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-12T10:10:21", "description": " - Updated to 7.0.33\n\n - Resolves: rhbz 873620 need chkconfig for\n update-alternatives\n\n - Resolves: rhbz 883676,883691,883704,873707 fix several\n security issues\n\n - Resolves: rhbz 883806 refix logdir ownership\n\n - Resolves: rhbz 820119 Remove bundled\n apache-commons-dbcp\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 15, "published": "2012-12-20T00:00:00", "title": "Fedora 16 : tomcat-7.0.33-1.fc16 (2012-20151)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5887", "CVE-2012-4431", "CVE-2012-2733", "CVE-2012-3546", "CVE-2012-5886", "CVE-2012-4534", "CVE-2012-5885"], "modified": "2012-12-20T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:tomcat", "cpe:/o:fedoraproject:fedora:16"], "id": "FEDORA_2012-20151.NASL", "href": "https://www.tenable.com/plugins/nessus/63309", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-20151.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63309);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-2733\", \"CVE-2012-3546\", \"CVE-2012-4431\", \"CVE-2012-4534\", \"CVE-2012-5885\", \"CVE-2012-5886\", \"CVE-2012-5887\");\n script_bugtraq_id(56402, 56403, 56812, 56813, 56814);\n script_xref(name:\"FEDORA\", value:\"2012-20151\");\n\n script_name(english:\"Fedora 16 : tomcat-7.0.33-1.fc16 (2012-20151)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Updated to 7.0.33\n\n - Resolves: rhbz 873620 need chkconfig for\n update-alternatives\n\n - Resolves: rhbz 883676,883691,883704,873707 fix several\n security issues\n\n - Resolves: rhbz 883806 refix logdir ownership\n\n - Resolves: rhbz 820119 Remove bundled\n apache-commons-dbcp\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=873664\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=873695\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=883634\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=883636\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=883637\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-December/094893.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0bbf6a2f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/12/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"tomcat-7.0.33-1.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-09-25T09:14:35", "description": "Updated tomcat6 packages that fix multiple security issues are now\navailable for JBoss Enterprise Web Server 2.0.0 for Red Hat Enterprise\nLinux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container.\n\nIt was found that sending a request without a session identifier to a\nprotected resource could bypass the Cross-Site Request Forgery (CSRF)\nprevention filter. A remote attacker could use this flaw to perform\nCSRF attacks against applications that rely on the CSRF prevention\nfilter and do not contain internal mitigation for CSRF.\n(CVE-2012-4431)\n\nA flaw was found in the way Tomcat handled sendfile operations when\nusing the HTTP NIO (Non-Blocking I/O) connector and HTTPS. A remote\nattacker could use this flaw to cause a denial of service (infinite\nloop). The HTTP NIO connector is used by default in JBoss Enterprise\nWeb Server. The Apache Portable Runtime (APR) connector from the\nTomcat Native library was not affected by this flaw. (CVE-2012-4534)\n\nMultiple weaknesses were found in the Tomcat DIGEST authentication\nimplementation, effectively reducing the security normally provided by\nDIGEST authentication. A remote attacker could use these flaws to\nperform replay attacks in some circumstances. (CVE-2012-5885,\nCVE-2012-5886, CVE-2012-5887)\n\nA denial of service flaw was found in the way the Tomcat HTTP NIO\nconnector enforced limits on the permitted size of request headers. A\nremote attacker could use this flaw to trigger an OutOfMemoryError by\nsending a specially crafted request with very large headers. The HTTP\nNIO connector is used by default in JBoss Enterprise Web Server. The\nAPR connector from the Tomcat Native library was not affected by this\nflaw. (CVE-2012-2733)\n\nWarning: Before applying the update, back up your existing JBoss\nEnterprise Web Server installation (including all applications and\nconfiguration files).\n\nUsers of Tomcat should upgrade to these updated packages, which\nresolve these issues. Tomcat must be restarted for this update to take\neffect.", "edition": 24, "published": "2014-06-26T00:00:00", "title": "RHEL 5 / 6 : JBoss Web Server (RHSA-2013:0266)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5887", "CVE-2012-4431", "CVE-2012-2733", "CVE-2012-5886", "CVE-2012-4534", "CVE-2012-5885"], "modified": "2014-06-26T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:tomcat6", "p-cpe:/a:redhat:enterprise_linux:tomcat6-docs-webapp", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:tomcat6-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat6-servlet-2.5-api", "p-cpe:/a:redhat:enterprise_linux:tomcat6-log4j", "p-cpe:/a:redhat:enterprise_linux:tomcat6-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat6-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat6-lib", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:tomcat6-jsp-2.1-api", "p-cpe:/a:redhat:enterprise_linux:tomcat6-el-1.0-api"], "id": "REDHAT-RHSA-2013-0266.NASL", "href": "https://www.tenable.com/plugins/nessus/76234", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0266. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76234);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/24\");\n\n script_cve_id(\"CVE-2012-2733\", \"CVE-2012-4431\", \"CVE-2012-4534\", \"CVE-2012-5885\", \"CVE-2012-5886\", \"CVE-2012-5887\");\n script_bugtraq_id(56402, 56403, 56813, 56814);\n script_xref(name:\"RHSA\", value:\"2013:0266\");\n\n script_name(english:\"RHEL 5 / 6 : JBoss Web Server (RHSA-2013:0266)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated tomcat6 packages that fix multiple security issues are now\navailable for JBoss Enterprise Web Server 2.0.0 for Red Hat Enterprise\nLinux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container.\n\nIt was found that sending a request without a session identifier to a\nprotected resource could bypass the Cross-Site Request Forgery (CSRF)\nprevention filter. A remote attacker could use this flaw to perform\nCSRF attacks against applications that rely on the CSRF prevention\nfilter and do not contain internal mitigation for CSRF.\n(CVE-2012-4431)\n\nA flaw was found in the way Tomcat handled sendfile operations when\nusing the HTTP NIO (Non-Blocking I/O) connector and HTTPS. A remote\nattacker could use this flaw to cause a denial of service (infinite\nloop). The HTTP NIO connector is used by default in JBoss Enterprise\nWeb Server. The Apache Portable Runtime (APR) connector from the\nTomcat Native library was not affected by this flaw. (CVE-2012-4534)\n\nMultiple weaknesses were found in the Tomcat DIGEST authentication\nimplementation, effectively reducing the security normally provided by\nDIGEST authentication. A remote attacker could use these flaws to\nperform replay attacks in some circumstances. (CVE-2012-5885,\nCVE-2012-5886, CVE-2012-5887)\n\nA denial of service flaw was found in the way the Tomcat HTTP NIO\nconnector enforced limits on the permitted size of request headers. A\nremote attacker could use this flaw to trigger an OutOfMemoryError by\nsending a specially crafted request with very large headers. The HTTP\nNIO connector is used by default in JBoss Enterprise Web Server. The\nAPR connector from the Tomcat Native library was not affected by this\nflaw. (CVE-2012-2733)\n\nWarning: Before applying the update, back up your existing JBoss\nEnterprise Web Server installation (including all applications and\nconfiguration files).\n\nUsers of Tomcat should upgrade to these updated packages, which\nresolve these issues. Tomcat must be restarted for this update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://tomcat.apache.org/security-6.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:0266\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-2733\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-4431\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-4534\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5885\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5886\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5887\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-el-1.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/11/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0266\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL5\", rpm:\"mod_cluster\") || rpm_exists(release:\"RHEL6\", rpm:\"mod_cluster\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"JBoss Web Server\");\n\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-6.0.35-6_patch_06.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-admin-webapps-6.0.35-6_patch_06.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-docs-webapp-6.0.35-6_patch_06.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-el-1.0-api-6.0.35-6_patch_06.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-javadoc-6.0.35-6_patch_06.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-jsp-2.1-api-6.0.35-6_patch_06.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-lib-6.0.35-6_patch_06.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-log4j-6.0.35-6_patch_06.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-servlet-2.5-api-6.0.35-6_patch_06.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-webapps-6.0.35-6_patch_06.ep6.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-6.0.35-29_patch_06.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-admin-webapps-6.0.35-29_patch_06.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-docs-webapp-6.0.35-29_patch_06.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-el-1.0-api-6.0.35-29_patch_06.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-javadoc-6.0.35-29_patch_06.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-jsp-2.1-api-6.0.35-29_patch_06.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-lib-6.0.35-29_patch_06.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-log4j-6.0.35-29_patch_06.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-servlet-2.5-api-6.0.35-29_patch_06.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-webapps-6.0.35-29_patch_06.ep6.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-06-05T12:29:19", "description": "This update of tomcat6 fixes the following security issues :\n\n - denial of service. (CVE-2012-4534)\n\n - tomcat: HTTP NIO connector OOM DoS via a request with\n large headers. (CVE-2012-2733)\n\n - tomcat: cnonce tracking weakness. (CVE-2012-5885)\n\n - tomcat: authentication caching weakness. (CVE-2012-5886)\n\n - tomcat: stale nonce weakness. (CVE-2012-5887)\n\n - tomcat: affected by slowloris DoS. (CVE-2012-5568)\n\n - tomcat: Bypass of security constraints. (CVE-2012-3546)\n\n - tomcat: bypass of CSRF prevention filter.\n (CVE-2012-4431)", "edition": 17, "published": "2013-02-04T00:00:00", "title": "SuSE 11.2 Security Update : tomcat6 (SAT Patch Number 7208)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5887", "CVE-2012-4431", "CVE-2012-2733", "CVE-2012-3546", "CVE-2012-5886", "CVE-2012-4534", "CVE-2012-5568", "CVE-2012-5885"], "modified": "2013-02-04T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:tomcat6-webapps", "p-cpe:/a:novell:suse_linux:11:tomcat6", "p-cpe:/a:novell:suse_linux:11:tomcat6-servlet-2_5-api", "p-cpe:/a:novell:suse_linux:11:tomcat6-jsp-2_1-api", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:tomcat6-docs-webapp", "p-cpe:/a:novell:suse_linux:11:tomcat6-javadoc", "p-cpe:/a:novell:suse_linux:11:tomcat6-lib", "p-cpe:/a:novell:suse_linux:11:tomcat6-admin-webapps"], "id": "SUSE_11_TOMCAT6-130107.NASL", "href": "https://www.tenable.com/plugins/nessus/64430", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64430);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2012-2733\", \"CVE-2012-3546\", \"CVE-2012-4431\", \"CVE-2012-4534\", \"CVE-2012-5568\", \"CVE-2012-5885\", \"CVE-2012-5886\", \"CVE-2012-5887\");\n\n script_name(english:\"SuSE 11.2 Security Update : tomcat6 (SAT Patch Number 7208)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of tomcat6 fixes the following security issues :\n\n - denial of service. (CVE-2012-4534)\n\n - tomcat: HTTP NIO connector OOM DoS via a request with\n large headers. (CVE-2012-2733)\n\n - tomcat: cnonce tracking weakness. (CVE-2012-5885)\n\n - tomcat: authentication caching weakness. (CVE-2012-5886)\n\n - tomcat: stale nonce weakness. (CVE-2012-5887)\n\n - tomcat: affected by slowloris DoS. (CVE-2012-5568)\n\n - tomcat: Bypass of security constraints. (CVE-2012-3546)\n\n - tomcat: bypass of CSRF prevention filter.\n (CVE-2012-4431)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=789406\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=791423\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=791424\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=791426\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=791679\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=793391\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=793394\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=794548\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-2733.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-3546.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-4431.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-4534.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-5568.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-5885.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-5886.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-5887.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 7208.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:tomcat6-jsp-2_1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:tomcat6-servlet-2_5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 2) audit(AUDIT_OS_NOT, \"SuSE 11.2\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"tomcat6-6.0.18-20.35.40.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"tomcat6-admin-webapps-6.0.18-20.35.40.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"tomcat6-docs-webapp-6.0.18-20.35.40.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"tomcat6-javadoc-6.0.18-20.35.40.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"tomcat6-jsp-2_1-api-6.0.18-20.35.40.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"tomcat6-lib-6.0.18-20.35.40.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"tomcat6-servlet-2_5-api-6.0.18-20.35.40.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"tomcat6-webapps-6.0.18-20.35.40.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-09-25T09:49:58", "description": "It was found that when an application used FORM authentication, along\nwith another component that calls request.setUserPrincipal() before\nthe call to FormAuthenticator#authenticate() (such as the\nSingle-Sign-On valve), it was possible to bypass the security\nconstraint checks in the FORM authenticator by appending\n'/j_security_check' to the end of a URL. A remote attacker with an\nauthenticated session on an affected application could use this flaw\nto circumvent authorization controls, and thereby access resources not\npermitted by the roles associated with their authenticated session.\n(CVE-2012-3546)\n\nA flaw was found in the way Tomcat handled sendfile operations when\nusing the HTTP NIO (Non-Blocking I/O) connector and HTTPS. A remote\nattacker could use this flaw to cause a denial of service (infinite\nloop). The HTTP blocking IO (BIO) connector, which is not vulnerable\nto this issue, is used by default in Scientific Linux 6.\n(CVE-2012-4534)\n\nMultiple weaknesses were found in the Tomcat DIGEST authentication\nimplementation, effectively reducing the security normally provided by\nDIGEST authentication. A remote attacker could use these flaws to\nperform replay attacks in some circumstances. (CVE-2012-5885,\nCVE-2012-5886, CVE-2012-5887)\n\nTomcat must be restarted for this update to take effect.", "edition": 16, "published": "2013-03-13T00:00:00", "title": "Scientific Linux Security Update : tomcat6 on SL6.x (noarch) (20130311)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5887", "CVE-2012-3546", "CVE-2012-5886", "CVE-2012-4534", "CVE-2012-5885"], "modified": "2013-03-13T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:tomcat6", "p-cpe:/a:fermilab:scientific_linux:tomcat6-lib", "p-cpe:/a:fermilab:scientific_linux:tomcat6-webapps", "p-cpe:/a:fermilab:scientific_linux:tomcat6-admin-webapps", "p-cpe:/a:fermilab:scientific_linux:tomcat6-el-2.1-api", "p-cpe:/a:fermilab:scientific_linux:tomcat6-docs-webapp", "p-cpe:/a:fermilab:scientific_linux:tomcat6-javadoc", "p-cpe:/a:fermilab:scientific_linux:tomcat6-jsp-2.1-api", "x-cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:tomcat6-servlet-2.5-api"], "id": "SL_20130311_TOMCAT6_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/65243", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(65243);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/24\");\n\n script_cve_id(\"CVE-2012-3546\", \"CVE-2012-4534\", \"CVE-2012-5885\", \"CVE-2012-5886\", \"CVE-2012-5887\");\n\n script_name(english:\"Scientific Linux Security Update : tomcat6 on SL6.x (noarch) (20130311)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was found that when an application used FORM authentication, along\nwith another component that calls request.setUserPrincipal() before\nthe call to FormAuthenticator#authenticate() (such as the\nSingle-Sign-On valve), it was possible to bypass the security\nconstraint checks in the FORM authenticator by appending\n'/j_security_check' to the end of a URL. A remote attacker with an\nauthenticated session on an affected application could use this flaw\nto circumvent authorization controls, and thereby access resources not\npermitted by the roles associated with their authenticated session.\n(CVE-2012-3546)\n\nA flaw was found in the way Tomcat handled sendfile operations when\nusing the HTTP NIO (Non-Blocking I/O) connector and HTTPS. A remote\nattacker could use this flaw to cause a denial of service (infinite\nloop). The HTTP blocking IO (BIO) connector, which is not vulnerable\nto this issue, is used by default in Scientific Linux 6.\n(CVE-2012-4534)\n\nMultiple weaknesses were found in the Tomcat DIGEST authentication\nimplementation, effectively reducing the security normally provided by\nDIGEST authentication. A remote attacker could use these flaws to\nperform replay attacks in some circumstances. (CVE-2012-5885,\nCVE-2012-5886, CVE-2012-5887)\n\nTomcat must be restarted for this update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1303&L=scientific-linux-errata&T=0&P=3589\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?84cdcb1a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/11/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-6.0.24-52.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-admin-webapps-6.0.24-52.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-docs-webapp-6.0.24-52.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-el-2.1-api-6.0.24-52.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-javadoc-6.0.24-52.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-jsp-2.1-api-6.0.24-52.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-lib-6.0.24-52.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-servlet-2.5-api-6.0.24-52.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-webapps-6.0.24-52.el6_4\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-09-25T09:14:39", "description": "Updated tomcat6 packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container.\n\nIt was found that when an application used FORM authentication, along\nwith another component that calls request.setUserPrincipal() before\nthe call to FormAuthenticator#authenticate() (such as the\nSingle-Sign-On valve), it was possible to bypass the security\nconstraint checks in the FORM authenticator by appending\n'/j_security_check' to the end of a URL. A remote attacker with an\nauthenticated session on an affected application could use this flaw\nto circumvent authorization controls, and thereby access resources not\npermitted by the roles associated with their authenticated session.\n(CVE-2012-3546)\n\nA flaw was found in the way Tomcat handled sendfile operations when\nusing the HTTP NIO (Non-Blocking I/O) connector and HTTPS. A remote\nattacker could use this flaw to cause a denial of service (infinite\nloop). The HTTP blocking IO (BIO) connector, which is not vulnerable\nto this issue, is used by default in Red Hat Enterprise Linux 6.\n(CVE-2012-4534)\n\nMultiple weaknesses were found in the Tomcat DIGEST authentication\nimplementation, effectively reducing the security normally provided by\nDIGEST authentication. A remote attacker could use these flaws to\nperform replay attacks in some circumstances. (CVE-2012-5885,\nCVE-2012-5886, CVE-2012-5887)\n\nUsers of Tomcat should upgrade to these updated packages, which\ncorrect these issues. Tomcat must be restarted for this update to take\neffect.", "edition": 25, "published": "2013-03-12T00:00:00", "title": "RHEL 6 : tomcat6 (RHSA-2013:0623)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5887", "CVE-2012-3546", "CVE-2012-5886", "CVE-2012-4534", "CVE-2012-5885"], "modified": "2013-03-12T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:tomcat6", "p-cpe:/a:redhat:enterprise_linux:tomcat6-docs-webapp", "p-cpe:/a:redhat:enterprise_linux:tomcat6-admin-webapps", "cpe:/o:redhat:enterprise_linux:6.4", "p-cpe:/a:redhat:enterprise_linux:tomcat6-servlet-2.5-api", "p-cpe:/a:redhat:enterprise_linux:tomcat6-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat6-el-2.1-api", "p-cpe:/a:redhat:enterprise_linux:tomcat6-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat6-lib", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:tomcat6-jsp-2.1-api"], "id": "REDHAT-RHSA-2013-0623.NASL", "href": "https://www.tenable.com/plugins/nessus/65201", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0623. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(65201);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/24\");\n\n script_cve_id(\"CVE-2012-3546\", \"CVE-2012-4534\", \"CVE-2012-5885\", \"CVE-2012-5886\", \"CVE-2012-5887\");\n script_bugtraq_id(56403, 56812, 56813);\n script_xref(name:\"RHSA\", value:\"2013:0623\");\n\n script_name(english:\"RHEL 6 : tomcat6 (RHSA-2013:0623)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated tomcat6 packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container.\n\nIt was found that when an application used FORM authentication, along\nwith another component that calls request.setUserPrincipal() before\nthe call to FormAuthenticator#authenticate() (such as the\nSingle-Sign-On valve), it was possible to bypass the security\nconstraint checks in the FORM authenticator by appending\n'/j_security_check' to the end of a URL. A remote attacker with an\nauthenticated session on an affected application could use this flaw\nto circumvent authorization controls, and thereby access resources not\npermitted by the roles associated with their authenticated session.\n(CVE-2012-3546)\n\nA flaw was found in the way Tomcat handled sendfile operations when\nusing the HTTP NIO (Non-Blocking I/O) connector and HTTPS. A remote\nattacker could use this flaw to cause a denial of service (infinite\nloop). The HTTP blocking IO (BIO) connector, which is not vulnerable\nto this issue, is used by default in Red Hat Enterprise Linux 6.\n(CVE-2012-4534)\n\nMultiple weaknesses were found in the Tomcat DIGEST authentication\nimplementation, effectively reducing the security normally provided by\nDIGEST authentication. A remote attacker could use these flaws to\nperform replay attacks in some circumstances. (CVE-2012-5885,\nCVE-2012-5886, CVE-2012-5887)\n\nUsers of Tomcat should upgrade to these updated packages, which\ncorrect these issues. Tomcat must be restarted for this update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://tomcat.apache.org/security-6.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:0623\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-3546\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5885\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-4534\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5886\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5887\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/11/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0623\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-6.0.24-52.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-admin-webapps-6.0.24-52.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-docs-webapp-6.0.24-52.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-el-2.1-api-6.0.24-52.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-javadoc-6.0.24-52.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-jsp-2.1-api-6.0.24-52.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-lib-6.0.24-52.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-servlet-2.5-api-6.0.24-52.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-webapps-6.0.24-52.el6_4\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-06T09:28:35", "description": "Updated tomcat6 packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container.\n\nIt was found that when an application used FORM authentication, along\nwith another component that calls request.setUserPrincipal() before\nthe call to FormAuthenticator#authenticate() (such as the\nSingle-Sign-On valve), it was possible to bypass the security\nconstraint checks in the FORM authenticator by appending\n'/j_security_check' to the end of a URL. A remote attacker with an\nauthenticated session on an affected application could use this flaw\nto circumvent authorization controls, and thereby access resources not\npermitted by the roles associated with their authenticated session.\n(CVE-2012-3546)\n\nA flaw was found in the way Tomcat handled sendfile operations when\nusing the HTTP NIO (Non-Blocking I/O) connector and HTTPS. A remote\nattacker could use this flaw to cause a denial of service (infinite\nloop). The HTTP blocking IO (BIO) connector, which is not vulnerable\nto this issue, is used by default in Red Hat Enterprise Linux 6.\n(CVE-2012-4534)\n\nMultiple weaknesses were found in the Tomcat DIGEST authentication\nimplementation, effectively reducing the security normally provided by\nDIGEST authentication. A remote attacker could use these flaws to\nperform replay attacks in some circumstances. (CVE-2012-5885,\nCVE-2012-5886, CVE-2012-5887)\n\nUsers of Tomcat should upgrade to these updated packages, which\ncorrect these issues. Tomcat must be restarted for this update to take\neffect.", "edition": 27, "published": "2013-03-13T00:00:00", "title": "CentOS 6 : tomcat6 (CESA-2013:0623)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5887", "CVE-2012-3546", "CVE-2012-5886", "CVE-2012-4534", "CVE-2012-5885"], "modified": "2013-03-13T00:00:00", "cpe": ["cpe:/o:centos:centos:6", "p-cpe:/a:centos:centos:tomcat6-servlet-2.5-api", "p-cpe:/a:centos:centos:tomcat6-el-2.1-api", "p-cpe:/a:centos:centos:tomcat6-lib", "p-cpe:/a:centos:centos:tomcat6-docs-webapp", "p-cpe:/a:centos:centos:tomcat6-webapps", "p-cpe:/a:centos:centos:tomcat6-admin-webapps", "p-cpe:/a:centos:centos:tomcat6-jsp-2.1-api", "p-cpe:/a:centos:centos:tomcat6-javadoc", "p-cpe:/a:centos:centos:tomcat6"], "id": "CENTOS_RHSA-2013-0623.NASL", "href": "https://www.tenable.com/plugins/nessus/65225", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0623 and \n# CentOS Errata and Security Advisory 2013:0623 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(65225);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2012-3546\", \"CVE-2012-4534\", \"CVE-2012-5885\", \"CVE-2012-5886\", \"CVE-2012-5887\");\n script_bugtraq_id(56403, 56812, 56813);\n script_xref(name:\"RHSA\", value:\"2013:0623\");\n\n script_name(english:\"CentOS 6 : tomcat6 (CESA-2013:0623)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated tomcat6 packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container.\n\nIt was found that when an application used FORM authentication, along\nwith another component that calls request.setUserPrincipal() before\nthe call to FormAuthenticator#authenticate() (such as the\nSingle-Sign-On valve), it was possible to bypass the security\nconstraint checks in the FORM authenticator by appending\n'/j_security_check' to the end of a URL. A remote attacker with an\nauthenticated session on an affected application could use this flaw\nto circumvent authorization controls, and thereby access resources not\npermitted by the roles associated with their authenticated session.\n(CVE-2012-3546)\n\nA flaw was found in the way Tomcat handled sendfile operations when\nusing the HTTP NIO (Non-Blocking I/O) connector and HTTPS. A remote\nattacker could use this flaw to cause a denial of service (infinite\nloop). The HTTP blocking IO (BIO) connector, which is not vulnerable\nto this issue, is used by default in Red Hat Enterprise Linux 6.\n(CVE-2012-4534)\n\nMultiple weaknesses were found in the Tomcat DIGEST authentication\nimplementation, effectively reducing the security normally provided by\nDIGEST authentication. A remote attacker could use these flaws to\nperform replay attacks in some circumstances. (CVE-2012-5885,\nCVE-2012-5886, CVE-2012-5887)\n\nUsers of Tomcat should upgrade to these updated packages, which\ncorrect these issues. Tomcat must be restarted for this update to take\neffect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2013-March/019640.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5e545b75\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat6 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-5885\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/11/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-6.0.24-52.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-admin-webapps-6.0.24-52.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-docs-webapp-6.0.24-52.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-el-2.1-api-6.0.24-52.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-javadoc-6.0.24-52.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-jsp-2.1-api-6.0.24-52.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-lib-6.0.24-52.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-servlet-2.5-api-6.0.24-52.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-webapps-6.0.24-52.el6_4\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-09-25T08:55:43", "description": "From Red Hat Security Advisory 2013:0623 :\n\nUpdated tomcat6 packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container.\n\nIt was found that when an application used FORM authentication, along\nwith another component that calls request.setUserPrincipal() before\nthe call to FormAuthenticator#authenticate() (such as the\nSingle-Sign-On valve), it was possible to bypass the security\nconstraint checks in the FORM authenticator by appending\n'/j_security_check' to the end of a URL. A remote attacker with an\nauthenticated session on an affected application could use this flaw\nto circumvent authorization controls, and thereby access resources not\npermitted by the roles associated with their authenticated session.\n(CVE-2012-3546)\n\nA flaw was found in the way Tomcat handled sendfile operations when\nusing the HTTP NIO (Non-Blocking I/O) connector and HTTPS. A remote\nattacker could use this flaw to cause a denial of service (infinite\nloop). The HTTP blocking IO (BIO) connector, which is not vulnerable\nto this issue, is used by default in Red Hat Enterprise Linux 6.\n(CVE-2012-4534)\n\nMultiple weaknesses were found in the Tomcat DIGEST authentication\nimplementation, effectively reducing the security normally provided by\nDIGEST authentication. A remote attacker could use these flaws to\nperform replay attacks in some circumstances. (CVE-2012-5885,\nCVE-2012-5886, CVE-2012-5887)\n\nUsers of Tomcat should upgrade to these updated packages, which\ncorrect these issues. Tomcat must be restarted for this update to take\neffect.", "edition": 23, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 6 : tomcat6 (ELSA-2013-0623)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5887", "CVE-2012-3546", "CVE-2012-5886", "CVE-2012-4534", "CVE-2012-5885"], "modified": "2013-07-12T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:tomcat6-servlet-2.5-api", "p-cpe:/a:oracle:linux:tomcat6-lib", "p-cpe:/a:oracle:linux:tomcat6-el-2.1-api", "p-cpe:/a:oracle:linux:tomcat6-webapps", "p-cpe:/a:oracle:linux:tomcat6-admin-webapps", "p-cpe:/a:oracle:linux:tomcat6-javadoc", "p-cpe:/a:oracle:linux:tomcat6", "p-cpe:/a:oracle:linux:tomcat6-docs-webapp", "p-cpe:/a:oracle:linux:tomcat6-jsp-2.1-api"], "id": "ORACLELINUX_ELSA-2013-0623.NASL", "href": "https://www.tenable.com/plugins/nessus/68786", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2013:0623 and \n# Oracle Linux Security Advisory ELSA-2013-0623 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68786);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/24\");\n\n script_cve_id(\"CVE-2012-3546\", \"CVE-2012-4534\", \"CVE-2012-5885\", \"CVE-2012-5886\", \"CVE-2012-5887\");\n script_bugtraq_id(56403, 56812, 56813);\n script_xref(name:\"RHSA\", value:\"2013:0623\");\n\n script_name(english:\"Oracle Linux 6 : tomcat6 (ELSA-2013-0623)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2013:0623 :\n\nUpdated tomcat6 packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container.\n\nIt was found that when an application used FORM authentication, along\nwith another component that calls request.setUserPrincipal() before\nthe call to FormAuthenticator#authenticate() (such as the\nSingle-Sign-On valve), it was possible to bypass the security\nconstraint checks in the FORM authenticator by appending\n'/j_security_check' to the end of a URL. A remote attacker with an\nauthenticated session on an affected application could use this flaw\nto circumvent authorization controls, and thereby access resources not\npermitted by the roles associated with their authenticated session.\n(CVE-2012-3546)\n\nA flaw was found in the way Tomcat handled sendfile operations when\nusing the HTTP NIO (Non-Blocking I/O) connector and HTTPS. A remote\nattacker could use this flaw to cause a denial of service (infinite\nloop). The HTTP blocking IO (BIO) connector, which is not vulnerable\nto this issue, is used by default in Red Hat Enterprise Linux 6.\n(CVE-2012-4534)\n\nMultiple weaknesses were found in the Tomcat DIGEST authentication\nimplementation, effectively reducing the security normally provided by\nDIGEST authentication. A remote attacker could use these flaws to\nperform replay attacks in some circumstances. (CVE-2012-5885,\nCVE-2012-5886, CVE-2012-5887)\n\nUsers of Tomcat should upgrade to these updated packages, which\ncorrect these issues. Tomcat must be restarted for this update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2013-March/003351.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat6 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/11/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-6.0.24-52.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-admin-webapps-6.0.24-52.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-docs-webapp-6.0.24-52.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-el-2.1-api-6.0.24-52.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-javadoc-6.0.24-52.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-jsp-2.1-api-6.0.24-52.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-lib-6.0.24-52.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-servlet-2.5-api-6.0.24-52.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-webapps-6.0.24-52.el6_4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-12T09:47:58", "description": "Two security issues have been found in the Tomcat servlet and JSP\nengine :\n\n - CVE-2012-3544\n The input filter for chunked transfer encodings could\n trigger high resource consumption through malformed CRLF\n sequences, resulting in denial of service.\n\n - CVE-2013-2067\n The FormAuthenticator module was vulnerable to session\n fixation.", "edition": 18, "published": "2013-07-19T00:00:00", "title": "Debian DSA-2725-1 : tomcat6 - several vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-3544", "CVE-2012-5887", "CVE-2012-4431", "CVE-2012-2733", "CVE-2013-2067", "CVE-2012-3546", "CVE-2012-5886", "CVE-2012-4534", "CVE-2012-5885"], "modified": "2013-07-19T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:tomcat6", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-2725.NASL", "href": "https://www.tenable.com/plugins/nessus/68971", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2725. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68971);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-3544\", \"CVE-2013-2067\");\n script_bugtraq_id(59797, 59799);\n script_xref(name:\"DSA\", value:\"2725\");\n\n script_name(english:\"Debian DSA-2725-1 : tomcat6 - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Two security issues have been found in the Tomcat servlet and JSP\nengine :\n\n - CVE-2012-3544\n The input filter for chunked transfer encodings could\n trigger high resource consumption through malformed CRLF\n sequences, resulting in denial of service.\n\n - CVE-2013-2067\n The FormAuthenticator module was vulnerable to session\n fixation.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-3544\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-2067\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-2733\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-3546\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-4431\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-4534\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-5885\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-5886\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-5887\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/tomcat6\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/tomcat6\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2013/dsa-2725\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the tomcat6 packages.\n\nFor the oldstable distribution (squeeze), these problems have been\nfixed in version 6.0.35-1+squeeze3. This update also provides fixes\nfor CVE-2012-2733, CVE-2012-3546, CVE-2012-4431, CVE-2012-4534,\nCVE-2012-5885, CVE-2012-5886 and CVE-2012-5887, which were all fixed\nfor stable already.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 6.0.35-6+deb7u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"libservlet2.5-java\", reference:\"6.0.35-1+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libservlet2.5-java-doc\", reference:\"6.0.35-1+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libtomcat6-java\", reference:\"6.0.35-1+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"tomcat6\", reference:\"6.0.35-1+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"tomcat6-admin\", reference:\"6.0.35-1+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"tomcat6-common\", reference:\"6.0.35-1+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"tomcat6-docs\", reference:\"6.0.35-1+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"tomcat6-examples\", reference:\"6.0.35-1+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"tomcat6-user\", reference:\"6.0.35-1+squeeze3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libservlet2.4-java\", reference:\"6.0.35-6+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libservlet2.5-java\", reference:\"6.0.35-6+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libservlet2.5-java-doc\", reference:\"6.0.35-6+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libtomcat6-java\", reference:\"6.0.35-6+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat6\", reference:\"6.0.35-6+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat6-admin\", reference:\"6.0.35-6+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat6-common\", reference:\"6.0.35-6+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat6-docs\", reference:\"6.0.35-6+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat6-examples\", reference:\"6.0.35-6+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat6-extras\", reference:\"6.0.35-6+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat6-user\", reference:\"6.0.35-6+deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-25T09:14:40", "description": "Updated jbossweb packages for JBoss Enterprise Application Platform\n6.0.1 that fix multiple security issues are now available for Red Hat\nEnterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nJBoss Web is the web container, based on Apache Tomcat, in JBoss\nEnterprise Application Platform. It provides a single deployment\nplatform for the JavaServer Pages (JSP) and Java Servlet technologies.\n\nIt was found that sending a request without a session identifier to a\nprotected resource could bypass the Cross-Site Request Forgery (CSRF)\nprevention filter in JBoss Web. A remote attacker could use this flaw\nto perform CSRF attacks against applications that rely on the CSRF\nprevention filter and do not contain internal mitigation for CSRF.\n(CVE-2012-4431)\n\nMultiple weaknesses were found in the JBoss Web DIGEST authentication\nimplementation, effectively reducing the security normally provided by\nDIGEST authentication. A remote attacker could use these flaws to\nperform replay attacks in some circumstances. (CVE-2012-5885,\nCVE-2012-5886, CVE-2012-5887)\n\nWarning: Before applying this update, back up your existing JBoss\nEnterprise Application Platform installation and deployed\napplications.\n\nAll users of JBoss Enterprise Application Platform 6.0.1 on Red Hat\nEnterprise Linux 5 and 6 are advised to upgrade to these updated\npackages. The JBoss server process must be restarted for the update to\ntake effect.", "edition": 25, "published": "2013-03-15T00:00:00", "title": "RHEL 5 / 6 : jbossweb (RHSA-2013:0647)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5887", "CVE-2012-4431", "CVE-2012-5886", "CVE-2012-5885"], "modified": "2013-03-15T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:jbossweb-lib", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:jbossweb"], "id": "REDHAT-RHSA-2013-0647.NASL", "href": "https://www.tenable.com/plugins/nessus/65562", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0647. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(65562);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/24\");\n\n script_cve_id(\"CVE-2012-4431\", \"CVE-2012-5885\", \"CVE-2012-5886\", \"CVE-2012-5887\");\n script_bugtraq_id(56403, 56814);\n script_xref(name:\"RHSA\", value:\"2013:0647\");\n\n script_name(english:\"RHEL 5 / 6 : jbossweb (RHSA-2013:0647)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated jbossweb packages for JBoss Enterprise Application Platform\n6.0.1 that fix multiple security issues are now available for Red Hat\nEnterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nJBoss Web is the web container, based on Apache Tomcat, in JBoss\nEnterprise Application Platform. It provides a single deployment\nplatform for the JavaServer Pages (JSP) and Java Servlet technologies.\n\nIt was found that sending a request without a session identifier to a\nprotected resource could bypass the Cross-Site Request Forgery (CSRF)\nprevention filter in JBoss Web. A remote attacker could use this flaw\nto perform CSRF attacks against applications that rely on the CSRF\nprevention filter and do not contain internal mitigation for CSRF.\n(CVE-2012-4431)\n\nMultiple weaknesses were found in the JBoss Web DIGEST authentication\nimplementation, effectively reducing the security normally provided by\nDIGEST authentication. A remote attacker could use these flaws to\nperform replay attacks in some circumstances. (CVE-2012-5885,\nCVE-2012-5886, CVE-2012-5887)\n\nWarning: Before applying this update, back up your existing JBoss\nEnterprise Application Platform installation and deployed\napplications.\n\nAll users of JBoss Enterprise Application Platform 6.0.1 on Red Hat\nEnterprise Linux 5 and 6 are advised to upgrade to these updated\npackages. The JBoss server process must be restarted for the update to\ntake effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:0647\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-4431\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5885\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5886\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5887\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected jbossweb and / or jbossweb-lib packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/11/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0647\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossweb-7.0.17-4.Final_redhat_3.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossweb-lib-7.0.17-4.Final_redhat_3.ep6.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"jbossweb-7.0.17-4.Final_redhat_3.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossweb-lib-7.0.17-4.Final_redhat_3.ep6.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"jbossweb / jbossweb-lib\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "redhat": [{"lastseen": "2019-08-13T18:44:40", "bulletinFamily": "unix", "cvelist": ["CVE-2012-2733", "CVE-2012-4431", "CVE-2012-4534", "CVE-2012-5885", "CVE-2012-5886", "CVE-2012-5887"], "description": "Apache Tomcat is a servlet container.\n\nIt was found that sending a request without a session identifier to a\nprotected resource could bypass the Cross-Site Request Forgery (CSRF)\nprevention filter. A remote attacker could use this flaw to perform\nCSRF attacks against applications that rely on the CSRF prevention filter\nand do not contain internal mitigation for CSRF. (CVE-2012-4431)\n\nA flaw was found in the way Tomcat handled sendfile operations when using\nthe HTTP NIO (Non-Blocking I/O) connector and HTTPS. A remote attacker\ncould use this flaw to cause a denial of service (infinite loop). The HTTP\nNIO connector is used by default in JBoss Enterprise Web Server. The Apache\nPortable Runtime (APR) connector from the Tomcat Native library was not\naffected by this flaw. (CVE-2012-4534)\n\nMultiple weaknesses were found in the Tomcat DIGEST authentication\nimplementation, effectively reducing the security normally provided by\nDIGEST authentication. A remote attacker could use these flaws to perform\nreplay attacks in some circumstances. (CVE-2012-5885, CVE-2012-5886,\nCVE-2012-5887)\n\nA denial of service flaw was found in the way the Tomcat HTTP NIO connector\nenforced limits on the permitted size of request headers. A remote attacker\ncould use this flaw to trigger an OutOfMemoryError by sending a\nspecially-crafted request with very large headers. The HTTP NIO connector\nis used by default in JBoss Enterprise Web Server. The APR connector from\nthe Tomcat Native library was not affected by this flaw. (CVE-2012-2733)\n\nWarning: Before applying the update, back up your existing JBoss Enterprise\nWeb Server installation (including all applications and configuration\nfiles).\n\nUsers of Tomcat should upgrade to these updated packages, which resolve\nthese issues. Tomcat must be restarted for this update to take effect.", "modified": "2018-08-09T19:46:59", "published": "2013-02-20T01:29:27", "id": "RHSA-2013:0266", "href": "https://access.redhat.com/errata/RHSA-2013:0266", "type": "redhat", "title": "(RHSA-2013:0266) Moderate: tomcat6 security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T14:34:33", "bulletinFamily": "unix", "cvelist": ["CVE-2012-2733", "CVE-2012-4431", "CVE-2012-4534", "CVE-2012-5885", "CVE-2012-5886", "CVE-2012-5887"], "description": "Apache Tomcat is a servlet container.\n\nIt was found that sending a request without a session identifier to a\nprotected resource could bypass the Cross-Site Request Forgery (CSRF)\nprevention filter. A remote attacker could use this flaw to perform\nCSRF attacks against applications that rely on the CSRF prevention filter\nand do not contain internal mitigation for CSRF. (CVE-2012-4431)\n\nA flaw was found in the way Tomcat handled sendfile operations when using\nthe HTTP NIO (Non-Blocking I/O) connector and HTTPS. A remote attacker\ncould use this flaw to cause a denial of service (infinite loop). The HTTP\nNIO connector is used by default in JBoss Enterprise Web Server. The Apache\nPortable Runtime (APR) connector from the Tomcat Native library was not\naffected by this flaw. (CVE-2012-4534)\n\nMultiple weaknesses were found in the Tomcat DIGEST authentication\nimplementation, effectively reducing the security normally provided by\nDIGEST authentication. A remote attacker could use these flaws to perform\nreplay attacks in some circumstances. (CVE-2012-5885, CVE-2012-5886,\nCVE-2012-5887)\n\nA denial of service flaw was found in the way the Tomcat HTTP NIO connector\nenforced limits on the permitted size of request headers. A remote attacker\ncould use this flaw to trigger an OutOfMemoryError by sending a\nspecially-crafted request with very large headers. The HTTP NIO connector\nis used by default in JBoss Enterprise Web Server. The APR connector from\nthe Tomcat Native library was not affected by this flaw. (CVE-2012-2733)\n\nWarning: Before applying the update, back up your existing JBoss Enterprise\nWeb Server installation (including all applications and configuration\nfiles).\n\nAll users of JBoss Enterprise Web Server 2.0.0 as provided from the Red Hat\nCustomer Portal are advised to apply this update.", "modified": "2018-06-07T02:42:48", "published": "2013-02-20T01:28:50", "id": "RHSA-2013:0265", "href": "https://access.redhat.com/errata/RHSA-2013:0265", "type": "redhat", "title": "(RHSA-2013:0265) Moderate: tomcat6 security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-08-13T18:47:03", "bulletinFamily": "unix", "cvelist": ["CVE-2012-3546", "CVE-2012-4534", "CVE-2012-5885", "CVE-2012-5886", "CVE-2012-5887"], "description": "Apache Tomcat is a servlet container.\n\nIt was found that when an application used FORM authentication, along with\nanother component that calls request.setUserPrincipal() before the call to\nFormAuthenticator#authenticate() (such as the Single-Sign-On valve), it was\npossible to bypass the security constraint checks in the FORM authenticator\nby appending \"/j_security_check\" to the end of a URL. A remote attacker\nwith an authenticated session on an affected application could use this\nflaw to circumvent authorization controls, and thereby access resources not\npermitted by the roles associated with their authenticated session.\n(CVE-2012-3546)\n\nA flaw was found in the way Tomcat handled sendfile operations when using\nthe HTTP NIO (Non-Blocking I/O) connector and HTTPS. A remote attacker\ncould use this flaw to cause a denial of service (infinite loop). The HTTP\nblocking IO (BIO) connector, which is not vulnerable to this issue, is used\nby default in Red Hat Enterprise Linux 6. (CVE-2012-4534)\n\nMultiple weaknesses were found in the Tomcat DIGEST authentication\nimplementation, effectively reducing the security normally provided by\nDIGEST authentication. A remote attacker could use these flaws to perform\nreplay attacks in some circumstances. (CVE-2012-5885, CVE-2012-5886,\nCVE-2012-5887)\n\nUsers of Tomcat should upgrade to these updated packages, which correct\nthese issues. Tomcat must be restarted for this update to take effect.\n", "modified": "2018-06-06T20:24:31", "published": "2013-03-11T04:00:00", "id": "RHSA-2013:0623", "href": "https://access.redhat.com/errata/RHSA-2013:0623", "type": "redhat", "title": "(RHSA-2013:0623) Important: tomcat6 security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T14:35:02", "bulletinFamily": "unix", "cvelist": ["CVE-2012-4431", "CVE-2012-5885", "CVE-2012-5886", "CVE-2012-5887"], "description": "JBoss Web is the web container, based on Apache Tomcat, in JBoss Enterprise\nApplication Platform. It provides a single deployment platform for the\nJavaServer Pages (JSP) and Java Servlet technologies.\n\nIt was found that sending a request without a session identifier to a\nprotected resource could bypass the Cross-Site Request Forgery (CSRF)\nprevention filter in JBoss Web. A remote attacker could use this flaw to\nperform CSRF attacks against applications that rely on the CSRF prevention\nfilter and do not contain internal mitigation for CSRF. (CVE-2012-4431)\n\nMultiple weaknesses were found in the JBoss Web DIGEST authentication\nimplementation, effectively reducing the security normally provided by\nDIGEST authentication. A remote attacker could use these flaws to perform\nreplay attacks in some circumstances. (CVE-2012-5885, CVE-2012-5886,\nCVE-2012-5887)\n\nWarning: Before applying this update, back up your existing JBoss\nEnterprise Application Platform installation and deployed applications.\n\nAll users of JBoss Enterprise Application Platform 6.0.1 as provided from\nthe Red Hat Customer Portal are advised to apply this update.", "modified": "2019-02-20T17:36:11", "published": "2013-03-14T20:39:33", "id": "RHSA-2013:0648", "href": "https://access.redhat.com/errata/RHSA-2013:0648", "type": "redhat", "title": "(RHSA-2013:0648) Moderate: jbossweb security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-08-13T18:46:34", "bulletinFamily": "unix", "cvelist": ["CVE-2012-4431", "CVE-2012-5885", "CVE-2012-5886", "CVE-2012-5887"], "description": "JBoss Web is the web container, based on Apache Tomcat, in JBoss Enterprise\nApplication Platform. It provides a single deployment platform for the\nJavaServer Pages (JSP) and Java Servlet technologies.\n\nIt was found that sending a request without a session identifier to a\nprotected resource could bypass the Cross-Site Request Forgery (CSRF)\nprevention filter in JBoss Web. A remote attacker could use this flaw to\nperform CSRF attacks against applications that rely on the CSRF prevention\nfilter and do not contain internal mitigation for CSRF. (CVE-2012-4431)\n\nMultiple weaknesses were found in the JBoss Web DIGEST authentication\nimplementation, effectively reducing the security normally provided by\nDIGEST authentication. A remote attacker could use these flaws to perform\nreplay attacks in some circumstances. (CVE-2012-5885, CVE-2012-5886,\nCVE-2012-5887)\n\nWarning: Before applying this update, back up your existing JBoss\nEnterprise Application Platform installation and deployed applications.\n\nAll users of JBoss Enterprise Application Platform 6.0.1 on Red Hat\nEnterprise Linux 5 and 6 are advised to upgrade to these updated packages.\nThe JBoss server process must be restarted for the update to take effect.\n", "modified": "2018-06-07T02:39:05", "published": "2013-03-14T04:00:00", "id": "RHSA-2013:0647", "href": "https://access.redhat.com/errata/RHSA-2013:0647", "type": "redhat", "title": "(RHSA-2013:0647) Moderate: jbossweb security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-08-13T18:46:59", "bulletinFamily": "unix", "cvelist": ["CVE-2012-3546", "CVE-2012-5885", "CVE-2012-5886", "CVE-2012-5887"], "description": "Apache Tomcat is a servlet container.\n\nIt was found that when an application used FORM authentication, along with\nanother component that calls request.setUserPrincipal() before the call to\nFormAuthenticator#authenticate() (such as the Single-Sign-On valve), it was\npossible to bypass the security constraint checks in the FORM authenticator\nby appending \"/j_security_check\" to the end of a URL. A remote attacker\nwith an authenticated session on an affected application could use this\nflaw to circumvent authorization controls, and thereby access resources not\npermitted by the roles associated with their authenticated session.\n(CVE-2012-3546)\n\nMultiple weaknesses were found in the Tomcat DIGEST authentication\nimplementation, effectively reducing the security normally provided by\nDIGEST authentication. A remote attacker could use these flaws to perform\nreplay attacks in some circumstances. (CVE-2012-5885, CVE-2012-5886,\nCVE-2012-5887)\n\nUsers of Tomcat should upgrade to these updated packages, which correct\nthese issues. Tomcat must be restarted for this update to take effect.\n", "modified": "2017-09-08T11:56:44", "published": "2013-03-12T04:00:00", "id": "RHSA-2013:0640", "href": "https://access.redhat.com/errata/RHSA-2013:0640", "type": "redhat", "title": "(RHSA-2013:0640) Important: tomcat5 security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-08-13T18:45:52", "bulletinFamily": "unix", "cvelist": ["CVE-2012-5885", "CVE-2012-5886", "CVE-2012-5887"], "description": "JBoss Web is a web container based on Apache Tomcat. It provides a single\ndeployment platform for the JavaServer Pages (JSP) and Java Servlet\ntechnologies.\n\nMultiple weaknesses were found in the JBoss Web DIGEST authentication\nimplementation, effectively reducing the security normally provided by\nDIGEST authentication. A remote attacker could use these flaws to perform\nreplay attacks in some circumstances. (CVE-2012-5885, CVE-2012-5886,\nCVE-2012-5887)\n\nWarning: Before applying this update, back up your existing JBoss\nEnterprise Web Platform installation (including all applications and\nconfiguration files).\n\nAll users of JBoss Enterprise Web Platform 5.2.0 on Red Hat Enterprise\nLinux 4, 5, and 6 are advised to upgrade to these updated packages. The\nJBoss server process must be restarted for the update to take effect.\n", "modified": "2018-06-07T02:39:14", "published": "2013-03-11T04:00:00", "id": "RHSA-2013:0631", "href": "https://access.redhat.com/errata/RHSA-2013:0631", "type": "redhat", "title": "(RHSA-2013:0631) Moderate: jbossweb security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-08-13T18:45:09", "bulletinFamily": "unix", "cvelist": ["CVE-2012-5885", "CVE-2012-5886", "CVE-2012-5887"], "description": "JBoss Web is the web container, based on Apache Tomcat, in JBoss Enterprise\nApplication Platform. It provides a single deployment platform for the\nJavaServer Pages (JSP) and Java Servlet technologies.\n\nMultiple weaknesses were found in the JBoss Web DIGEST authentication\nimplementation, effectively reducing the security normally provided by\nDIGEST authentication. A remote attacker could use these flaws to perform\nreplay attacks in some circumstances. (CVE-2012-5885, CVE-2012-5886,\nCVE-2012-5887)\n\nWarning: Before applying this update, back up your existing JBoss\nEnterprise Application Platform installation (including all applications\nand configuration files).\n\nAll users of JBoss Enterprise Application Platform 5.2.0 on Red Hat\nEnterprise Linux 4, 5, and 6 are advised to upgrade to these updated\npackages. The JBoss server process must be restarted for the update to take\neffect.\n", "modified": "2018-06-07T02:37:43", "published": "2013-03-11T04:00:00", "id": "RHSA-2013:0629", "href": "https://access.redhat.com/errata/RHSA-2013:0629", "type": "redhat", "title": "(RHSA-2013:0629) Moderate: jbossweb security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T14:34:39", "bulletinFamily": "unix", "cvelist": ["CVE-2012-5885", "CVE-2012-5886", "CVE-2012-5887"], "description": "JBoss Web is the web container, based on Apache Tomcat, in JBoss Enterprise\nApplication Platform. It provides a single deployment platform for the\nJavaServer Pages (JSP) and Java Servlet technologies.\n\nMultiple weaknesses were found in the JBoss Web DIGEST authentication\nimplementation, effectively reducing the security normally provided by\nDIGEST authentication. A remote attacker could use these flaws to perform\nreplay attacks in some circumstances. (CVE-2012-5885, CVE-2012-5886,\nCVE-2012-5887)\n\nWarning: Before applying this update, back up your existing JBoss\nEnterprise Application Platform installation (including all applications\nand configuration files).\n\nAll users of JBoss Enterprise Application Platform 5.2.0 as provided from\nthe Red Hat Customer Portal are advised to apply this update.\n", "modified": "2018-06-07T02:37:45", "published": "2013-03-11T04:00:00", "id": "RHSA-2013:0632", "href": "https://access.redhat.com/errata/RHSA-2013:0632", "type": "redhat", "title": "(RHSA-2013:0632) Moderate: jbossweb security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T14:34:53", "bulletinFamily": "unix", "cvelist": ["CVE-2012-3451", "CVE-2012-5633", "CVE-2012-5885", "CVE-2012-5886", "CVE-2012-5887"], "description": "JBoss Enterprise SOA Platform is the next-generation ESB and business\nprocess automation infrastructure. JBoss Enterprise SOA Platform allows IT\nto leverage existing (MoM and EAI), modern (SOA and BPM-Rules), and future\n(EDA and CEP) integration methodologies to dramatically improve business\nprocess execution speed and quality.\n\nThis roll up patch serves as a cumulative upgrade for JBoss Enterprise SOA\nPlatform 5.3.1. It includes various bug fixes. The following security\nissues are also fixed with this release:\n\nIf web services were deployed using Apache CXF with the WSS4JInInterceptor\nenabled to apply WS-Security processing, HTTP GET requests to these\nservices were always granted access, without applying authentication\nchecks. The URIMappingInterceptor is a legacy mechanism for allowing\nREST-like access (via GET requests) to simple SOAP services. A remote\nattacker could use this flaw to access the REST-like interface of a simple\nSOAP service using GET requests that bypass the security constraints\napplied by WSS4JInInterceptor. This flaw was only exploitable if\nWSS4JInInterceptor was used to apply WS-Security processing. Services that\nuse WS-SecurityPolicy to apply security were not affected. (CVE-2012-5633)\n\nIt was found that Apache CXF was vulnerable to SOAPAction spoofing attacks\nunder certain conditions. If web services were exposed via Apache CXF that\nuse a unique SOAPAction for each service operation, then a remote attacker\ncould perform SOAPAction spoofing to call a forbidden operation if it\naccepts the same parameters as an allowed operation. WS-Policy validation\nwas performed against the operation being invoked, and an attack must pass\nvalidation to be successful. (CVE-2012-3451)\n\nMultiple weaknesses were found in the JBoss Web DIGEST authentication\nimplementation, effectively reducing the security normally provided by\nDIGEST authentication. A remote attacker could use these flaws to perform\nreplay attacks in some circumstances. (CVE-2012-5885, CVE-2012-5886,\nCVE-2012-5887)\n\nRed Hat would like to thank the Apache CXF project for reporting\nCVE-2012-3451.\n\nWarning: Before applying the update, back up your existing JBoss Enterprise\nSOA Platform installation (including its databases, applications,\nconfiguration files, and so on).\n\nAll users of JBoss Enterprise SOA Platform 5.3.1 as provided from the Red\nHat Customer Portal are advised to apply this roll up patch.\n", "modified": "2017-07-25T00:14:06", "published": "2013-04-09T04:00:00", "id": "RHSA-2013:0726", "href": "https://access.redhat.com/errata/RHSA-2013:0726", "type": "redhat", "title": "(RHSA-2013:0726) Important: JBoss Enterprise SOA Platform 5.3.1 update", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}], "centos": [{"lastseen": "2019-12-20T18:27:08", "bulletinFamily": "unix", "cvelist": ["CVE-2012-5887", "CVE-2012-3546", "CVE-2012-5886", "CVE-2012-4534", "CVE-2012-5885"], "description": "**CentOS Errata and Security Advisory** CESA-2013:0623\n\n\nApache Tomcat is a servlet container.\n\nIt was found that when an application used FORM authentication, along with\nanother component that calls request.setUserPrincipal() before the call to\nFormAuthenticator#authenticate() (such as the Single-Sign-On valve), it was\npossible to bypass the security constraint checks in the FORM authenticator\nby appending \"/j_security_check\" to the end of a URL. A remote attacker\nwith an authenticated session on an affected application could use this\nflaw to circumvent authorization controls, and thereby access resources not\npermitted by the roles associated with their authenticated session.\n(CVE-2012-3546)\n\nA flaw was found in the way Tomcat handled sendfile operations when using\nthe HTTP NIO (Non-Blocking I/O) connector and HTTPS. A remote attacker\ncould use this flaw to cause a denial of service (infinite loop). The HTTP\nblocking IO (BIO) connector, which is not vulnerable to this issue, is used\nby default in Red Hat Enterprise Linux 6. (CVE-2012-4534)\n\nMultiple weaknesses were found in the Tomcat DIGEST authentication\nimplementation, effectively reducing the security normally provided by\nDIGEST authentication. A remote attacker could use these flaws to perform\nreplay attacks in some circumstances. (CVE-2012-5885, CVE-2012-5886,\nCVE-2012-5887)\n\nUsers of Tomcat should upgrade to these updated packages, which correct\nthese issues. Tomcat must be restarted for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-March/031678.html\n\n**Affected packages:**\ntomcat6\ntomcat6-admin-webapps\ntomcat6-docs-webapp\ntomcat6-el-2.1-api\ntomcat6-javadoc\ntomcat6-jsp-2.1-api\ntomcat6-lib\ntomcat6-servlet-2.5-api\ntomcat6-webapps\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-0623.html", "edition": 4, "modified": "2013-03-12T05:31:44", "published": "2013-03-12T05:31:44", "href": "http://lists.centos.org/pipermail/centos-announce/2013-March/031678.html", "id": "CESA-2013:0623", "title": "tomcat6 security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-12-20T18:28:40", "bulletinFamily": "unix", "cvelist": ["CVE-2012-5887", "CVE-2012-3546", "CVE-2012-5886", "CVE-2012-5885"], "description": "**CentOS Errata and Security Advisory** CESA-2013:0640\n\n\nApache Tomcat is a servlet container.\n\nIt was found that when an application used FORM authentication, along with\nanother component that calls request.setUserPrincipal() before the call to\nFormAuthenticator#authenticate() (such as the Single-Sign-On valve), it was\npossible to bypass the security constraint checks in the FORM authenticator\nby appending \"/j_security_check\" to the end of a URL. A remote attacker\nwith an authenticated session on an affected application could use this\nflaw to circumvent authorization controls, and thereby access resources not\npermitted by the roles associated with their authenticated session.\n(CVE-2012-3546)\n\nMultiple weaknesses were found in the Tomcat DIGEST authentication\nimplementation, effectively reducing the security normally provided by\nDIGEST authentication. A remote attacker could use these flaws to perform\nreplay attacks in some circumstances. (CVE-2012-5885, CVE-2012-5886,\nCVE-2012-5887)\n\nUsers of Tomcat should upgrade to these updated packages, which correct\nthese issues. Tomcat must be restarted for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-March/031683.html\n\n**Affected packages:**\ntomcat5\ntomcat5-admin-webapps\ntomcat5-common-lib\ntomcat5-jasper\ntomcat5-jasper-javadoc\ntomcat5-jsp-2.0-api\ntomcat5-jsp-2.0-api-javadoc\ntomcat5-server-lib\ntomcat5-servlet-2.4-api\ntomcat5-servlet-2.4-api-javadoc\ntomcat5-webapps\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-0640.html", "edition": 4, "modified": "2013-03-12T19:14:34", "published": "2013-03-12T19:14:34", "href": "http://lists.centos.org/pipermail/centos-announce/2013-March/031683.html", "id": "CESA-2013:0640", "title": "tomcat5 security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "openvas": [{"lastseen": "2020-03-14T18:59:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5887", "CVE-2012-3546", "CVE-2012-5886", "CVE-2012-4534", "CVE-2012-5885"], "description": "Oracle Linux Local Security Checks ELSA-2013-0623", "modified": "2020-03-13T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123666", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123666", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2013-0623", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123666\");\n script_version(\"2020-03-13T10:06:41+0000\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:07:00 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 10:06:41 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Oracle Linux Local Check: ELSA-2013-0623\");\n script_tag(name:\"insight\", value:\"ELSA-2013-0623 - tomcat6 security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2013-0623\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2013-0623.html\");\n script_cve_id(\"CVE-2012-3546\", \"CVE-2012-4534\", \"CVE-2012-5885\", \"CVE-2012-5886\", \"CVE-2012-5887\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.24~52.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat6-admin-webapps\", rpm:\"tomcat6-admin-webapps~6.0.24~52.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat6-docs-webapp\", rpm:\"tomcat6-docs-webapp~6.0.24~52.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat6-el-2.1-api\", rpm:\"tomcat6-el-2.1-api~6.0.24~52.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat6-javadoc\", rpm:\"tomcat6-javadoc~6.0.24~52.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat6-jsp-2.1-api\", rpm:\"tomcat6-jsp-2.1-api~6.0.24~52.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat6-lib\", rpm:\"tomcat6-lib~6.0.24~52.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat6-servlet-2.5-api\", rpm:\"tomcat6-servlet-2.5-api~6.0.24~52.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat6-webapps\", rpm:\"tomcat6-webapps~6.0.24~52.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-03-14T19:02:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5887", "CVE-2012-3546", "CVE-2012-5886", "CVE-2012-4534", "CVE-2012-5885"], "description": "The remote host is missing an update for the ", "modified": "2020-03-13T00:00:00", "published": "2013-03-15T00:00:00", "id": "OPENVAS:1361412562310881689", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881689", "type": "openvas", "title": "CentOS Update for tomcat6 CESA-2013:0623 centos6", "sourceData": "# Copyright (C) 2013 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2013-March/019640.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881689\");\n script_version(\"2020-03-13T10:06:41+0000\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 10:06:41 +0000 (Fri, 13 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2013-03-15 09:52:48 +0530 (Fri, 15 Mar 2013)\");\n script_cve_id(\"CVE-2012-3546\", \"CVE-2012-4534\", \"CVE-2012-5885\", \"CVE-2012-5886\", \"CVE-2012-5887\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name:\"CESA\", value:\"2013:0623\");\n script_name(\"CentOS Update for tomcat6 CESA-2013:0623 centos6\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat6'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n script_tag(name:\"affected\", value:\"tomcat6 on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"Apache Tomcat is a servlet container.\n\n It was found that when an application used FORM authentication, along with\n another component that calls request.setUserPrincipal() before the call to\n FormAuthenticator#authenticate() (such as the Single-Sign-On valve), it was\n possible to bypass the security constraint checks in the FORM authenticator\n by appending _security_check to the end of a URL. A remote attacker\n with an authenticated session on an affected application could use this\n flaw to circumvent authorization controls, and thereby access resources not\n permitted by the roles associated with their authenticated session.\n (CVE-2012-3546)\n\n A flaw was found in the way Tomcat handled sendfile operations when using\n the HTTP NIO (Non-Blocking I/O) connector and HTTPS. A remote attacker\n could use this flaw to cause a denial of service (infinite loop). The HTTP\n blocking IO (BIO) connector, which is not vulnerable to this issue, is used\n by default in Red Hat Enterprise Linux 6. (CVE-2012-4534)\n\n Multiple weaknesses were found in the Tomcat DIGEST authentication\n implementation, effectively reducing the security normally provided by\n DIGEST authentication. A remote attacker could use these flaws to perform\n replay attacks in some circumstances. (CVE-2012-5885, CVE-2012-5886,\n CVE-2012-5887)\n\n Users of Tomcat should upgrade to these updated packages, which correct\n these issues. Tomcat must be restarted for this update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.24~52.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-admin-webapps\", rpm:\"tomcat6-admin-webapps~6.0.24~52.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-docs-webapp\", rpm:\"tomcat6-docs-webapp~6.0.24~52.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-el-2.1-api\", rpm:\"tomcat6-el-2.1-api~6.0.24~52.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-javadoc\", rpm:\"tomcat6-javadoc~6.0.24~52.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-jsp-2.1-api\", rpm:\"tomcat6-jsp-2.1-api~6.0.24~52.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-lib\", rpm:\"tomcat6-lib~6.0.24~52.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-servlet-2.5-api\", rpm:\"tomcat6-servlet-2.5-api~6.0.24~52.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-webapps\", rpm:\"tomcat6-webapps~6.0.24~52.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-03-14T19:02:40", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5887", "CVE-2012-3546", "CVE-2012-5886", "CVE-2012-4534", "CVE-2012-5885"], "description": "The remote host is missing an update for the ", "modified": "2020-03-13T00:00:00", "published": "2013-03-12T00:00:00", "id": "OPENVAS:1361412562310870958", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870958", "type": "openvas", "title": "RedHat Update for tomcat6 RHSA-2013:0623-01", "sourceData": "# Copyright (C) 2013 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2013-March/msg00029.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870958\");\n script_version(\"2020-03-13T10:06:41+0000\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 10:06:41 +0000 (Fri, 13 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2013-03-12 09:53:55 +0530 (Tue, 12 Mar 2013)\");\n script_cve_id(\"CVE-2012-3546\", \"CVE-2012-4534\", \"CVE-2012-5885\", \"CVE-2012-5886\", \"CVE-2012-5887\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name:\"RHSA\", value:\"2013:0623-01\");\n script_name(\"RedHat Update for tomcat6 RHSA-2013:0623-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat6'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n script_tag(name:\"affected\", value:\"tomcat6 on Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Apache Tomcat is a servlet container.\n\n It was found that when an application used FORM authentication, along with\n another component that calls request.setUserPrincipal() before the call to\n FormAuthenticator#authenticate() (such as the Single-Sign-On valve), it was\n possible to bypass the security constraint checks in the FORM authenticator\n by appending /j_security_check to the end of a URL. A remote attacker\n with an authenticated session on an affected application could use this\n flaw to circumvent authorization controls, and thereby access resources not\n permitted by the roles associated with their authenticated session.\n (CVE-2012-3546)\n\n A flaw was found in the way Tomcat handled sendfile operations when using\n the HTTP NIO (Non-Blocking I/O) connector and HTTPS. A remote attacker\n could use this flaw to cause a denial of service (infinite loop). The HTTP\n blocking IO (BIO) connector, which is not vulnerable to this issue, is used\n by default in Red Hat Enterprise Linux 6. (CVE-2012-4534)\n\n Multiple weaknesses were found in the Tomcat DIGEST authentication\n implementation, effectively reducing the security normally provided by\n DIGEST authentication. A remote attacker could use these flaws to perform\n replay attacks in some circumstances. (CVE-2012-5885, CVE-2012-5886,\n CVE-2012-5887)\n\n Users of Tomcat should upgrade to these updated packages, which correct\n these issues. Tomcat must be restarted for this update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.24~52.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-el-2.1-api\", rpm:\"tomcat6-el-2.1-api~6.0.24~52.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-jsp-2.1-api\", rpm:\"tomcat6-jsp-2.1-api~6.0.24~52.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-lib\", rpm:\"tomcat6-lib~6.0.24~52.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-servlet-2.5-api\", rpm:\"tomcat6-servlet-2.5-api~6.0.24~52.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2018-01-26T11:10:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5887", "CVE-2012-3546", "CVE-2012-5886", "CVE-2012-4534", "CVE-2012-5885"], "description": "Check for the Version of tomcat6", "modified": "2018-01-25T00:00:00", "published": "2013-03-12T00:00:00", "id": "OPENVAS:870958", "href": "http://plugins.openvas.org/nasl.php?oid=870958", "type": "openvas", "title": "RedHat Update for tomcat6 RHSA-2013:0623-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for tomcat6 RHSA-2013:0623-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Apache Tomcat is a servlet container.\n\n It was found that when an application used FORM authentication, along with\n another component that calls request.setUserPrincipal() before the call to\n FormAuthenticator#authenticate() (such as the Single-Sign-On valve), it was\n possible to bypass the security constraint checks in the FORM authenticator\n by appending /j_security_check to the end of a URL. A remote attacker\n with an authenticated session on an affected application could use this\n flaw to circumvent authorization controls, and thereby access resources not\n permitted by the roles associated with their authenticated session.\n (CVE-2012-3546)\n\n A flaw was found in the way Tomcat handled sendfile operations when using\n the HTTP NIO (Non-Blocking I/O) connector and HTTPS. A remote attacker\n could use this flaw to cause a denial of service (infinite loop). The HTTP\n blocking IO (BIO) connector, which is not vulnerable to this issue, is used\n by default in Red Hat Enterprise Linux 6. (CVE-2012-4534)\n\n Multiple weaknesses were found in the Tomcat DIGEST authentication\n implementation, effectively reducing the security normally provided by\n DIGEST authentication. A remote attacker could use these flaws to perform\n replay attacks in some circumstances. (CVE-2012-5885, CVE-2012-5886,\n CVE-2012-5887)\n\n Users of Tomcat should upgrade to these updated packages, which correct\n these issues. Tomcat must be restarted for this update to take effect.\";\n\n\ntag_affected = \"tomcat6 on Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2013-March/msg00029.html\");\n script_id(870958);\n script_version(\"$Revision: 8526 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-25 07:57:37 +0100 (Thu, 25 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-12 09:53:55 +0530 (Tue, 12 Mar 2013)\");\n script_cve_id(\"CVE-2012-3546\", \"CVE-2012-4534\", \"CVE-2012-5885\", \"CVE-2012-5886\", \"CVE-2012-5887\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"RHSA\", value: \"2013:0623-01\");\n script_name(\"RedHat Update for tomcat6 RHSA-2013:0623-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tomcat6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.24~52.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-el\", rpm:\"tomcat6-el~2.1~api~6.0.24~52.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-jsp\", rpm:\"tomcat6-jsp~2.1~api~6.0.24~52.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-lib\", rpm:\"tomcat6-lib~6.0.24~52.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-servlet\", rpm:\"tomcat6-servlet~2.5~api~6.0.24~52.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-01-22T13:09:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5887", "CVE-2012-3546", "CVE-2012-5886", "CVE-2012-4534", "CVE-2012-5885"], "description": "Check for the Version of tomcat6", "modified": "2018-01-22T00:00:00", "published": "2013-03-15T00:00:00", "id": "OPENVAS:881689", "href": "http://plugins.openvas.org/nasl.php?oid=881689", "type": "openvas", "title": "CentOS Update for tomcat6 CESA-2013:0623 centos6 ", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for tomcat6 CESA-2013:0623 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Apache Tomcat is a servlet container.\n\n It was found that when an application used FORM authentication, along with\n another component that calls request.setUserPrincipal() before the call to\n FormAuthenticator#authenticate() (such as the Single-Sign-On valve), it was\n possible to bypass the security constraint checks in the FORM authenticator\n by appending _security_check to the end of a URL. A remote attacker\n with an authenticated session on an affected application could use this\n flaw to circumvent authorization controls, and thereby access resources not\n permitted by the roles associated with their authenticated session.\n (CVE-2012-3546)\n \n A flaw was found in the way Tomcat handled sendfile operations when using\n the HTTP NIO (Non-Blocking I/O) connector and HTTPS. A remote attacker\n could use this flaw to cause a denial of service (infinite loop). The HTTP\n blocking IO (BIO) connector, which is not vulnerable to this issue, is used\n by default in Red Hat Enterprise Linux 6. (CVE-2012-4534)\n \n Multiple weaknesses were found in the Tomcat DIGEST authentication\n implementation, effectively reducing the security normally provided by\n DIGEST authentication. A remote attacker could use these flaws to perform\n replay attacks in some circumstances. (CVE-2012-5885, CVE-2012-5886,\n CVE-2012-5887)\n \n Users of Tomcat should upgrade to these updated packages, which correct\n these issues. Tomcat must be restarted for this update to take effect.\";\n\n\ntag_affected = \"tomcat6 on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2013-March/019640.html\");\n script_id(881689);\n script_version(\"$Revision: 8483 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-22 07:58:04 +0100 (Mon, 22 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-15 09:52:48 +0530 (Fri, 15 Mar 2013)\");\n script_cve_id(\"CVE-2012-3546\", \"CVE-2012-4534\", \"CVE-2012-5885\", \"CVE-2012-5886\", \"CVE-2012-5887\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"CESA\", value: \"2013:0623\");\n script_name(\"CentOS Update for tomcat6 CESA-2013:0623 centos6 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tomcat6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.24~52.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-admin-webapps\", rpm:\"tomcat6-admin-webapps~6.0.24~52.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-docs-webapp\", rpm:\"tomcat6-docs-webapp~6.0.24~52.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-el\", rpm:\"tomcat6-el~2.1~api~6.0.24~52.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-javadoc\", rpm:\"tomcat6-javadoc~6.0.24~52.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-jsp\", rpm:\"tomcat6-jsp~2.1~api~6.0.24~52.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-lib\", rpm:\"tomcat6-lib~6.0.24~52.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-servlet\", rpm:\"tomcat6-servlet~2.5~api~6.0.24~52.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-webapps\", rpm:\"tomcat6-webapps~6.0.24~52.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-24T12:51:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-3544", "CVE-2012-5887", "CVE-2012-4431", "CVE-2012-2733", "CVE-2013-2067", "CVE-2012-3546", "CVE-2012-5886", "CVE-2012-4534", "CVE-2012-5885"], "description": "Two security issues have been found in the Tomcat servlet and JSP engine:\n\nCVE-2012-3544 \nThe input filter for chunked transfer encodings could trigger high\nresource consumption through malformed CRLF sequences, resulting in\ndenial of service.\n\nCVE-2013-2067 \nThe FormAuthenticator module was vulnerable to session fixation.", "modified": "2017-07-07T00:00:00", "published": "2013-07-18T00:00:00", "id": "OPENVAS:892725", "href": "http://plugins.openvas.org/nasl.php?oid=892725", "type": "openvas", "title": "Debian Security Advisory DSA 2725-1 (tomcat6 - several vulnerabilities)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2725.nasl 6611 2017-07-07 12:07:20Z cfischer $\n# Auto-generated from advisory DSA 2725-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"tomcat6 on Debian Linux\";\ntag_insight = \"Apache Tomcat implements the Java Servlet and the JavaServer Pages (JSP)\nspecifications from Sun Microsystems, and provides a 'pure Java' HTTP web\nserver environment for Java code to run.\";\ntag_solution = \"For the oldstable distribution (squeeze), these problems have been fixed in\nversion 6.0.35-1+squeeze3. This update also provides fixes for\nCVE-2012-2733,\nCVE-2012-3546,\nCVE-2012-4431,\nCVE-2012-4534,\nCVE-2012-5885,\nCVE-2012-5886 and\nCVE-2012-5887 \n,\nwhich were all fixed for stable already.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 6.0.35-6+deb7u1.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your tomcat6 packages.\";\ntag_summary = \"Two security issues have been found in the Tomcat servlet and JSP engine:\n\nCVE-2012-3544 \nThe input filter for chunked transfer encodings could trigger high\nresource consumption through malformed CRLF sequences, resulting in\ndenial of service.\n\nCVE-2013-2067 \nThe FormAuthenticator module was vulnerable to session fixation.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(892725);\n script_version(\"$Revision: 6611 $\");\n script_cve_id(\"CVE-2012-4534\", \"CVE-2012-3544\", \"CVE-2013-2067\", \"CVE-2012-5885\", \"CVE-2012-5887\", \"CVE-2012-4431\", \"CVE-2012-2733\", \"CVE-2012-5886\", \"CVE-2012-3546\");\n script_name(\"Debian Security Advisory DSA 2725-1 (tomcat6 - several vulnerabilities)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-07 14:07:20 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2013-07-18 00:00:00 +0200 (Thu, 18 Jul 2013)\");\n script_tag(name: \"cvss_base\", value:\"6.8\");\n script_tag(name: \"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2013/dsa-2725.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libservlet2.5-java\", ver:\"6.0.35-1+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libservlet2.5-java-doc\", ver:\"6.0.35-1+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.35-1+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat6\", ver:\"6.0.35-1+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat6-admin\", ver:\"6.0.35-1+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat6-common\", ver:\"6.0.35-1+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat6-docs\", ver:\"6.0.35-1+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat6-examples\", ver:\"6.0.35-1+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat6-user\", ver:\"6.0.35-1+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libservlet2.4-java\", ver:\"6.0.35-6+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libservlet2.5-java\", ver:\"6.0.35-6+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libservlet2.5-java-doc\", ver:\"6.0.35-6+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.35-6+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat6\", ver:\"6.0.35-6+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat6-admin\", ver:\"6.0.35-6+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat6-common\", ver:\"6.0.35-6+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat6-docs\", ver:\"6.0.35-6+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat6-examples\", ver:\"6.0.35-6+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat6-extras\", ver:\"6.0.35-6+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat6-user\", ver:\"6.0.35-6+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:08", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-3544", "CVE-2012-5887", "CVE-2012-4431", "CVE-2012-2733", "CVE-2013-2067", "CVE-2012-3546", "CVE-2012-5886", "CVE-2012-4534", "CVE-2012-5885"], "description": "Two security issues have been found in the Tomcat servlet and JSP engine:\n\nCVE-2012-3544\nThe input filter for chunked transfer encodings could trigger high\nresource consumption through malformed CRLF sequences, resulting in\ndenial of service.\n\nCVE-2013-2067\nThe FormAuthenticator module was vulnerable to session fixation.", "modified": "2019-03-18T00:00:00", "published": "2013-07-18T00:00:00", "id": "OPENVAS:1361412562310892725", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310892725", "type": "openvas", "title": "Debian Security Advisory DSA 2725-1 (tomcat6 - several vulnerabilities)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2725.nasl 14276 2019-03-18 14:43:56Z cfischer $\n# Auto-generated from advisory DSA 2725-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.892725\");\n script_version(\"$Revision: 14276 $\");\n script_cve_id(\"CVE-2012-4534\", \"CVE-2012-3544\", \"CVE-2013-2067\", \"CVE-2012-5885\", \"CVE-2012-5887\", \"CVE-2012-4431\", \"CVE-2012-2733\", \"CVE-2012-5886\", \"CVE-2012-3546\");\n script_name(\"Debian Security Advisory DSA 2725-1 (tomcat6 - several vulnerabilities)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:43:56 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-07-18 00:00:00 +0200 (Thu, 18 Jul 2013)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2013/dsa-2725.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(6|7)\");\n script_tag(name:\"affected\", value:\"tomcat6 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (squeeze), these problems have been fixed in\nversion 6.0.35-1+squeeze3. This update also provides fixes for\nCVE-2012-2733,\nCVE-2012-3546,\nCVE-2012-4431,\nCVE-2012-4534,\nCVE-2012-5885,\nCVE-2012-5886 and\nCVE-2012-5887\n,\nwhich were all fixed for stable already.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 6.0.35-6+deb7u1.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your tomcat6 packages.\");\n script_tag(name:\"summary\", value:\"Two security issues have been found in the Tomcat servlet and JSP engine:\n\nCVE-2012-3544\nThe input filter for chunked transfer encodings could trigger high\nresource consumption through malformed CRLF sequences, resulting in\ndenial of service.\n\nCVE-2013-2067\nThe FormAuthenticator module was vulnerable to session fixation.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libservlet2.5-java\", ver:\"6.0.35-1+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libservlet2.5-java-doc\", ver:\"6.0.35-1+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.35-1+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat6\", ver:\"6.0.35-1+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat6-admin\", ver:\"6.0.35-1+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat6-common\", ver:\"6.0.35-1+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat6-docs\", ver:\"6.0.35-1+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat6-examples\", ver:\"6.0.35-1+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat6-user\", ver:\"6.0.35-1+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libservlet2.4-java\", ver:\"6.0.35-6+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libservlet2.5-java\", ver:\"6.0.35-6+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libservlet2.5-java-doc\", ver:\"6.0.35-6+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.35-6+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat6\", ver:\"6.0.35-6+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat6-admin\", ver:\"6.0.35-6+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat6-common\", ver:\"6.0.35-6+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat6-docs\", ver:\"6.0.35-6+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat6-examples\", ver:\"6.0.35-6+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat6-extras\", ver:\"6.0.35-6+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat6-user\", ver:\"6.0.35-6+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-14T19:00:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5887", "CVE-2012-3546", "CVE-2012-5886", "CVE-2012-5885"], "description": "Oracle Linux Local Security Checks ELSA-2013-0640", "modified": "2020-03-13T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123663", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123663", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2013-0640", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123663\");\n script_version(\"2020-03-13T10:06:41+0000\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:06:57 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 10:06:41 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Oracle Linux Local Check: ELSA-2013-0640\");\n script_tag(name:\"insight\", value:\"ELSA-2013-0640 - tomcat5 security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2013-0640\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2013-0640.html\");\n script_cve_id(\"CVE-2012-3546\", \"CVE-2012-5885\", \"CVE-2012-5886\", \"CVE-2012-5887\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.23~0jpp.38.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.23~0jpp.38.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.23~0jpp.38.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.23~0jpp.38.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.23~0jpp.38.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.23~0jpp.38.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.23~0jpp.38.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.23~0jpp.38.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.23~0jpp.38.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.23~0jpp.38.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.23~0jpp.38.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-03-14T19:02:56", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5887", "CVE-2012-3546", "CVE-2012-5886", "CVE-2012-5885"], "description": "The remote host is missing an update for the ", "modified": "2020-03-13T00:00:00", "published": "2013-03-15T00:00:00", "id": "OPENVAS:1361412562310881687", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881687", "type": "openvas", "title": "CentOS Update for tomcat5 CESA-2013:0640 centos5", "sourceData": "# Copyright (C) 2013 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2013-March/019645.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881687\");\n script_version(\"2020-03-13T10:06:41+0000\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 10:06:41 +0000 (Fri, 13 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2013-03-15 09:52:23 +0530 (Fri, 15 Mar 2013)\");\n script_cve_id(\"CVE-2012-3546\", \"CVE-2012-5885\", \"CVE-2012-5886\", \"CVE-2012-5887\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name:\"CESA\", value:\"2013:0640\");\n script_name(\"CentOS Update for tomcat5 CESA-2013:0640 centos5\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat5'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"tomcat5 on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"Apache Tomcat is a servlet container.\n\n It was found that when an application used FORM authentication, along with\n another component that calls request.setUserPrincipal() before the call to\n FormAuthenticator#authenticate() (such as the Single-Sign-On valve), it was\n possible to bypass the security constraint checks in the FORM authenticator\n by appending '/j_security_check' to the end of a URL. A remote attacker\n with an authenticated session on an affected application could use this\n flaw to circumvent authorization controls, and thereby access resources not\n permitted by the roles associated with their authenticated session.\n (CVE-2012-3546)\n\n Multiple weaknesses were found in the Tomcat DIGEST authentication\n implementation, effectively reducing the security normally provided by\n DIGEST authentication. A remote attacker could use these flaws to perform\n replay attacks in some circumstances. (CVE-2012-5885, CVE-2012-5886,\n CVE-2012-5887)\n\n Users of Tomcat should upgrade to these updated packages, which correct\n these issues. Tomcat must be restarted for this update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.23~0jpp.38.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.23~0jpp.38.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.23~0jpp.38.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.23~0jpp.38.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.23~0jpp.38.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.23~0jpp.38.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.23~0jpp.38.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.23~0jpp.38.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.23~0jpp.38.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.23~0jpp.38.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.23~0jpp.38.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2018-01-22T13:10:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5887", "CVE-2012-3546", "CVE-2012-5886", "CVE-2012-5885"], "description": "Check for the Version of tomcat5", "modified": "2018-01-22T00:00:00", "published": "2013-03-15T00:00:00", "id": "OPENVAS:881687", "href": "http://plugins.openvas.org/nasl.php?oid=881687", "type": "openvas", "title": "CentOS Update for tomcat5 CESA-2013:0640 centos5 ", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for tomcat5 CESA-2013:0640 centos5 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Apache Tomcat is a servlet container.\n\n It was found that when an application used FORM authentication, along with\n another component that calls request.setUserPrincipal() before the call to\n FormAuthenticator#authenticate() (such as the Single-Sign-On valve), it was\n possible to bypass the security constraint checks in the FORM authenticator\n by appending "/j_security_check" to the end of a URL. A remote attacker\n with an authenticated session on an affected application could use this\n flaw to circumvent authorization controls, and thereby access resources not\n permitted by the roles associated with their authenticated session.\n (CVE-2012-3546)\n \n Multiple weaknesses were found in the Tomcat DIGEST authentication\n implementation, effectively reducing the security normally provided by\n DIGEST authentication. A remote attacker could use these flaws to perform\n replay attacks in some circumstances. (CVE-2012-5885, CVE-2012-5886,\n CVE-2012-5887)\n \n Users of Tomcat should upgrade to these updated packages, which correct\n these issues. Tomcat must be restarted for this update to take effect.\";\n\n\ntag_affected = \"tomcat5 on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2013-March/019645.html\");\n script_id(881687);\n script_version(\"$Revision: 8483 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-22 07:58:04 +0100 (Mon, 22 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-15 09:52:23 +0530 (Fri, 15 Mar 2013)\");\n script_cve_id(\"CVE-2012-3546\", \"CVE-2012-5885\", \"CVE-2012-5886\", \"CVE-2012-5887\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"CESA\", value: \"2013:0640\");\n script_name(\"CentOS Update for tomcat5 CESA-2013:0640 centos5 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tomcat5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.23~0jpp.38.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.23~0jpp.38.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.23~0jpp.38.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.23~0jpp.38.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.23~0jpp.38.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp\", rpm:\"tomcat5-jsp~2.0~api~5.5.23~0jpp.38.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp\", rpm:\"tomcat5-jsp~2.0~api~javadoc~5.5.23~0jpp.38.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.23~0jpp.38.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet\", rpm:\"tomcat5-servlet~2.4~api~5.5.23~0jpp.38.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet\", rpm:\"tomcat5-servlet~2.4~api~javadoc~5.5.23~0jpp.38.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.23~0jpp.38.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "debian": [{"lastseen": "2020-11-11T13:12:32", "bulletinFamily": "unix", "cvelist": ["CVE-2012-3544", "CVE-2012-5887", "CVE-2012-4431", "CVE-2012-2733", "CVE-2013-2067", "CVE-2012-3546", "CVE-2012-5886", "CVE-2012-4534", "CVE-2012-5885"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2725-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nJuly 18, 2013 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : tomcat6\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2012-3544 CVE-2013-2067\n\nTwo security issues have been found in the Tomcat servlet and JSP engine:\n\nCVE-2012-3544\n\n The input filter for chunked transfer encodings could trigger high \n resource consumption through malformed CRLF sequences, resulting in \n denial of service.\n\nCVE-2013-2067\n\n The FormAuthenticator module was vulnerable to session fixation.\n\nFor the oldstable distribution (squeeze), these problems have been fixed in\nversion 6.0.35-1+squeeze3. This update also provides fixes for \nCVE-2012-2733,CVE-2012-3546,CVE-2012-4431, CVE-2012-4534,CVE-2012-5885,\nCVE-2012-5886 and CVE-2012-5887, which were all fixed for stable already.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 6.0.35-6+deb7u1.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your tomcat6 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n\n\n\n\n\n", "edition": 4, "modified": "2013-07-18T17:59:18", "published": "2013-07-18T17:59:18", "id": "DEBIAN:DSA-2725-1:3350C", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2013/msg00134.html", "title": "[SECURITY] [DSA 2725-1] tomcat6 security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "vmware": [{"lastseen": "2019-11-06T16:05:36", "bulletinFamily": "unix", "cvelist": ["CVE-2013-3080", "CVE-2012-5887", "CVE-2012-4431", "CVE-2012-2733", "CVE-2013-3079", "CVE-2013-3107", "CVE-2012-3546", "CVE-2012-5886", "CVE-2012-4534", "CVE-2012-5885"], "description": "a. vCenter Server AD anonymous LDAP binding credential by-pass \n \nvCenter Server when deployed in an environment that uses Active Directory (AD) with anonymous LDAP binding enabled doesn't properly handle login credentials. In this environment, authenticating to vCenter Server with a valid user name and a blank password may be successful even if a non-blank password is required for the account. \nThe issue is present on vCenter Server 5.1, 5.1a and 5.1b if AD anonymous LDAP binding is enabled. The issue is addressed in vCenter Server 5.1 Update 1 by removing the possibility to authenticate using blank passwords. This change in the authentication mechanism is present regardless if anonymous binding is enabled or not. \n**Workaround** \nThe workaround is to discontinue the use of AD anonymous LDAP binding if it is enabled in your environment. AD anonymous LDAP binding is not enabled by default. The TechNet article listed in the references section explains how to check for anonymous binding (look for \"anonymous binding\" in the article: anonymous binding is enabled if the seventh bit of the dsHeuristics attribute is set to 2) \n \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2013-3107 to this issue. \nColumn 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. \n\n", "edition": 4, "modified": "2013-10-17T00:00:00", "published": "2013-04-25T00:00:00", "id": "VMSA-2013-0006", "href": "https://www.vmware.com/security/advisories/VMSA-2013-0006.html", "title": "VMware security updates for vCenter Server", "type": "vmware", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2020-10-03T12:06:12", "description": "The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.", "edition": 3, "cvss3": {}, "published": "2012-11-17T19:55:00", "title": "CVE-2012-5886", "type": "cve", "cwe": ["CWE-287"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5886"], "modified": "2017-08-29T01:32:00", "cpe": ["cpe:/a:apache:tomcat:6.0.16", "cpe:/a:apache:tomcat:7.0.11", "cpe:/a:apache:tomcat:5.5.0", "cpe:/a:apache:tomcat:5.5.32", "cpe:/a:apache:tomcat:5.5.23", "cpe:/a:apache:tomcat:5.5.18", "cpe:/a:apache:tomcat:6.0.32", "cpe:/a:apache:tomcat:5.5.34", "cpe:/a:apache:tomcat:5.5.2", "cpe:/a:apache:tomcat:6.0.7", "cpe:/a:apache:tomcat:5.5.1", "cpe:/a:apache:tomcat:6.0.33", "cpe:/a:apache:tomcat:6.0.0", "cpe:/a:apache:tomcat:6.0.4", "cpe:/a:apache:tomcat:5.5.33", "cpe:/a:apache:tomcat:6.0.10", "cpe:/a:apache:tomcat:6.0.5", "cpe:/a:apache:tomcat:6.0.20", "cpe:/a:apache:tomcat:5.5.4", "cpe:/a:apache:tomcat:6.0.6", "cpe:/a:apache:tomcat:7.0.16", "cpe:/a:apache:tomcat:5.5.22", "cpe:/a:apache:tomcat:6.0.28", "cpe:/a:apache:tomcat:5.5.14", "cpe:/a:apache:tomcat:7.0.4", "cpe:/a:apache:tomcat:5.5.16", "cpe:/a:apache:tomcat:6.0.13", "cpe:/a:apache:tomcat:5.5.24", "cpe:/a:apache:tomcat:7.0.23", "cpe:/a:apache:tomcat:5.5.29", "cpe:/a:apache:tomcat:6.0.14", "cpe:/a:apache:tomcat:5.5.3", "cpe:/a:apache:tomcat:5.5.30", "cpe:/a:apache:tomcat:5.5.10", "cpe:/a:apache:tomcat:5.5.9", "cpe:/a:apache:tomcat:7.0.20", "cpe:/a:apache:tomcat:7.0.3", "cpe:/a:apache:tomcat:7.0.7", "cpe:/a:apache:tomcat:6.0.29", "cpe:/a:apache:tomcat:7.0.28", "cpe:/a:apache:tomcat:6.0.19", "cpe:/a:apache:tomcat:6.0.12", "cpe:/a:apache:tomcat:5.5.11", "cpe:/a:apache:tomcat:7.0.13", "cpe:/a:apache:tomcat:7.0.0", "cpe:/a:apache:tomcat:6.0.11", "cpe:/a:apache:tomcat:7.0.15", "cpe:/a:apache:tomcat:7.0.2", "cpe:/a:apache:tomcat:7.0.25", "cpe:/a:apache:tomcat:7.0.12", "cpe:/a:apache:tomcat:6.0.8", "cpe:/a:apache:tomcat:5.5.25", "cpe:/a:apache:tomcat:5.5.19", "cpe:/a:apache:tomcat:5.5.21", "cpe:/a:apache:tomcat:7.0.18", "cpe:/a:apache:tomcat:6.0.26", "cpe:/a:apache:tomcat:7.0.22", "cpe:/a:apache:tomcat:5.5.5", "cpe:/a:apache:tomcat:5.5.26", "cpe:/a:apache:tomcat:5.5.31", "cpe:/a:apache:tomcat:6.0.2", "cpe:/a:apache:tomcat:6.0.1", "cpe:/a:apache:tomcat:7.0.19", "cpe:/a:apache:tomcat:7.0.17", "cpe:/a:apache:tomcat:5.5.35", "cpe:/a:apache:tomcat:7.0.5", "cpe:/a:apache:tomcat:5.5.17", "cpe:/a:apache:tomcat:7.0.9", "cpe:/a:apache:tomcat:6.0.31", "cpe:/a:apache:tomcat:6.0", "cpe:/a:apache:tomcat:7.0.1", "cpe:/a:apache:tomcat:6.0.24", "cpe:/a:apache:tomcat:7.0.8", "cpe:/a:apache:tomcat:5.5.28", "cpe:/a:apache:tomcat:5.5.27", "cpe:/a:apache:tomcat:5.5.7", "cpe:/a:apache:tomcat:7.0.6", "cpe:/a:apache:tomcat:7.0.14", "cpe:/a:apache:tomcat:6.0.35", "cpe:/a:apache:tomcat:5.5.13", "cpe:/a:apache:tomcat:6.0.17", "cpe:/a:apache:tomcat:6.0.27", "cpe:/a:apache:tomcat:7.0.21", "cpe:/a:apache:tomcat:6.0.3", "cpe:/a:apache:tomcat:5.5.15", "cpe:/a:apache:tomcat:6.0.15", "cpe:/a:apache:tomcat:5.5.8", "cpe:/a:apache:tomcat:6.0.18", "cpe:/a:apache:tomcat:5.5.6", "cpe:/a:apache:tomcat:7.0.10", "cpe:/a:apache:tomcat:5.5.12", "cpe:/a:apache:tomcat:6.0.30", "cpe:/a:apache:tomcat:5.5.20", "cpe:/a:apache:tomcat:6.0.9"], "id": "CVE-2012-5886", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5886", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.2:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.26:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.35:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.27:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.33:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.35:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.33:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.6:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.34:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.29:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.0:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.7:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.31:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.31:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.2:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.25:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.9:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.7:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.8:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.28:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.30:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.32:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.4:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:06:12", "description": "The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.", "edition": 3, "cvss3": {}, "published": "2012-11-17T19:55:00", "title": "CVE-2012-5887", "type": "cve", "cwe": ["CWE-287"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5887"], "modified": "2017-08-29T01:32:00", "cpe": ["cpe:/a:apache:tomcat:6.0.16", "cpe:/a:apache:tomcat:7.0.11", "cpe:/a:apache:tomcat:5.5.0", "cpe:/a:apache:tomcat:5.5.32", "cpe:/a:apache:tomcat:5.5.23", "cpe:/a:apache:tomcat:5.5.18", "cpe:/a:apache:tomcat:6.0.32", "cpe:/a:apache:tomcat:5.5.34", "cpe:/a:apache:tomcat:5.5.2", "cpe:/a:apache:tomcat:6.0.7", "cpe:/a:apache:tomcat:5.5.1", "cpe:/a:apache:tomcat:6.0.33", "cpe:/a:apache:tomcat:6.0.0", "cpe:/a:apache:tomcat:6.0.4", "cpe:/a:apache:tomcat:5.5.33", "cpe:/a:apache:tomcat:6.0.10", "cpe:/a:apache:tomcat:6.0.5", "cpe:/a:apache:tomcat:6.0.20", "cpe:/a:apache:tomcat:5.5.4", "cpe:/a:apache:tomcat:6.0.6", "cpe:/a:apache:tomcat:7.0.16", "cpe:/a:apache:tomcat:5.5.22", "cpe:/a:apache:tomcat:6.0.28", "cpe:/a:apache:tomcat:5.5.14", "cpe:/a:apache:tomcat:7.0.4", "cpe:/a:apache:tomcat:5.5.16", "cpe:/a:apache:tomcat:6.0.13", "cpe:/a:apache:tomcat:5.5.24", "cpe:/a:apache:tomcat:7.0.23", "cpe:/a:apache:tomcat:5.5.29", "cpe:/a:apache:tomcat:6.0.14", "cpe:/a:apache:tomcat:5.5.3", "cpe:/a:apache:tomcat:5.5.30", "cpe:/a:apache:tomcat:5.5.10", "cpe:/a:apache:tomcat:5.5.9", "cpe:/a:apache:tomcat:7.0.20", "cpe:/a:apache:tomcat:7.0.3", "cpe:/a:apache:tomcat:7.0.7", "cpe:/a:apache:tomcat:6.0.29", "cpe:/a:apache:tomcat:7.0.28", "cpe:/a:apache:tomcat:6.0.19", "cpe:/a:apache:tomcat:6.0.12", "cpe:/a:apache:tomcat:5.5.11", "cpe:/a:apache:tomcat:7.0.13", "cpe:/a:apache:tomcat:7.0.0", "cpe:/a:apache:tomcat:6.0.11", "cpe:/a:apache:tomcat:7.0.15", "cpe:/a:apache:tomcat:7.0.2", "cpe:/a:apache:tomcat:7.0.25", "cpe:/a:apache:tomcat:7.0.12", "cpe:/a:apache:tomcat:6.0.8", "cpe:/a:apache:tomcat:5.5.25", "cpe:/a:apache:tomcat:5.5.19", "cpe:/a:apache:tomcat:5.5.21", "cpe:/a:apache:tomcat:7.0.18", "cpe:/a:apache:tomcat:6.0.26", "cpe:/a:apache:tomcat:7.0.22", "cpe:/a:apache:tomcat:5.5.5", "cpe:/a:apache:tomcat:5.5.26", "cpe:/a:apache:tomcat:5.5.31", "cpe:/a:apache:tomcat:6.0.2", "cpe:/a:apache:tomcat:6.0.1", "cpe:/a:apache:tomcat:7.0.19", "cpe:/a:apache:tomcat:7.0.17", "cpe:/a:apache:tomcat:5.5.35", "cpe:/a:apache:tomcat:7.0.5", "cpe:/a:apache:tomcat:5.5.17", "cpe:/a:apache:tomcat:7.0.9", "cpe:/a:apache:tomcat:6.0.31", "cpe:/a:apache:tomcat:6.0", "cpe:/a:apache:tomcat:7.0.1", "cpe:/a:apache:tomcat:6.0.24", "cpe:/a:apache:tomcat:7.0.8", "cpe:/a:apache:tomcat:5.5.28", "cpe:/a:apache:tomcat:5.5.27", "cpe:/a:apache:tomcat:5.5.7", "cpe:/a:apache:tomcat:7.0.6", "cpe:/a:apache:tomcat:7.0.14", "cpe:/a:apache:tomcat:6.0.35", "cpe:/a:apache:tomcat:5.5.13", "cpe:/a:apache:tomcat:6.0.17", "cpe:/a:apache:tomcat:6.0.27", "cpe:/a:apache:tomcat:7.0.21", "cpe:/a:apache:tomcat:6.0.3", "cpe:/a:apache:tomcat:5.5.15", "cpe:/a:apache:tomcat:6.0.15", "cpe:/a:apache:tomcat:5.5.8", "cpe:/a:apache:tomcat:6.0.18", "cpe:/a:apache:tomcat:5.5.6", "cpe:/a:apache:tomcat:7.0.10", "cpe:/a:apache:tomcat:5.5.12", "cpe:/a:apache:tomcat:6.0.30", "cpe:/a:apache:tomcat:5.5.20", "cpe:/a:apache:tomcat:6.0.9"], "id": "CVE-2012-5887", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5887", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.2:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.26:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.35:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.27:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.33:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.35:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.33:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.6:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.34:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.29:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.0:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.7:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.31:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.31:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.2:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.25:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.9:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.7:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.8:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.28:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.30:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.32:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.4:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:06:12", "description": "The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.", "edition": 3, "cvss3": {}, "published": "2012-11-17T19:55:00", "title": "CVE-2012-5885", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5885"], "modified": "2017-09-19T01:35:00", "cpe": ["cpe:/a:apache:tomcat:6.0.16", "cpe:/a:apache:tomcat:7.0.11", "cpe:/a:apache:tomcat:5.5.0", "cpe:/a:apache:tomcat:5.5.32", "cpe:/a:apache:tomcat:5.5.23", "cpe:/a:apache:tomcat:5.5.18", "cpe:/a:apache:tomcat:6.0.32", "cpe:/a:apache:tomcat:5.5.34", "cpe:/a:apache:tomcat:5.5.2", "cpe:/a:apache:tomcat:6.0.7", "cpe:/a:apache:tomcat:5.5.1", "cpe:/a:apache:tomcat:6.0.33", "cpe:/a:apache:tomcat:6.0.0", "cpe:/a:apache:tomcat:6.0.4", "cpe:/a:apache:tomcat:5.5.33", "cpe:/a:apache:tomcat:6.0.10", "cpe:/a:apache:tomcat:6.0.5", "cpe:/a:apache:tomcat:6.0.20", "cpe:/a:apache:tomcat:5.5.4", "cpe:/a:apache:tomcat:6.0.6", "cpe:/a:apache:tomcat:7.0.16", "cpe:/a:apache:tomcat:5.5.22", "cpe:/a:apache:tomcat:6.0.28", "cpe:/a:apache:tomcat:5.5.14", "cpe:/a:apache:tomcat:7.0.4", "cpe:/a:apache:tomcat:5.5.16", "cpe:/a:apache:tomcat:6.0.13", "cpe:/a:apache:tomcat:5.5.24", "cpe:/a:apache:tomcat:7.0.23", "cpe:/a:apache:tomcat:5.5.29", "cpe:/a:apache:tomcat:6.0.14", "cpe:/a:apache:tomcat:5.5.3", "cpe:/a:apache:tomcat:5.5.30", "cpe:/a:apache:tomcat:5.5.10", "cpe:/a:apache:tomcat:5.5.9", "cpe:/a:apache:tomcat:7.0.20", "cpe:/a:apache:tomcat:7.0.3", "cpe:/a:apache:tomcat:7.0.7", "cpe:/a:apache:tomcat:6.0.29", "cpe:/a:apache:tomcat:7.0.28", "cpe:/a:apache:tomcat:6.0.19", "cpe:/a:apache:tomcat:6.0.12", "cpe:/a:apache:tomcat:5.5.11", "cpe:/a:apache:tomcat:7.0.13", "cpe:/a:apache:tomcat:7.0.0", "cpe:/a:apache:tomcat:6.0.11", "cpe:/a:apache:tomcat:7.0.15", "cpe:/a:apache:tomcat:7.0.2", "cpe:/a:apache:tomcat:7.0.25", "cpe:/a:apache:tomcat:7.0.12", "cpe:/a:apache:tomcat:6.0.8", "cpe:/a:apache:tomcat:5.5.25", "cpe:/a:apache:tomcat:5.5.19", "cpe:/a:apache:tomcat:5.5.21", "cpe:/a:apache:tomcat:7.0.18", "cpe:/a:apache:tomcat:6.0.26", "cpe:/a:apache:tomcat:7.0.22", "cpe:/a:apache:tomcat:5.5.5", "cpe:/a:apache:tomcat:5.5.26", "cpe:/a:apache:tomcat:5.5.31", "cpe:/a:apache:tomcat:6.0.2", "cpe:/a:apache:tomcat:6.0.1", "cpe:/a:apache:tomcat:7.0.19", "cpe:/a:apache:tomcat:7.0.17", "cpe:/a:apache:tomcat:5.5.35", "cpe:/a:apache:tomcat:7.0.5", "cpe:/a:apache:tomcat:5.5.17", "cpe:/a:apache:tomcat:7.0.9", "cpe:/a:apache:tomcat:6.0.31", "cpe:/a:apache:tomcat:6.0", "cpe:/a:apache:tomcat:7.0.1", "cpe:/a:apache:tomcat:6.0.24", "cpe:/a:apache:tomcat:7.0.8", "cpe:/a:apache:tomcat:5.5.28", "cpe:/a:apache:tomcat:5.5.27", "cpe:/a:apache:tomcat:5.5.7", "cpe:/a:apache:tomcat:7.0.6", "cpe:/a:apache:tomcat:7.0.14", "cpe:/a:apache:tomcat:6.0.35", "cpe:/a:apache:tomcat:5.5.13", "cpe:/a:apache:tomcat:6.0.17", "cpe:/a:apache:tomcat:6.0.27", "cpe:/a:apache:tomcat:7.0.21", "cpe:/a:apache:tomcat:6.0.3", "cpe:/a:apache:tomcat:5.5.15", "cpe:/a:apache:tomcat:6.0.15", "cpe:/a:apache:tomcat:5.5.8", "cpe:/a:apache:tomcat:6.0.18", "cpe:/a:apache:tomcat:5.5.6", "cpe:/a:apache:tomcat:7.0.10", "cpe:/a:apache:tomcat:5.5.12", "cpe:/a:apache:tomcat:6.0.30", "cpe:/a:apache:tomcat:5.5.20", "cpe:/a:apache:tomcat:6.0.9"], "id": "CVE-2012-5885", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5885", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.2:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.26:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.35:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.27:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.33:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.35:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.33:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.6:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.34:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.29:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.0:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.7:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.31:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.31:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.2:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.25:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.9:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.7:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.8:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.28:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.30:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.32:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.4:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:06:09", "description": "org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.", "edition": 3, "cvss3": {}, "published": "2012-12-19T11:55:00", "title": "CVE-2012-4534", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-4534"], "modified": "2017-09-19T01:35:00", "cpe": ["cpe:/a:apache:tomcat:6.0.16", "cpe:/a:apache:tomcat:7.0.11", "cpe:/a:apache:tomcat:6.0.32", "cpe:/a:apache:tomcat:6.0.7", "cpe:/a:apache:tomcat:6.0.33", "cpe:/a:apache:tomcat:6.0.0", "cpe:/a:apache:tomcat:6.0.4", "cpe:/a:apache:tomcat:6.0.10", "cpe:/a:apache:tomcat:6.0.5", "cpe:/a:apache:tomcat:6.0.20", "cpe:/a:apache:tomcat:6.0.6", "cpe:/a:apache:tomcat:7.0.16", "cpe:/a:apache:tomcat:6.0.28", "cpe:/a:apache:tomcat:7.0.4", "cpe:/a:apache:tomcat:6.0.13", "cpe:/a:apache:tomcat:7.0.23", "cpe:/a:apache:tomcat:6.0.14", "cpe:/a:apache:tomcat:7.0.20", "cpe:/a:apache:tomcat:7.0.3", "cpe:/a:apache:tomcat:7.0.7", "cpe:/a:apache:tomcat:6.0.29", "cpe:/a:apache:tomcat:6.0.19", "cpe:/a:apache:tomcat:6.0.12", "cpe:/a:apache:tomcat:7.0.13", "cpe:/a:apache:tomcat:7.0.0", "cpe:/a:apache:tomcat:6.0.11", "cpe:/a:apache:tomcat:7.0.15", "cpe:/a:apache:tomcat:7.0.2", "cpe:/a:apache:tomcat:7.0.25", "cpe:/a:apache:tomcat:7.0.12", "cpe:/a:apache:tomcat:6.0.8", "cpe:/a:apache:tomcat:7.0.18", "cpe:/a:apache:tomcat:6.0.26", "cpe:/a:apache:tomcat:7.0.22", "cpe:/a:apache:tomcat:6.0.2", "cpe:/a:apache:tomcat:6.0.1", "cpe:/a:apache:tomcat:7.0.19", "cpe:/a:apache:tomcat:7.0.17", "cpe:/a:apache:tomcat:7.0.5", "cpe:/a:apache:tomcat:7.0.9", "cpe:/a:apache:tomcat:6.0.31", "cpe:/a:apache:tomcat:6.0", "cpe:/a:apache:tomcat:7.0.1", "cpe:/a:apache:tomcat:6.0.24", "cpe:/a:apache:tomcat:7.0.8", "cpe:/a:apache:tomcat:7.0.6", "cpe:/a:apache:tomcat:7.0.14", "cpe:/a:apache:tomcat:6.0.35", "cpe:/a:apache:tomcat:6.0.17", "cpe:/a:apache:tomcat:6.0.27", "cpe:/a:apache:tomcat:7.0.21", "cpe:/a:apache:tomcat:6.0.3", "cpe:/a:apache:tomcat:6.0.15", "cpe:/a:apache:tomcat:6.0.18", "cpe:/a:apache:tomcat:7.0.10", "cpe:/a:apache:tomcat:6.0.30", "cpe:/a:apache:tomcat:6.0.9"], "id": "CVE-2012-4534", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4534", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.2:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.35:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.33:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.6:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.0:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.7:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.31:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.2:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.9:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.7:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.8:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.4:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:06:04", "description": "java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.", "edition": 3, "cvss3": {}, "published": "2012-11-16T21:55:00", "title": "CVE-2012-2733", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2733"], "modified": "2017-09-19T01:34:00", "cpe": ["cpe:/a:apache:tomcat:6.0.16", "cpe:/a:apache:tomcat:7.0.11", "cpe:/a:apache:tomcat:6.0.32", "cpe:/a:apache:tomcat:6.0.7", "cpe:/a:apache:tomcat:6.0.33", "cpe:/a:apache:tomcat:6.0.0", "cpe:/a:apache:tomcat:6.0.4", "cpe:/a:apache:tomcat:6.0.10", "cpe:/a:apache:tomcat:6.0.5", "cpe:/a:apache:tomcat:6.0.20", "cpe:/a:apache:tomcat:6.0.6", "cpe:/a:apache:tomcat:7.0.16", "cpe:/a:apache:tomcat:6.0.28", "cpe:/a:apache:tomcat:7.0.4", "cpe:/a:apache:tomcat:6.0.13", "cpe:/a:apache:tomcat:7.0.23", "cpe:/a:apache:tomcat:6.0.14", "cpe:/a:apache:tomcat:7.0.20", "cpe:/a:apache:tomcat:7.0.3", "cpe:/a:apache:tomcat:7.0.7", "cpe:/a:apache:tomcat:6.0.29", "cpe:/a:apache:tomcat:6.0.19", "cpe:/a:apache:tomcat:6.0.12", "cpe:/a:apache:tomcat:7.0.13", "cpe:/a:apache:tomcat:7.0.0", "cpe:/a:apache:tomcat:6.0.11", "cpe:/a:apache:tomcat:7.0.15", "cpe:/a:apache:tomcat:7.0.2", "cpe:/a:apache:tomcat:7.0.25", "cpe:/a:apache:tomcat:7.0.12", "cpe:/a:apache:tomcat:6.0.8", "cpe:/a:apache:tomcat:7.0.18", "cpe:/a:apache:tomcat:6.0.26", "cpe:/a:apache:tomcat:7.0.22", "cpe:/a:apache:tomcat:6.0.2", "cpe:/a:apache:tomcat:6.0.1", "cpe:/a:apache:tomcat:7.0.19", "cpe:/a:apache:tomcat:7.0.17", "cpe:/a:apache:tomcat:7.0.5", "cpe:/a:apache:tomcat:7.0.9", "cpe:/a:apache:tomcat:6.0.31", "cpe:/a:apache:tomcat:6.0", "cpe:/a:apache:tomcat:7.0.1", "cpe:/a:apache:tomcat:6.0.24", "cpe:/a:apache:tomcat:7.0.8", "cpe:/a:apache:tomcat:7.0.6", "cpe:/a:apache:tomcat:7.0.14", "cpe:/a:apache:tomcat:6.0.35", "cpe:/a:apache:tomcat:6.0.17", "cpe:/a:apache:tomcat:6.0.27", "cpe:/a:apache:tomcat:7.0.21", "cpe:/a:apache:tomcat:6.0.3", "cpe:/a:apache:tomcat:6.0.15", "cpe:/a:apache:tomcat:6.0.18", "cpe:/a:apache:tomcat:7.0.10", "cpe:/a:apache:tomcat:6.0.30", "cpe:/a:apache:tomcat:6.0.9"], "id": "CVE-2012-2733", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2733", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.2:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.35:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.33:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.6:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.0:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.7:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.31:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.2:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.9:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.7:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.8:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.4:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:06:09", "description": "org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.", "edition": 3, "cvss3": {}, "published": "2012-12-19T11:55:00", "title": "CVE-2012-4431", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-4431"], "modified": "2017-09-19T01:35:00", "cpe": ["cpe:/a:apache:tomcat:6.0.16", "cpe:/a:apache:tomcat:7.0.11", "cpe:/a:apache:tomcat:6.0.32", "cpe:/a:apache:tomcat:6.0.7", "cpe:/a:apache:tomcat:6.0.33", "cpe:/a:apache:tomcat:6.0.0", "cpe:/a:apache:tomcat:6.0.4", "cpe:/a:apache:tomcat:6.0.10", "cpe:/a:apache:tomcat:6.0.5", "cpe:/a:apache:tomcat:6.0.20", "cpe:/a:apache:tomcat:6.0.6", "cpe:/a:apache:tomcat:7.0.16", "cpe:/a:apache:tomcat:6.0.28", "cpe:/a:apache:tomcat:7.0.4", "cpe:/a:apache:tomcat:6.0.13", "cpe:/a:apache:tomcat:7.0.23", "cpe:/a:apache:tomcat:6.0.14", "cpe:/a:apache:tomcat:7.0.20", "cpe:/a:apache:tomcat:7.0.3", "cpe:/a:apache:tomcat:7.0.7", "cpe:/a:apache:tomcat:6.0.29", "cpe:/a:apache:tomcat:7.0.28", "cpe:/a:apache:tomcat:6.0.19", "cpe:/a:apache:tomcat:6.0.12", "cpe:/a:apache:tomcat:7.0.13", "cpe:/a:apache:tomcat:7.0.0", "cpe:/a:apache:tomcat:6.0.11", "cpe:/a:apache:tomcat:7.0.15", "cpe:/a:apache:tomcat:7.0.2", "cpe:/a:apache:tomcat:7.0.25", "cpe:/a:apache:tomcat:7.0.12", "cpe:/a:apache:tomcat:6.0.8", "cpe:/a:apache:tomcat:7.0.18", "cpe:/a:apache:tomcat:6.0.26", "cpe:/a:apache:tomcat:7.0.30", "cpe:/a:apache:tomcat:7.0.22", "cpe:/a:apache:tomcat:6.0.2", "cpe:/a:apache:tomcat:6.0.1", "cpe:/a:apache:tomcat:7.0.19", "cpe:/a:apache:tomcat:7.0.17", "cpe:/a:apache:tomcat:7.0.5", "cpe:/a:apache:tomcat:7.0.9", "cpe:/a:apache:tomcat:6.0.31", "cpe:/a:apache:tomcat:6.0", "cpe:/a:apache:tomcat:7.0.1", "cpe:/a:apache:tomcat:6.0.24", "cpe:/a:apache:tomcat:7.0.8", "cpe:/a:apache:tomcat:7.0.6", "cpe:/a:apache:tomcat:7.0.14", "cpe:/a:apache:tomcat:6.0.35", "cpe:/a:apache:tomcat:6.0.17", "cpe:/a:apache:tomcat:6.0.27", "cpe:/a:apache:tomcat:7.0.21", "cpe:/a:apache:tomcat:6.0.3", "cpe:/a:apache:tomcat:6.0.15", "cpe:/a:apache:tomcat:6.0.18", "cpe:/a:apache:tomcat:7.0.10", "cpe:/a:apache:tomcat:6.0.30", "cpe:/a:apache:tomcat:6.0.9"], "id": "CVE-2012-4431", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4431", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.2:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.35:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.33:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.6:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.0:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.7:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.31:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.2:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.9:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.7:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.8:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.4:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:06:06", "description": "org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.", "edition": 3, "cvss3": {}, "published": "2012-12-19T11:55:00", "title": "CVE-2012-3546", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-3546"], "modified": "2017-09-19T01:35:00", "cpe": ["cpe:/a:apache:tomcat:6.0.16", "cpe:/a:apache:tomcat:7.0.11", "cpe:/a:apache:tomcat:6.0.32", "cpe:/a:apache:tomcat:6.0.7", "cpe:/a:apache:tomcat:6.0.33", "cpe:/a:apache:tomcat:6.0.0", "cpe:/a:apache:tomcat:6.0.4", "cpe:/a:apache:tomcat:6.0.10", "cpe:/a:apache:tomcat:6.0.5", "cpe:/a:apache:tomcat:6.0.20", "cpe:/a:apache:tomcat:6.0.6", "cpe:/a:apache:tomcat:7.0.16", "cpe:/a:apache:tomcat:6.0.28", "cpe:/a:apache:tomcat:7.0.4", "cpe:/a:apache:tomcat:6.0.13", "cpe:/a:apache:tomcat:7.0.23", "cpe:/a:apache:tomcat:6.0.14", "cpe:/a:apache:tomcat:7.0.20", "cpe:/a:apache:tomcat:7.0.3", "cpe:/a:apache:tomcat:7.0.7", "cpe:/a:apache:tomcat:6.0.29", "cpe:/a:apache:tomcat:7.0.28", "cpe:/a:apache:tomcat:6.0.19", "cpe:/a:apache:tomcat:6.0.12", "cpe:/a:apache:tomcat:7.0.13", "cpe:/a:apache:tomcat:7.0.0", "cpe:/a:apache:tomcat:6.0.11", "cpe:/a:apache:tomcat:7.0.15", "cpe:/a:apache:tomcat:7.0.2", "cpe:/a:apache:tomcat:7.0.25", "cpe:/a:apache:tomcat:7.0.12", "cpe:/a:apache:tomcat:6.0.8", "cpe:/a:apache:tomcat:7.0.18", "cpe:/a:apache:tomcat:6.0.26", "cpe:/a:apache:tomcat:7.0.22", "cpe:/a:apache:tomcat:6.0.2", "cpe:/a:apache:tomcat:6.0.1", "cpe:/a:apache:tomcat:7.0.19", "cpe:/a:apache:tomcat:7.0.17", "cpe:/a:apache:tomcat:7.0.5", "cpe:/a:apache:tomcat:7.0.9", "cpe:/a:apache:tomcat:6.0.31", "cpe:/a:apache:tomcat:6.0", "cpe:/a:apache:tomcat:7.0.1", "cpe:/a:apache:tomcat:6.0.24", "cpe:/a:apache:tomcat:7.0.8", "cpe:/a:apache:tomcat:7.0.6", "cpe:/a:apache:tomcat:7.0.14", "cpe:/a:apache:tomcat:6.0.35", "cpe:/a:apache:tomcat:6.0.17", "cpe:/a:apache:tomcat:6.0.27", "cpe:/a:apache:tomcat:7.0.21", "cpe:/a:apache:tomcat:6.0.3", "cpe:/a:apache:tomcat:6.0.15", "cpe:/a:apache:tomcat:6.0.18", "cpe:/a:apache:tomcat:7.0.10", "cpe:/a:apache:tomcat:6.0.30", "cpe:/a:apache:tomcat:6.0.9"], "id": "CVE-2012-3546", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3546", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.2:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.35:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.33:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.0:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.31:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.2:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.9:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T11:39:25", "description": "The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.", "edition": 5, "cvss3": {}, "published": "2012-01-14T21:55:00", "title": "CVE-2011-1184", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1184"], "modified": "2019-03-25T11:33:00", "cpe": ["cpe:/a:apache:tomcat:6.0.16", "cpe:/a:apache:tomcat:7.0.11", "cpe:/a:apache:tomcat:5.5.0", "cpe:/a:apache:tomcat:5.5.32", "cpe:/a:apache:tomcat:5.5.23", "cpe:/a:apache:tomcat:5.5.18", "cpe:/a:apache:tomcat:6.0.32", "cpe:/a:apache:tomcat:5.5.2", "cpe:/a:apache:tomcat:6.0.7", "cpe:/a:apache:tomcat:5.5.1", "cpe:/a:apache:tomcat:6.0.0", "cpe:/a:apache:tomcat:6.0.4", "cpe:/a:apache:tomcat:5.5.33", "cpe:/a:apache:tomcat:6.0.10", "cpe:/a:apache:tomcat:6.0.5", "cpe:/a:apache:tomcat:6.0.20", "cpe:/a:apache:tomcat:5.5.4", "cpe:/a:apache:tomcat:6.0.6", "cpe:/a:apache:tomcat:5.5.22", "cpe:/a:apache:tomcat:6.0.28", "cpe:/a:apache:tomcat:5.5.14", "cpe:/a:apache:tomcat:7.0.4", "cpe:/a:apache:tomcat:5.5.16", "cpe:/a:apache:tomcat:6.0.13", "cpe:/a:apache:tomcat:5.5.24", "cpe:/a:apache:tomcat:5.5.29", "cpe:/a:apache:tomcat:6.0.14", "cpe:/a:apache:tomcat:5.5.3", "cpe:/a:apache:tomcat:5.5.30", "cpe:/a:apache:tomcat:5.5.10", "cpe:/a:apache:tomcat:5.5.9", "cpe:/a:apache:tomcat:7.0.3", "cpe:/a:apache:tomcat:7.0.7", "cpe:/a:apache:tomcat:6.0.29", "cpe:/a:apache:tomcat:6.0.19", "cpe:/a:apache:tomcat:6.0.12", "cpe:/a:apache:tomcat:5.5.11", "cpe:/a:apache:tomcat:7.0.0", "cpe:/a:apache:tomcat:6.0.11", "cpe:/a:apache:tomcat:7.0.2", "cpe:/a:apache:tomcat:6.0.8", "cpe:/a:apache:tomcat:5.5.25", "cpe:/a:apache:tomcat:5.5.19", "cpe:/a:apache:tomcat:5.5.21", "cpe:/a:apache:tomcat:6.0.26", "cpe:/a:apache:tomcat:5.5.5", "cpe:/a:apache:tomcat:5.5.26", "cpe:/a:apache:tomcat:5.5.31", "cpe:/a:apache:tomcat:6.0.2", "cpe:/a:apache:tomcat:6.0.1", "cpe:/a:apache:tomcat:7.0.5", "cpe:/a:apache:tomcat:5.5.17", "cpe:/a:apache:tomcat:7.0.9", "cpe:/a:apache:tomcat:6.0.31", "cpe:/a:apache:tomcat:6.0", "cpe:/a:apache:tomcat:7.0.1", "cpe:/a:apache:tomcat:6.0.24", "cpe:/a:apache:tomcat:7.0.8", "cpe:/a:apache:tomcat:5.5.28", "cpe:/a:apache:tomcat:5.5.27", "cpe:/a:apache:tomcat:5.5.7", "cpe:/a:apache:tomcat:7.0.6", "cpe:/a:apache:tomcat:5.5.13", "cpe:/a:apache:tomcat:6.0.17", "cpe:/a:apache:tomcat:6.0.27", "cpe:/a:apache:tomcat:6.0.3", "cpe:/a:apache:tomcat:5.5.15", "cpe:/a:apache:tomcat:6.0.15", "cpe:/a:apache:tomcat:5.5.8", "cpe:/a:apache:tomcat:6.0.18", "cpe:/a:apache:tomcat:5.5.6", "cpe:/a:apache:tomcat:7.0.10", "cpe:/a:apache:tomcat:5.5.12", "cpe:/a:apache:tomcat:6.0.30", "cpe:/a:apache:tomcat:5.5.20", "cpe:/a:apache:tomcat:6.0.9"], "id": "CVE-2011-1184", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1184", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.26:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.27:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.33:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.29:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.31:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.31:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.25:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.28:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.30:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.32:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*"]}], "ubuntu": [{"lastseen": "2020-07-02T11:34:45", "bulletinFamily": "unix", "cvelist": ["CVE-2012-5887", "CVE-2012-2733", "CVE-2012-5886", "CVE-2012-5885"], "description": "It was discovered that the Apache Tomcat HTTP NIO connector incorrectly \nhandled header data. A remote attacker could cause a denial of service by \nsending requests with a large amount of header data. (CVE-2012-2733)\n\nIt was discovered that Apache Tomcat incorrectly handled DIGEST \nauthentication. A remote attacker could possibly use these flaws to perform \na replay attack and bypass authentication. (CVE-2012-5885, CVE-2012-5886, \nCVE-2012-5887)", "edition": 5, "modified": "2012-11-21T00:00:00", "published": "2012-11-21T00:00:00", "id": "USN-1637-1", "href": "https://ubuntu.com/security/notices/USN-1637-1", "title": "Tomcat vulnerabilities", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-07-02T11:35:31", "bulletinFamily": "unix", "cvelist": ["CVE-2012-4431", "CVE-2012-3546", "CVE-2012-4534"], "description": "It was discovered that Tomcat incorrectly performed certain security \nconstraint checks in the FORM authenticator. A remote attacker could \npossibly use this flaw with a specially-crafted URI to bypass security \nconstraint checks. This issue only affected Ubuntu 10.04 LTS, Ubuntu 11.10 \nand Ubuntu 12.04 LTS. (CVE-2012-3546)\n\nIt was discovered that Tomcat incorrectly handled requests that lack a \nsession identifier. A remote attacker could possibly use this flaw to \nbypass the cross-site request forgery protection. (CVE-2012-4431)\n\nIt was discovered that Tomcat incorrectly handled sendfile and HTTPS when \nthe NIO connector is used. A remote attacker could use this flaw to cause \nTomcat to stop responsing, resulting in a denial of service. This issue \nonly affected Ubuntu 10.04 LTS, Ubuntu 11.10 and Ubuntu 12.04 LTS. \n(CVE-2012-4534)", "edition": 5, "modified": "2013-01-14T00:00:00", "published": "2013-01-14T00:00:00", "id": "USN-1685-1", "href": "https://ubuntu.com/security/notices/USN-1685-1", "title": "Tomcat vulnerabilities", "type": "ubuntu", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:49", "bulletinFamily": "software", "cvelist": ["CVE-2012-5887", "CVE-2012-2733", "CVE-2012-5886", "CVE-2012-5885"], "description": "Authentication bypass and replay attacks on Digest authentication, DoS.", "edition": 1, "modified": "2012-11-26T00:00:00", "published": "2012-11-26T00:00:00", "id": "SECURITYVULNS:VULN:12725", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12725", "title": "Apache Tomcat multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:46", "bulletinFamily": "software", "cvelist": ["CVE-2012-3439", "CVE-2012-5887", "CVE-2012-2733", "CVE-2012-5886", "CVE-2012-5885"], "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-1637-1\r\nNovember 21, 2012\r\n\r\ntomcat6 vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 12.04 LTS\r\n- Ubuntu 11.10\r\n- Ubuntu 10.04 LTS\r\n\r\nSummary:\r\n\r\nSeveral security issues were fixed in Apache Tomcat.\r\n\r\nSoftware Description:\r\n- tomcat6: Servlet and JSP engine\r\n\r\nDetails:\r\n\r\nIt was discovered that the Apache Tomcat HTTP NIO connector incorrectly\r\nhandled header data. A remote attacker could cause a denial of service by\r\nsending requests with a large amount of header data. (CVE-2012-2733)\r\n\r\nIt was discovered that Apache Tomcat incorrectly handled DIGEST\r\nauthentication. A remote attacker could possibly use these flaws to perform\r\na replay attack and bypass authentication. (CVE-2012-5885, CVE-2012-5886,\r\nCVE-2012-5887)\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 12.04 LTS:\r\n libtomcat6-java 6.0.35-1ubuntu3.1\r\n\r\nUbuntu 11.10:\r\n libtomcat6-java 6.0.32-5ubuntu1.3\r\n\r\nUbuntu 10.04 LTS:\r\n libtomcat6-java 6.0.24-2ubuntu1.11\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-1637-1\r\n CVE-2012-2733, CVE-2012-3439, CVE-2012-5885, CVE-2012-5886,\r\n CVE-2012-5887\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/tomcat6/6.0.35-1ubuntu3.1\r\n https://launchpad.net/ubuntu/+source/tomcat6/6.0.32-5ubuntu1.3\r\n https://launchpad.net/ubuntu/+source/tomcat6/6.0.24-2ubuntu1.11\r\n\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n", "edition": 1, "modified": "2012-11-26T00:00:00", "published": "2012-11-26T00:00:00", "id": "SECURITYVULNS:DOC:28773", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28773", "title": "[USN-1637-1] Tomcat vulnerabilities", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:49", "bulletinFamily": "software", "cvelist": ["CVE-2012-4431", "CVE-2012-3546", "CVE-2012-4534"], "description": "Protection bypass, DoS.", "edition": 1, "modified": "2012-12-07T00:00:00", "published": "2012-12-07T00:00:00", "id": "SECURITYVULNS:VULN:12747", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12747", "title": "Apache Tomcat multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:46", "bulletinFamily": "software", "cvelist": ["CVE-2012-4534"], "description": "\r\n\r\nCVE-2012-4534 Apache Tomcat denial of service\r\n\r\nSeverity: Important\r\n\r\nVendor: The Apache Software Foundation\r\n\r\nVersions Affected:\r\n- Tomcat 7.0.0 to 7.0.27\r\n- Tomcat 6.0.0 to 6.0.35\r\n\r\nDescription:\r\nWhen using the NIO connector with sendfile and HTTPS enabled, if a\r\nclient breaks the connection while reading the response an infinite loop\r\nis entered leading to a denial of service. This was originally reported\r\nas https://issues.apache.org/bugzilla/show_bug.cgi?id=52858.\r\n\r\nMitigation:\r\nUsers of affected versions should apply one of the following mitigations:\r\n- Tomcat 7.0.x users should upgrade to 7.0.28 or later\r\n- Tomcat 6.0.x users should upgrade to 6.0.36 or later\r\n\r\nCredit:\r\nThe security implications of this bug were identified by Arun Neelicattu\r\nof the Red Hat Security Response Team.\r\n\r\nReferences:\r\nhttp://tomcat.apache.org/security.html\r\nhttp://tomcat.apache.org/security-7.html\r\nhttp://tomcat.apache.org/security-6.html\r\n", "edition": 1, "modified": "2012-12-07T00:00:00", "published": "2012-12-07T00:00:00", "id": "SECURITYVULNS:DOC:28802", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28802", "title": "CVE-2012-4534 Apache Tomcat denial of service", "type": "securityvulns", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:46", "bulletinFamily": "software", "cvelist": ["CVE-2012-4431"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nCVE-2012-4431 Apache Tomcat Bypass of CSRF prevention filter\r\n\r\nSeverity: Important\r\n\r\nVendor: The Apache Software Foundation\r\n\r\nVersions Affected:\r\n- - Tomcat 7.0.0 to 7.0.31\r\n- - Tomcat 6.0.0 to 6.0.35\r\n\r\nDescription:\r\nThe CSRF prevention filter could be bypassed if a request was made to a\r\nprotected resource without a session identifier present in the request.\r\n\r\nMitigation:\r\nUsers of affected versions should apply one of the following mitigations:\r\n- - Tomcat 7.0.x users should upgrade to 7.0.32 or later\r\n- - Tomcat 6.0.x users should upgrade to 6.0.36 or later\r\n\r\nCredit:\r\nThis issue was identified by The Tomcat security team\r\n\r\nReferences:\r\nhttp://tomcat.apache.org/security.html\r\nhttp://tomcat.apache.org/security-7.html\r\nhttp://tomcat.apache.org/security-6.html\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (MingW32)\r\nComment: Using GnuPG with undefined - http://www.enigmail.net/\r\n\r\niQIcBAEBAgAGBQJQvlNvAAoJEBDAHFovYFnnY80QAMvP1gIpG00vfIdiFabpJX55\r\nUEmkPuTSefxZ6NMvAL8GkuUe8CoC6KinCgOx+s8eGlEiHtWFoYvM/Ckg8E3a8SY6\r\nMfD8GLo2av/LdULGSCBrbaL2wFbgixPTBpgR9YS4bdpTK5nVqBZyZOjOzptqRDnE\r\nBQXDLLKa65/z7cF57l+XcLs1+JW3KJGRiGJzBNUrJK1x/AzfgRgk4jgvYdyDWdpI\r\nzuXKgwBbunblPL4sZhZA2mhoswBIMIJIaHXOAD28Ddt9IIae0UFptY6LmExOkSsa\r\nPtshA4EBlO8JTPPcfwtqA/bkHAWCzB1QshkYD57rLF3t1ouDQWI6j8l+q3AYIxzv\r\na0Ix4qzE2hekcjGSCUMZUqNgcaGSjsggaOEo5zauM01osPQxbfpH41eH5fIWlMKi\r\nvrxRjYJwLyLdkj3bZFuP7Uq1GL4BLjeKDfqsL4aqcfdBPZea6C9rToEkB8EjD4vf\r\nDVdrX4Ivg3ImMMnL+gkX4+5aLp+jpw23G9gZbX1DJn+648iv3yFoK5ysOWy1GAAO\r\nx1Iq3pa49NigJ0ipjZvxc07THIoiK/t49/3fWzMR1Xm819oJC2/Qf512l/FpEltK\r\nkQ0y8BC4+7ypUZyhtwE3jzLW1x2j4ZBK8l1nX0X92WepJ6piro/7o80qiyDMfqPC\r\nhbmBu213eSXnV9kRHveI\r\n=jich\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2012-12-07T00:00:00", "published": "2012-12-07T00:00:00", "id": "SECURITYVULNS:DOC:28804", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28804", "title": "CVE-2012-4431 Apache Tomcat Bypass of CSRF prevention filter", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:46", "bulletinFamily": "software", "cvelist": ["CVE-2012-3546"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nCVE-2012-3546 Apache Tomcat Bypass of security constraints\r\n\r\nSeverity: Important\r\n\r\nVendor: The Apache Software Foundation\r\n\r\nVersions Affected:\r\n- - Tomcat 7.0.0 to 7.0.29\r\n- - Tomcat 6.0.0 to 6.0.35\r\nEarlier unsupported versions may also be affected\r\n\r\nDescription:\r\nWhen using FORM authentication it was possible to bypass the security\r\nconstraint checks in the FORM authenticator by appending\r\n"/j_security_check" to the end of the URL if some other component (such\r\nas the Single-Sign-On valve) had called request.setUserPrincipal()\r\nbefore the call to FormAuthenticator#authenticate().\r\n\r\nMitigation:\r\nUsers of affected versions should apply one of the following mitigations:\r\n- - Tomcat 7.0.x users should upgrade to 7.0.30 or later\r\n- - Tomcat 6.0.x users should upgrade to 6.0.36 or later\r\n\r\nCredit:\r\nThis issue was identified by The Tomcat security team\r\n\r\nReferences:\r\nhttp://tomcat.apache.org/security.html\r\nhttp://tomcat.apache.org/security-7.html\r\nhttp://tomcat.apache.org/security-6.html\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (MingW32)\r\nComment: Using GnuPG with undefined - http://www.enigmail.net/\r\n\r\niQIcBAEBAgAGBQJQvlNnAAoJEBDAHFovYFnnsJoP/i6/NEKy6+tAcMZ0vKV5CGci\r\n2Epf7NbfWHZhyYZlI445kHoCGQAvMaD0pXlLBUTlzVd2N9Jugk1j2WNPzvOlsaZ0\r\njx3qeuvNhVZzAa2LIDVSj8ENVNYMiA/S4reZu2u9lHqw5tTP5fapJXDNphSnr0kR\r\nA662JdkQlirQtFylkvqFdMoZ3N/vEPwzD8Cs80fafEhEqcoOtrO6yOyaR/kwEFeI\r\n5cxbm/om4+T9cVkRduGqhzLRBWnDiCeBguXiUJXDQorOWmzHq438cNd4ylfFRa1W\r\nRBsin8aVY6LMIUqdWWqUnG8SPI7qp7odMRzhI1yLw+y4ykrV5coKeTvalIsh+3ZE\r\nFWP7kYmrOYS8NToq56Fxn8bYAuAsJiOsVZ4ox0ozR9HQCEqLEpXTa31hEowUBtig\r\nLO0HRgQIeh4rdgxxR2V46JiRw8URNfGevKrhez5B8UAb8hj02SM/3hyg3S3pL2Jn\r\nfl0vLnf1+DACd0mUuGmSQNLx5VznW6fkYHZWgmV3SigaroKL4+BbqCO7WvuNs9aA\r\nY8dYt08IgF0O/Kt1vQdks31KEDIqHJOtrZBCySdvVLGz1x+MxluWssZGQELCcj0v\r\nByfH80yh/uIU2Zk9QTaJlEkuODyWTYxmYRk34R3/zZ57za+NQLlpe0cfBRy33wjt\r\nVCfhXK6n3npDlmhpeBDw\r\n=pOlX\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2012-12-07T00:00:00", "published": "2012-12-07T00:00:00", "id": "SECURITYVULNS:DOC:28803", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28803", "title": "CVE-2012-3546 Apache Tomcat Bypass of security constraints", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:42", "bulletinFamily": "software", "cvelist": ["CVE-2011-1184"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nCVE-2011-1184 Apache Tomcat - Multiple weaknesses in HTTP DIGEST\r\nauthentication\r\n\r\nSeverity: Moderate\r\n\r\nVendor: The Apache Software Foundation\r\n\r\nVersions Affected:\r\n- - Tomcat 7.0.0 to 7.0.11\r\n- - Tomcat 6.0.0 to 6.0.32\r\n- - Tomcat 5.5.0 to 5.5.33\r\n- - Earlier, unsupported versions may also be affected\r\n\r\nDescription:\r\nThe implementation of HTTP DIGEST authentication was discovered to\r\nhave several weaknesses:\r\n- - replay attacks were permitted\r\n- - server nonces were not checked\r\n- - client nonce counts were not checked\r\n- - qop values were not checked\r\n- - realm values were not checked\r\n- - the server secret was hard-coded to a known string\r\nThe result of these weaknesses is that DIGEST authentication was only\r\nas secure as BASIC authentication.\r\n\r\nMitigation:\r\nUsers of Tomcat 7.0.x should upgrade to 7.0.12 or later\r\nUsers of Tomcat 6.0.x should upgrade to 6.0.33 or later\r\nUsers of Tomcat 5.5.x should upgrade to 5.5.34 or later\r\n\r\nCredit:\r\nThis issue was identified by the Apache Tomcat security team\r\n\r\nReferences:\r\nhttp://tomcat.apache.org/security.html\r\nhttp://tomcat.apache.org/security-7.html\r\nhttp://tomcat.apache.org/security-6.html\r\nhttp://tomcat.apache.org/security-5.html\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (MingW32)\r\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/\r\n\r\niQIcBAEBAgAGBQJOgF0tAAoJEBDAHFovYFnnv70QALdoVwivDt9bXBEpMgjJ0/NY\r\nkadCFsA/X+O8TEKTRx/85B54Spgv8dGJFiPMettdbfjFuq7ADsRiAbxsZQ3dEIfJ\r\nesrWfPJRTpXhjKU1OOLmoDvoueAD0pD7/qvl8o9bFowxGXLWqvO/elFe+4AH2YjZ\r\nux9tWOlWn46Q7ffaNOzRebjPVIQ3ebB+FH9ToZAdNfFFIZbtxYRMV02wRfHWq+fU\r\nkTJ+hKF0XOpzyIut3zkmE00ZuvGAPLdnZcMKq9m/X/dt/niP2nT8H28Xx1Zu8sW+\r\nCUE7CRse4pI6fGuXVrOAk1akyN/hkiSPxDNsDnHxALTNmjr1Z+DAs7QT5IKc3EDv\r\nNeSXAnxKfIJ83jcjam1bEf38UN1uYatP/u6XJCVpnOr0UjJ9wtO+QgSV/93eiyD7\r\nYCpVcmKay/jvWmLPp7MRB+h6FGhJNw5OA5k7IWJePBXC39p6tpac3vsOKx1OGU38\r\nQKUglIro/TtZo7gmfeG8lD3lI493l25+3E/vBiSrbfSHua3bmyFQikQMhy2ZPYIt\r\n4wEfdaW4hUBJHpxkDaotuTTN8ATzQLtDNTGei2u76ZXQiOjTLUDGam++6fR+kfZU\r\ngloAy8ZIS702hoXg/ypFPtcyIx435dOgxtGIbOedmDUsy1ErGTCAksrOyn2yZl3v\r\n+Ew0bAULNmXwKQeMyDj0\r\n=u/Ai\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2011-09-26T00:00:00", "published": "2011-09-26T00:00:00", "id": "SECURITYVULNS:DOC:27069", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27069", "title": "[SECURITY] CVE-2011-1184 Apache Tomcat - Multiple weaknesses in HTTP DIGEST authentication", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:34:10", "bulletinFamily": "unix", "cvelist": ["CVE-2012-3439", "CVE-2012-5887", "CVE-2012-3546", "CVE-2012-5886", "CVE-2012-4534", "CVE-2012-5885"], "description": "[0:6.0.24-52]\n- Related: rhbz 882010 rhbz 883692 rhbz 883705\n- Javadoc generation did not work. Using targetrhel-6.4.Z-noarch-candidate\n- to avoid building on ppc64, ppc, and x390x.\n[0:6.0.24-50]\n- Resolves: rhbz 882010 CVE-2012-3439 CVE-2012-5885 CVE-2012-5886 CVE-2012-5887\n- three DIGEST authentication issues\n- Resolves: rhbz 883692 CVE-2012-4534 Denial of service when using\n- SSL NIO sendfile\n- Resolves: rhbz 883705 CVE-2012-3546 Bypass of Realm security constraints", "edition": 4, "modified": "2013-03-11T00:00:00", "published": "2013-03-11T00:00:00", "id": "ELSA-2013-0623", "href": "http://linux.oracle.com/errata/ELSA-2013-0623.html", "title": "tomcat6 security update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:39:41", "bulletinFamily": "unix", "cvelist": ["CVE-2012-3439", "CVE-2012-5887", "CVE-2012-3546", "CVE-2012-5886", "CVE-2012-5885"], "description": "[0:5.5.23-0jpp.38]\n- Resolves: CVE-2012-3439 rhbz#882008 three DIGEST authentication\n- implementation\n- Resolves: CVE-2012-3546, rhbz#913034 Bypass of security constraints.\n- Remove unneeded handling of FORM authentication in RealmBase", "edition": 4, "modified": "2013-03-12T00:00:00", "published": "2013-03-12T00:00:00", "id": "ELSA-2013-0640", "href": "http://linux.oracle.com/errata/ELSA-2013-0640.html", "title": "tomcat5 security update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "fedora": [{"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-2733", "CVE-2012-3439", "CVE-2012-3546", "CVE-2012-4431", "CVE-2012-4534"], "description": "Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License version 2.0. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world. ", "modified": "2012-12-19T08:29:53", "published": "2012-12-19T08:29:53", "id": "FEDORA:7E5312097C", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: tomcat-7.0.33-1.fc16", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "thn": [{"lastseen": "2017-01-08T18:01:28", "bulletinFamily": "info", "cvelist": ["CVE-2012-4431", "CVE-2012-3546", "CVE-2012-4534"], "description": " \n\n\nSome critical vulnerabilities have been reported in Apache Tomcat, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service) attack. These vulnerabilities affect Apache Tomcat 6.x and Apache Tomcat 7.x .\n\n \n\n\n**Apache Tomcat vulnerabilities**\n\n * [CVE-2012-4534](<https://mail-archives.apache.org/mod_mbox/tomcat-announce/201212.mbox/%3C50BE535A.9000600@apache.org%3E>) Apache Tomcat denial of service\n * [CVE-2012-3546](<https://mail-archives.apache.org/mod_mbox/tomcat-announce/201212.mbox/%3C50BE5367.6090809@apache.org%3E>) Apache Tomcat Bypass of security constraints\n * [CVE-2012-4431](<https://mail-archives.apache.org/mod_mbox/tomcat-announce/201212.mbox/%3C50BE536F.6000705@apache.org%3E>) Apache Tomcat Bypass of CSRF prevention filter\n\n \n\n\n[](<http://4.bp.blogspot.com/-0qdwDlCWUCs/UL-H7JHOG1I/AAAAAAAAOhg/7BPoAXuqTh0/s1600/apache-tomcat-7.png>)\n\n \n\n\nAccording to CVE-2012-4431 , The CSRF prevention filter could be bypassed if a request was made to a protected resource without a session identifier present in the request.\n\n \n\n\nCVE-2012-4534, DOS includes vulnerabilities ranging from excessive resource consumption (e.g. causing a system to use a lot of memory) to crashing an application or an entire system.\n\n \n\n\nWhereas, CVE-2012-3546 - where malicious users or people can bypass certain security mechanisms of the application. The actual impact varies significantly depending on the design and purpose of the affected application.\n\n \n\n\nIf you are affected, Please update your Tomcat to a fixed version i.e \n\n * Tomcat 7.x: Update to version 7.0.32.\n * Tomcat 6.x: Update to version 6.0.36.\n", "modified": "2012-12-05T17:47:59", "published": "2012-12-05T06:45:00", "id": "THN:109F3CE2A5819B3E1345F63EBB346D6C", "href": "http://thehackernews.com/2012/12/apache-tomcat-multiple-critical.html", "type": "thn", "title": "Apache Tomcat Multiple Critical Vulnerabilities", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:52", "bulletinFamily": "unix", "cvelist": ["CVE-2012-3544", "CVE-2013-2071", "CVE-2012-5887", "CVE-2014-0099", "CVE-2014-0119", "CVE-2013-4322", "CVE-2012-4431", "CVE-2012-2733", "CVE-2014-0050", "CVE-2013-2067", "CVE-2013-4286", "CVE-2013-4590", "CVE-2014-0096", "CVE-2014-0075", "CVE-2012-3546", "CVE-2012-5886", "CVE-2014-0033", "CVE-2012-4534", "CVE-2012-5885"], "description": "### Background\n\nApache Tomcat is a Servlet-3.0/JSP-2.2 Container.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Tomcat. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker may be able to cause a Denial of Service condition as well as obtain sensitive information, bypass protection mechanisms and authentication restrictions. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Tomcat 6.0.x users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-servers/tomcat-6.0.41\"\n \n\nAll Tomcat 7.0.x users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-servers/tomcat-7.0.56\"", "edition": 1, "modified": "2016-03-20T00:00:00", "published": "2014-12-15T00:00:00", "id": "GLSA-201412-29", "href": "https://security.gentoo.org/glsa/201412-29", "type": "gentoo", "title": "Apache Tomcat: Multiple vulnerabilities", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "atlassian": [{"lastseen": "2017-04-02T10:17:25", "bulletinFamily": "software", "cvelist": ["CVE-2012-3544", "CVE-2012-3439", "CVE-2012-2071", "CVE-2013-2071", "CVE-2012-4431", "CVE-2012-2733", "CVE-2013-2067", "CVE-2012-3546", "CVE-2012-4534"], "edition": 2, "description": "{panel:bgColor=#e7f4fa}\n *NOTE:* This suggestion is for *Confluence Server*. Using *Confluence Cloud*? [See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-29345].\n {panel}\n\nCustomer related a security flaw in Tomcat 6.0.35 and requests that we upgrade the bundled version.", "modified": "2017-04-02T08:19:27", "published": "2013-05-21T00:23:31", "href": "https://jira.atlassian.com/browse/CONFSERVER-29345", "id": "ATLASSIAN:CONFSERVER-29345", "type": "atlassian", "title": "Upgrade bundled Tomcat to 6.0.37", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-03-22T18:16:54", "bulletinFamily": "software", "cvelist": ["CVE-2012-3544", "CVE-2012-3439", "CVE-2012-2071", "CVE-2013-2071", "CVE-2012-4431", "CVE-2012-2733", "CVE-2013-2067", "CVE-2012-3546", "CVE-2012-4534"], "edition": 1, "description": "Customer related a security flaw in Tomcat 6.0.35 and requests that we upgrade the bundled version.", "modified": "2017-02-17T05:47:48", "published": "2013-05-21T00:23:31", "href": "https://jira.atlassian.com/browse/CONF-29345", "id": "ATLASSIAN:CONF-29345", "title": "Upgrade bundled Tomcat to 6.0.37", "type": "atlassian", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T17:29:02", "bulletinFamily": "software", "cvelist": ["CVE-2012-3544", "CVE-2012-3439", "CVE-2012-2071", "CVE-2013-2071", "CVE-2012-4431", "CVE-2012-2733", "CVE-2013-2067", "CVE-2012-3546", "CVE-2012-4534"], "description": "{panel:bgColor=#e7f4fa}\n *NOTE:* This suggestion is for *Confluence Cloud*. Using *Confluence Server*? [See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-29345].\n {panel}\n\nCustomer related a security flaw in Tomcat 6.0.35 and requests that we upgrade the bundled version.", "edition": 4, "modified": "2017-04-02T08:19:29", "published": "2013-05-21T00:23:31", "id": "ATLASSIAN:CONFCLOUD-29345", "href": "https://jira.atlassian.com/browse/CONFCLOUD-29345", "title": "Upgrade bundled Tomcat to 6.0.37", "type": "atlassian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:42", "bulletinFamily": "unix", "cvelist": ["CVE-2012-4431"], "description": "\nThe Apache Software Foundation reports:\n\nThe CSRF prevention filter could be bypassed if a request was made to a\n\t protected resource without a session identifier present in the request.\n\n", "edition": 5, "modified": "2017-03-18T00:00:00", "published": "2012-12-04T00:00:00", "id": "953911FE-51EF-11E2-8E34-0022156E8794", "href": "https://vuxml.freebsd.org/freebsd/953911fe-51ef-11e2-8e34-0022156e8794.html", "title": "tomcat -- bypass of CSRF prevention filter", "type": "freebsd", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "seebug": [{"lastseen": "2017-11-19T17:48:22", "description": "BUGTRAQ ID: 56814\r\nCVE(CAN) ID: CVE-2012-4431\r\n\r\nApache Tomcat\u662f\u4e00\u4e2a\u6d41\u884c\u7684\u5f00\u653e\u6e90\u7801\u7684JSP\u5e94\u7528\u670d\u52a1\u5668\u7a0b\u5e8f\u3002\r\n\r\nTomcat v7.0.31\u30016.0.35\u4e4b\u524d\u7248\u672c\u5728\u5b9e\u73b0\u4e0a\u5b58\u5728\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u5f53\u524d\u7528\u6237\u6743\u9650\u6267\u884c\u67d0\u4e9b\u64cd\u4f5c\uff0c\u8bbf\u95ee\u53d7\u5f71\u54cd\u5e94\u7528\u7a0b\u5e8f\u3002\n0\nApache Group Tomcat 7.0.0 - 7.0.29\r\nApache Group Tomcat 6.0.0 - 6.0.35\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nApache Group\r\n------------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\u66f4\u9ad8\u7248\u672c\u3002\r\n\r\n\u53c2\u8003\u94fe\u63a5\uff1a\r\nhttp://tomcat.apache.org/security.html\r\nhttp://tomcat.apache.org/security-7.html\r\nhttp://tomcat.apache.org/security-6.html", "published": "2012-12-07T00:00:00", "title": "Apache Tomcat \u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2012-4431"], "modified": "2012-12-07T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-60497", "id": "SSV:60497", "sourceData": "", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": ""}]}
