Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_11_0_TOMCAT6-080821.NASL
HistoryJul 21, 2009 - 12:00 a.m.

openSUSE Security Update : tomcat6 (tomcat6-161)

2009-07-2100:00:00
This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
34
JSON

This update of tomcat fixes another directory traversal bug which occurs when allowLinking and UTF-8 are enabled. (CVE-2008-2938)

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update tomcat6-161.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(40143);
  script_version("1.17");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2008-2938");

  script_name(english:"openSUSE Security Update : tomcat6 (tomcat6-161)");
  script_summary(english:"Check for the tomcat6-161 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update of tomcat fixes another directory traversal bug which
occurs when allowLinking and UTF-8 are enabled. (CVE-2008-2938)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=417217"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected tomcat6 packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"d2_elliot_name", value:"Apache Tomcat File Disclosure");
  script_set_attribute(attribute:"exploit_framework_d2_elliot", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack');
  script_cwe_id(22);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat6-admin-webapps");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat6-docs-webapp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat6-javadoc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat6-jsp-2_1-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat6-lib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat6-servlet-2_5-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat6-webapps");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.0");

  script_set_attribute(attribute:"vuln_publication_date", value:"2008/08/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2008/08/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/07/21");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE11\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.0", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);



flag = 0;

if ( rpm_check(release:"SUSE11.0", reference:"tomcat6-6.0.16-6.4") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"tomcat6-admin-webapps-6.0.16-6.4") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"tomcat6-docs-webapp-6.0.16-6.4") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"tomcat6-javadoc-6.0.16-6.4") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"tomcat6-jsp-2_1-api-6.0.16-6.4") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"tomcat6-lib-6.0.16-6.4") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"tomcat6-servlet-2_5-api-6.0.16-6.4") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"tomcat6-webapps-6.0.16-6.4") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "tomcat");
}
VendorProductVersionCPE
novellopensusetomcat6p-cpe:/a:novell:opensuse:tomcat6
novellopensusetomcat6-admin-webappsp-cpe:/a:novell:opensuse:tomcat6-admin-webapps
novellopensusetomcat6-docs-webappp-cpe:/a:novell:opensuse:tomcat6-docs-webapp
novellopensusetomcat6-javadocp-cpe:/a:novell:opensuse:tomcat6-javadoc
novellopensusetomcat6-jsp-2_1-apip-cpe:/a:novell:opensuse:tomcat6-jsp-2_1-api
novellopensusetomcat6-libp-cpe:/a:novell:opensuse:tomcat6-lib
novellopensusetomcat6-servlet-2_5-apip-cpe:/a:novell:opensuse:tomcat6-servlet-2_5-api
novellopensusetomcat6-webappsp-cpe:/a:novell:opensuse:tomcat6-webapps
novellopensuse11.0cpe:/o:novell:opensuse:11.0

Related

packetstorm 4
openvas 27
seebug 6
dsquare 1
securityvulns 7
exploitpack 2
nessus 17
cert 1
checkpoint_advisories 2
d2 1
veracode 1
exploitdb 2
ubuntucve 1
osv 1
cve 1
prion 1
github 1
redhat 5
centos 1
atlassian 2
fedora 3
oraclelinux 1
packetstorm
packetstorm
tomcat-traverse.txt
2008-08-13 00:00:00
Oracle Containers For Java Traversal
2009-01-21 00:00:00
Apache Tomcat UTF-8 Directory Traversal
2010-07-28 00:00:00
openvas
openvas
SLES10: Security update for Tomcat 5
2009-10-13 00:00:00
SLES10: Security update for Tomcat 5
2009-10-13 00:00:00
SLES9: Security update for Tomcat
2009-10-10 00:00:00
seebug
seebug
apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
2014-07-01 00:00:00
Apache Tomcat &lt;= 6.0.18 UTF8 Directory Traversal Vulnerability
2008-08-11 00:00:00
Apache Tomcat UTF-8目录遍历漏洞
2008-08-12 00:00:00
dsquare
dsquare
Apache Tomcat File Disclosure
2012-02-01 00:00:00
securityvulns
securityvulns
[Full-disclosure] Oracle Containers For Java Directory Traversal &#40;OC4J&#41; Oracle Application Server 10g &#40;10.1.3.1.0&#41; Oracle HTTP Server
2009-01-20 00:00:00
Apache Tomcat &lt;= 6.0.18 UTF8 Directory Traversal Vulnerability
2008-08-12 00:00:00
[SECURITY] CVE-2008-2938 - Apache Tomcat information disclosure vulnerability - Updated
2008-09-10 00:00:00
exploitpack
exploitpack
Apache Tomcat 6.0.18 - utf8 Directory Traversal (PoC)
2008-08-11 00:00:00
toutvirtual virtualiq pro 3.2 - Multiple Vulnerabilities
2009-11-07 00:00:00
nessus
nessus
openSUSE 10 Security Update : tomcat5 (tomcat5-5542)
2008-09-10 00:00:00
openSUSE 10 Security Update : tomcat55 (tomcat55-5547)
2008-09-11 00:00:00
SuSE 10 Security Update : Tomcat 5 (ZYPP Patch Number 5539)
2008-09-10 00:00:00
cert
cert
Apache Tomcat UTF8 Directory Traversal Vulnerability
2008-08-19 00:00:00
checkpoint_advisories
checkpoint_advisories
Preemptive Protection against Apache Tomcat allowLinking URIencoding Directory Traversal Vulnerability
2008-08-19 00:00:00
Apache Tomcat URIencoding Directory Traversal (CVE-2007-0450; CVE-2008-2938)
2009-11-01 00:00:00
d2
d2
DSquare Exploit Pack: D2SEC_TOMCAT_UTF8
2008-08-13 00:41:00
veracode
veracode
Directory Traversal
2018-11-09 01:31:46
exploitdb
exploitdb
Apache Tomcat &lt; 6.0.18 - &#039;utf8&#039; Directory Traversal (PoC)
2008-08-11 00:00:00
toutvirtual virtualiq pro 3.2 - Multiple Vulnerabilities
2009-11-07 00:00:00
ubuntucve
ubuntucve
CVE-2008-2938
2008-08-13 00:00:00
osv
osv
Apache Tomcat Directory Traversal vulnerability
2022-05-01 23:55:04
cve
cve
CVE-2008-2938
2008-08-13 00:41:00
prion
prion
Directory traversal
2008-08-13 00:41:00
github
github
Apache Tomcat Directory Traversal vulnerability
2022-05-01 23:55:04
redhat
redhat
(RHSA-2008:0877) Important: jbossweb security update
2008-09-22 00:00:00
(RHSA-2008:0648) Important: tomcat security update
2008-08-27 00:00:00
(RHSA-2008:0864) Important: tomcat security update
2008-10-02 00:00:00
centos
centos
tomcat5 security update
2008-08-28 22:01:41
atlassian
atlassian
Upgrade standalone Tomcat to 5.5.25
2008-01-15 04:23:59
Upgrade standalone Tomcat to 5.5.25
2008-01-15 04:23:59
fedora
fedora
[SECURITY] Fedora 9 Update: tomcat5-5.5.27-0jpp.2.fc9
2008-09-16 23:25:10
[SECURITY] Fedora 9 Update: tomcat6-6.0.18-1.1.fc9
2008-09-11 17:17:43
[SECURITY] Fedora 8 Update: tomcat5-5.5.27-0jpp.2.fc8
2008-09-16 23:28:35
oraclelinux
oraclelinux
tomcat security update
2008-08-27 00:00:00
JSON
Related for SUSE_11_0_TOMCAT6-080821.NASL
packetstorm4openvas27seebug6dsquare1securityvulns7exploitpack2nessus17cert1checkpoint_advisories2d21veracode1exploitdb2ubuntucve1osv1cve1prion1github1redhat5centos1atlassian2fedora3oraclelinux1