Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2010-2021 Tenable Network Security, Inc.SUSE_11_1_TOMCAT6-100211.NASL
HistoryApr 09, 2010 - 12:00 a.m.

openSUSE Security Update : tomcat6 (tomcat6-2000)

2010-04-0900:00:00
This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.
www.tenable.com
15
JSON

This update of tomcat5/6 fixes :

  • CVE-2009-2693: CVSS v2 Base Score: 5.8 CVE-2009-2902:
    CVSS v2 Base Score: 4.3 Directory traversal vulnerability allowed remote attackers to create or overwrite arbitrary files/dirs with a specially crafted WAR file.

  • CVE-2009-2901: CVSS v2 Base Score: 4.3 When autoDeploy is enabled the autodeployment process deployed appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.

  • CVE-2008-5515: CVSS v2 Base Score: 5.0 When using the RequestDispatcher method, i was possible for remote attackers to bypass intended access restrictions and conduct directory traversal attacks.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update tomcat6-2000.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(45462);
  script_version("1.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2008-5515", "CVE-2009-2693", "CVE-2009-2901", "CVE-2009-2902");

  script_name(english:"openSUSE Security Update : tomcat6 (tomcat6-2000)");
  script_summary(english:"Check for the tomcat6-2000 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update of tomcat5/6 fixes :

  - CVE-2009-2693: CVSS v2 Base Score: 5.8 CVE-2009-2902:
    CVSS v2 Base Score: 4.3 Directory traversal
    vulnerability allowed remote attackers to create or
    overwrite arbitrary files/dirs with a specially crafted
    WAR file.

  - CVE-2009-2901: CVSS v2 Base Score: 4.3 When autoDeploy
    is enabled the autodeployment process deployed appBase
    files that remain from a failed undeploy, which might
    allow remote attackers to bypass intended authentication
    requirements via HTTP requests.

  - CVE-2008-5515: CVSS v2 Base Score: 5.0 When using the
    RequestDispatcher method, i was possible for remote
    attackers to bypass intended access restrictions and
    conduct directory traversal attacks."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=575083"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected tomcat6 packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P");
  script_cwe_id(22, 264);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat6-admin-webapps");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat6-docs-webapp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat6-javadoc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat6-jsp-2_1-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat6-lib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat6-servlet-2_5-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat6-webapps");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.1");

  script_set_attribute(attribute:"patch_publication_date", value:"2010/02/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/04/09");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE11\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);



flag = 0;

if ( rpm_check(release:"SUSE11.1", reference:"tomcat6-6.0.18-16.3.4") ) flag++;
if ( rpm_check(release:"SUSE11.1", reference:"tomcat6-admin-webapps-6.0.18-16.3.4") ) flag++;
if ( rpm_check(release:"SUSE11.1", reference:"tomcat6-docs-webapp-6.0.18-16.3.4") ) flag++;
if ( rpm_check(release:"SUSE11.1", reference:"tomcat6-javadoc-6.0.18-16.3.4") ) flag++;
if ( rpm_check(release:"SUSE11.1", reference:"tomcat6-jsp-2_1-api-6.0.18-16.3.4") ) flag++;
if ( rpm_check(release:"SUSE11.1", reference:"tomcat6-lib-6.0.18-16.3.4") ) flag++;
if ( rpm_check(release:"SUSE11.1", reference:"tomcat6-servlet-2_5-api-6.0.18-16.3.4") ) flag++;
if ( rpm_check(release:"SUSE11.1", reference:"tomcat6-webapps-6.0.18-16.3.4") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "tomcat");
}
VendorProductVersionCPE
novellopensusetomcat6p-cpe:/a:novell:opensuse:tomcat6
novellopensusetomcat6-admin-webappsp-cpe:/a:novell:opensuse:tomcat6-admin-webapps
novellopensusetomcat6-docs-webappp-cpe:/a:novell:opensuse:tomcat6-docs-webapp
novellopensusetomcat6-javadocp-cpe:/a:novell:opensuse:tomcat6-javadoc
novellopensusetomcat6-jsp-2_1-apip-cpe:/a:novell:opensuse:tomcat6-jsp-2_1-api
novellopensusetomcat6-libp-cpe:/a:novell:opensuse:tomcat6-lib
novellopensusetomcat6-servlet-2_5-apip-cpe:/a:novell:opensuse:tomcat6-servlet-2_5-api
novellopensusetomcat6-webappsp-cpe:/a:novell:opensuse:tomcat6-webapps
novellopensuse11.1cpe:/o:novell:opensuse:11.1

Related

nessus 50
openvas 59
ubuntu 2
securityvulns 8
tomcat 5
redhat 11
oraclelinux 2
debian 1
ubuntucve 4
veracode 4
osv 4
github 4
centos 2
prion 4
cve 4
packetstorm 1
jvn 1
fedora 3
gentoo 1
threatpost 1
ibm 1
vmware 2
nessus
nessus
SuSE9 Security Update : Tomcat (YOU Patch Number 12585)
2010-04-09 00:00:00
openSUSE Security Update : tomcat6 (tomcat6-2000)
2010-04-09 00:00:00
openSUSE Security Update : tomcat6 (tomcat6-2000)
2010-04-09 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-899-1)
2010-02-15 00:00:00
Ubuntu Update for tomcat6 vulnerabilities USN-899-1
2010-02-15 00:00:00
Apache Tomcat Multiple Vulnerabilities (Jan 2010)
2010-01-28 00:00:00
ubuntu
ubuntu
Tomcat vulnerabilities
2010-02-11 00:00:00
Tomcat vulnerabilities
2009-06-15 00:00:00
securityvulns
securityvulns
[SECURITY] CVE-2009-2901 Apache Tomcat insecure partial deploy after failed undeploy
2010-01-26 00:00:00
Apache Tomcat multiple security vulnerabilities
2010-01-26 00:00:00
[security bulletin] HPSBMA02535 SSRT100029 rev.1 - HP Performance Manager, Remote Unauthorized Access, Cross Site Scripting (XSS), Denial of Service (DoS)
2010-05-20 00:00:00
tomcat
tomcat
Fixed in Apache Tomcat 5.5.29
2010-04-20 00:00:00
Fixed in Apache Tomcat 6.0.24
2010-01-21 00:00:00
Fixed in Apache Tomcat 6.0.20
2009-06-03 00:00:00
redhat
redhat
(RHSA-2010:0582) Important: tomcat5 security update
2010-08-02 00:00:00
(RHSA-2010:0119) Low: JBoss Enterprise Web Server 1.0.1 update
2010-02-23 00:00:00
(RHSA-2010:0580) Important: tomcat5 security update
2010-08-02 00:00:00
oraclelinux
oraclelinux
tomcat5 security update
2010-08-02 00:00:00
tomcat security update
2009-07-21 00:00:00
debian
debian
[SECURITY] [DSA 2207-1] tomcat5.5 security update
2011-03-29 22:35:34
ubuntucve
ubuntucve
CVE-2009-2902
2010-01-28 00:00:00
CVE-2009-2693
2010-01-28 00:00:00
CVE-2009-2901
2010-01-28 00:00:00
veracode
veracode
Directory Traversal
2018-11-09 01:47:07
Directory Traversal
2018-11-09 02:57:46
Arbitrary File Overwrite
2018-11-09 02:39:18
osv
osv
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Apache Tomcat
2022-05-02 03:39:48
Improper Authentication in Apache Tomcat
2022-05-02 03:39:47
Apache Tomcat Directory Traversal vulnerability
2022-05-02 03:37:48
github
github
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Apache Tomcat
2022-05-02 03:39:48
Apache Tomcat Directory Traversal vulnerability
2022-05-02 03:37:48
Improper Authentication in Apache Tomcat
2022-05-02 03:39:47
centos
centos
tomcat5 security update
2010-08-03 00:39:04
tomcat5 security update
2009-07-29 17:30:22
prion
prion
Directory traversal
2010-01-28 20:30:00
Authentication flaw
2010-01-28 20:30:00
Directory traversal
2010-01-28 20:30:00
cve
cve
CVE-2009-2902
2010-01-28 20:30:00
CVE-2009-2901
2010-01-28 20:30:00
CVE-2009-2693
2010-01-28 20:30:00
packetstorm
packetstorm
Apache Tomcat Information Disclosure
2009-06-09 00:00:00
jvn
jvn
JVN#63832775: Apache Tomcat information disclosure vulnerability
2009-06-09 00:00:00
fedora
fedora
[SECURITY] Fedora 11 Update: tomcat6-6.0.20-1.fc11
2009-11-27 21:36:22
[SECURITY] Fedora 10 Update: tomcat6-6.0.20-1.fc10
2009-11-27 21:56:48
[SECURITY] Fedora 12 Update: tomcat6-6.0.20-1.fc12
2009-11-27 21:50:49
gentoo
gentoo
Apache Tomcat: Multiple vulnerabilities
2012-06-24 00:00:00
threatpost
threatpost
Apple Mega Patch Covers 88 Mac OS X Vulnerabilities
2010-03-29 17:15:44
ibm
ibm
Security Bulletin: TADDM affected by multiple vulnerabilities due to Apache Tomcat libraries
2023-01-27 10:54:22
vmware
vmware
VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components
2009-11-20 00:00:00
VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components.
2009-11-20 00:00:00
JSON
Related for SUSE_11_1_TOMCAT6-100211.NASL
nessus50openvas59ubuntu2securityvulns8tomcat5redhat11oraclelinux2debian1ubuntucve4veracode4osv4github4centos2prion4cve4packetstorm1jvn1fedora3gentoo1threatpost1ibm1vmware2