Lucene search

K
nessusThis script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_11_4_TOMCAT6-120207.NASL
HistoryJun 13, 2014 - 12:00 a.m.

openSUSE Security Update : tomcat6 (openSUSE-SU-2012:0208-1)

2014-06-1300:00:00
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
14

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

EPSS

0.003

Percentile

69.6%

This update fixes a regression in parameter passing (in urldecoding of parameters that contain spaces).

In addition, multiple weaknesses in HTTP DIGESTS are fixed (CVE-2011-1184).

CVE-2011-5062: The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33 and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.

CVE-2011-5063: The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.

CVE-2011-5064: DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update tomcat6-5765.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(76037);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2011-1184", "CVE-2011-5062", "CVE-2011-5063", "CVE-2011-5064");

  script_name(english:"openSUSE Security Update : tomcat6 (openSUSE-SU-2012:0208-1)");
  script_summary(english:"Check for the tomcat6-5765 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update fixes a regression in parameter passing (in urldecoding of
parameters that contain spaces).

In addition, multiple weaknesses in HTTP DIGESTS are fixed
(CVE-2011-1184).

CVE-2011-5062: The HTTP Digest Access Authentication implementation in
Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33 and 7.x before
7.0.12 does not check qop values, which might allow remote attackers
to bypass intended integrity-protection requirements via a qop=auth
value, a different vulnerability than CVE-2011-1184.

CVE-2011-5063: The HTTP Digest Access Authentication implementation in
Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before
7.0.12 does not check realm values, which might allow remote attackers
to bypass intended access restrictions by leveraging the availability
of a protection space with weaker authentication or authorization
requirements, a different vulnerability than CVE-2011-1184.

CVE-2011-5064: DigestAuthenticator.java in the HTTP Digest Access
Authentication implementation in Apache Tomcat 5.5.x before 5.5.34,
6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the
hard-coded server secret (aka private key), which makes it easier for
remote attackers to bypass cryptographic protection mechanisms by
leveraging knowledge of this string, a different vulnerability than
CVE-2011-1184."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=742477"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.opensuse.org/opensuse-updates/2012-02/msg00011.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected tomcat6 packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat6-admin-webapps");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat6-docs-webapp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat6-el-1_0-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat6-javadoc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat6-jsp-2_1-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat6-lib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat6-servlet-2_5-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tomcat6-webapps");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.4");

  script_set_attribute(attribute:"patch_publication_date", value:"2012/02/07");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE11\.4)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.4", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);



flag = 0;

if ( rpm_check(release:"SUSE11.4", reference:"tomcat6-6.0.32-7.14.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"tomcat6-admin-webapps-6.0.32-7.14.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"tomcat6-docs-webapp-6.0.32-7.14.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"tomcat6-el-1_0-api-6.0.32-7.14.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"tomcat6-javadoc-6.0.32-7.14.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"tomcat6-jsp-2_1-api-6.0.32-7.14.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"tomcat6-lib-6.0.32-7.14.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"tomcat6-servlet-2_5-api-6.0.32-7.14.1") ) flag++;
if ( rpm_check(release:"SUSE11.4", reference:"tomcat6-webapps-6.0.32-7.14.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "tomcat6");
}

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

EPSS

0.003

Percentile

69.6%