Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_11_TOMCAT6-130802.NASL
HistoryAug 23, 2013 - 12:00 a.m.

SuSE 11.2 / 11.3 Security Update : tomcat6 (SAT Patch Numbers 8155 / 8156)

2013-08-2300:00:00
This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
19
JSON

This update of tomcat6 fixes :

  • apache-tomcat-CVE-2012-3544.patch. (bnc#831119)

  • use chown --no-dereference to prevent symlink attacks on log (bnc#822177#c7/prevents CVE-2013-1976)

  • Fix tomcat init scripts generating malformed classpath ( http://youtrack.jetbrains.com/issue/JT-18545 ) bnc#804992 (patch from m407)

  • fix a typo in initscript. (bnc#768772)

  • copy all shell scripts (bnc#818948)

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from SuSE 11 update information. The text itself is
# copyright (C) Novell, Inc.
#

if (NASL_LEVEL < 3000) exit(0);

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(69458);
  script_version("1.11");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2012-0022", "CVE-2012-3544", "CVE-2013-1976");

  script_name(english:"SuSE 11.2 / 11.3 Security Update : tomcat6 (SAT Patch Numbers 8155 / 8156)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SuSE 11 host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update of tomcat6 fixes :

  - apache-tomcat-CVE-2012-3544.patch. (bnc#831119)

  - use chown --no-dereference to prevent symlink attacks on
    log (bnc#822177#c7/prevents CVE-2013-1976)

  - Fix tomcat init scripts generating malformed classpath (
    http://youtrack.jetbrains.com/issue/JT-18545 )
    bnc#804992 (patch from m407)

  - fix a typo in initscript. (bnc#768772)

  - copy all shell scripts (bnc#818948)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=768772"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=804992"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=818948"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=822177"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=831119"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-0022.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-3544.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-1976.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Apply SAT patch number 8155 / 8156 as appropriate."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:tomcat6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:tomcat6-admin-webapps");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:tomcat6-docs-webapp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:tomcat6-javadoc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:tomcat6-jsp-2_1-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:tomcat6-lib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:tomcat6-servlet-2_5-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:tomcat6-webapps");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");

  script_set_attribute(attribute:"patch_publication_date", value:"2013/08/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/08/23");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);


flag = 0;
if (rpm_check(release:"SLES11", sp:2, reference:"tomcat6-6.0.18-20.35.42.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"tomcat6-admin-webapps-6.0.18-20.35.42.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"tomcat6-docs-webapp-6.0.18-20.35.42.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"tomcat6-javadoc-6.0.18-20.35.42.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"tomcat6-jsp-2_1-api-6.0.18-20.35.42.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"tomcat6-lib-6.0.18-20.35.42.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"tomcat6-servlet-2_5-api-6.0.18-20.35.42.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"tomcat6-webapps-6.0.18-20.35.42.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, reference:"tomcat6-6.0.18-20.35.42.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, reference:"tomcat6-admin-webapps-6.0.18-20.35.42.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, reference:"tomcat6-docs-webapp-6.0.18-20.35.42.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, reference:"tomcat6-javadoc-6.0.18-20.35.42.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, reference:"tomcat6-jsp-2_1-api-6.0.18-20.35.42.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, reference:"tomcat6-lib-6.0.18-20.35.42.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, reference:"tomcat6-servlet-2_5-api-6.0.18-20.35.42.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, reference:"tomcat6-webapps-6.0.18-20.35.42.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:tomcat6
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:tomcat6-admin-webapps
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:tomcat6-docs-webapp
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:tomcat6-javadoc
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:tomcat6-jsp-2_1-api
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:tomcat6-lib
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:tomcat6-servlet-2_5-api
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:tomcat6-webapps
novellsuse_linux11cpe:/o:novell:suse_linux:11

Related

openvas 50
nessus 62
mageia 1
redhat 20
oraclelinux 4
debiancve 4
centos 5
seebug 3
veracode 1
tomcat 8
freebsd 1
prion 5
amazon 2
ubuntucve 5
cve 5
checkpoint_advisories 1
securityvulns 4
f5 1
osv 3
github 2
ubuntu 2
atlassian 6
ibm 3
debian 1
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2013:1374-1)
2021-06-09 00:00:00
Mageia: Security Advisory (MGASA-2014-0082)
2022-01-28 00:00:00
CentOS Update for tomcat5 CESA-2013:0870 centos5
2013-05-31 00:00:00
nessus
nessus
openSUSE Security Update : tomcat (openSUSE-SU-2013:1307-1)
2014-06-13 00:00:00
Mandriva Linux Security Advisory : tomcat6 (MDVSA-2014:042)
2014-02-20 00:00:00
RHEL 5 / 6 : tomcat5 and tomcat6 (RHSA-2013:0872)
2013-05-30 00:00:00
mageia
mageia
Updated tomcat6 packages fix multiple vulnerabilities and logging
2014-02-17 22:13:24
redhat
redhat
(RHSA-2012:1331) Moderate: JBoss Operations Network 3.1.1 update
2012-10-03 15:08:03
(RHSA-2013:0871) Important: tomcat6 and tomcat7 security update
2013-05-28 17:26:19
(RHSA-2013:0870) Important: tomcat5 security update
2013-05-28 00:00:00
oraclelinux
oraclelinux
tomcat5 security update
2013-05-28 00:00:00
tomcat6 security update
2012-04-11 00:00:00
tomcat6 security update
2013-05-28 00:00:00
debiancve
debiancve
CVE-2013-1976
2013-07-09 17:55:00
CVE-2012-3544
2013-06-01 14:21:00
CVE-2012-0022
2012-01-19 04:01:00
centos
centos
tomcat5 security update
2013-05-28 18:47:52
tomcat6 security update
2012-04-11 20:13:41
tomcat5 security update
2012-04-11 19:16:37
seebug
seebug
Apache Tomcat 不安全临时文件处理漏洞(CVE-2013-1976)
2013-05-30 00:00:00
Apache Tomcat Large Number Denial Of Service
2012-01-18 00:00:00
Apache Tomcat 不完整修复拒绝服务漏洞
2014-02-27 00:00:00
veracode
veracode
Privilege Escalation
2019-01-15 08:53:56
tomcat
tomcat
Fixed in Apache Tomcat 7.0.23
2011-11-25 00:00:00
Fixed in Apache Tomcat 5.5.35
2012-01-16 00:00:00
Fixed in Apache Tomcat 6.0.37
2013-05-03 00:00:00
freebsd
freebsd
tomcat -- Denial of Service
2011-10-21 00:00:00
prion
prion
Input validation
2013-07-09 17:55:00
Code injection
2013-06-01 14:21:00
Design/Logic Flaw
2012-01-19 04:01:00
amazon
amazon
Important: tomcat6
2013-06-11 22:44:00
Medium: tomcat6
2014-05-21 10:45:00
ubuntucve
ubuntucve
CVE-2013-1976
2013-07-09 00:00:00
CVE-2012-3544
2012-12-31 00:00:00
CVE-2012-0022
2012-01-18 00:00:00
cve
cve
CVE-2013-1976
2013-07-09 17:55:00
CVE-2012-3544
2013-06-01 14:21:00
CVE-2012-0022
2012-01-19 04:01:00
checkpoint_advisories
checkpoint_advisories
Apache Tomcat Chunked Transfer Denial of Service - Ver 2 (CVE-2012-3544)
2013-11-10 00:00:00
securityvulns
securityvulns
[SECURITY] CVE-2012-3544 Chunked transfer encoding extension size is not limited
2013-05-10 00:00:00
Apache Tomcat security vulnerabilities
2012-01-20 00:00:00
[SECURITY] CVE-2013-4322 Incomplete fix for CVE-2012-3544 &#40;Denial of Service&#41;
2014-02-28 00:00:00
f5
f5
K20038622 : Multiple Apache Tomcat vulnerabilities
2020-08-06 00:00:00
osv
osv
Denial of Service in Apache Tomcat
2022-05-04 00:27:43
Apache Tomcat Denial of Service vulnerability
2022-05-14 01:10:35
tomcat7 - security update
2014-04-08 00:00:00
github
github
Denial of Service in Apache Tomcat
2022-05-04 00:27:43
Apache Tomcat Denial of Service vulnerability
2022-05-14 01:10:35
ubuntu
ubuntu
Tomcat vulnerabilities
2012-02-13 00:00:00
Tomcat vulnerabilities
2013-05-28 00:00:00
atlassian
atlassian
Upgrade bundled Tomcat to the latest minor release
2013-06-19 09:30:24
Upgrade bundled Tomcat to the latest minor release
2013-06-19 09:30:24
Upgrade bundled Tomcat due to security vulnerabilities
2013-05-21 04:29:40
ibm
ibm
Security Bulletin: Rational Test Control Panel in Rational Test Workbench and Rational Test Virtualization Server affected by Apache Tomcat vulnerablity (CVE-2013-4286, CVE-2013-4322, CVE-2013-4590)
2018-06-17 04:53:01
Security Bulletin: Apache Tomcat and FileUpload Vulnerabilities in IBM UrbanCode Deploy (CVE-2014-0050, CVE-2013-4286, CVE-2014-0033, CVE-2013-4322, CVE-2013-4590)
2018-06-17 22:31:44
Security Bulletin: Security vulnerabilities in Apache Tomcat for WebSphere Application Server Community Edition 2.1.1.6 and 3.0.0.4(CVE-2013-4286,CVE-2012-3544,CVE-2013-4322,CVE-2013-4590,CVE-2014-0033)
2018-06-15 07:01:06
debian
debian
[SECURITY] [DSA 2725-1] tomcat6 security update
2013-07-18 17:58:50
JSON
Related for SUSE_11_TOMCAT6-130802.NASL
openvas50nessus62mageia1redhat20oraclelinux4debiancve4centos5seebug3veracode1tomcat8freebsd1prion5amazon2ubuntucve5cve5checkpoint_advisories1securityvulns4f51osv3github2ubuntu2atlassian6ibm3debian1