Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_SU-2020-14375-1.NASL
HistoryJun 10, 2021 - 12:00 a.m.

SUSE SLES11 Security Update : tomcat6 (SUSE-SU-2020:14375-1)

2021-06-1000:00:00
This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
16

8 High

AI Score

Confidence

High

JSON

The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2020:14375-1 advisory.

  • The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website.
    (CVE-2019-0221)

  • When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and gain complete control over the Tomcat instance. (CVE-2019-12418)

  • When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter=null (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed. (CVE-2020-9484)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
#
# The package checks in this plugin were extracted from
# SUSE update advisory SUSE-SU-2020:14375-1. The text itself
# is copyright (C) SUSE.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(150581);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/12/26");

  script_cve_id("CVE-2019-0221", "CVE-2019-12418", "CVE-2020-9484");
  script_xref(name:"SuSE", value:"SUSE-SU-2020:14375-1");
  script_xref(name:"IAVB", value:"2019-B-0048-S");
  script_xref(name:"IAVA", value:"2021-A-0196");
  script_xref(name:"IAVA", value:"2020-A-0225-S");
  script_xref(name:"IAVA", value:"2020-A-0324");
  script_xref(name:"CEA-ID", value:"CEA-2021-0004");
  script_xref(name:"CEA-ID", value:"CEA-2021-0025");

  script_name(english:"SUSE SLES11 Security Update : tomcat6 (SUSE-SU-2020:14375-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in
the SUSE-SU-2020:14375-1 advisory.

  - The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes
    user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The
    printenv command is intended for debugging and is unlikely to be present in a production website.
    (CVE-2019-0221)

  - When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote
    Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able
    to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords
    used to access the JMX interface. The attacker can then use these credentials to access the JMX interface
    and gain complete control over the Tomcat instance. (CVE-2019-12418)

  - When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to
    7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the
    server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is
    configured with sessionAttributeValueClassNameFilter=null (the default unless a SecurityManager is used)
    or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker
    knows the relative file path from the storage location used by FileStore to the file the attacker has
    control over; then, using a specifically crafted request, the attacker will be able to trigger remote code
    execution via deserialization of the file under their control. Note that all of conditions a) to d) must
    be true for the attack to succeed. (CVE-2020-9484)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1136085");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1159723");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1171928");
  # https://lists.suse.com/pipermail/sle-security-updates/2020-May/006850.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?fec12574");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-0221");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-12418");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-9484");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-9484");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/05/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2021/06/10");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:tomcat6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:tomcat6-admin-webapps");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:tomcat6-docs-webapp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:tomcat6-javadoc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:tomcat6-jsp-2_1-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:tomcat6-lib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:tomcat6-servlet-2_5-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:tomcat6-webapps");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"SuSE Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include('audit.inc');
include('global_settings.inc');
include('misc_func.inc');
include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES11', 'SUSE ' + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);

sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES11" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP4", os_ver + " SP" + sp);

pkgs = [
    {'reference':'tomcat6-6.0.53-0.57.16', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},
    {'reference':'tomcat6-admin-webapps-6.0.53-0.57.16', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},
    {'reference':'tomcat6-docs-webapp-6.0.53-0.57.16', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},
    {'reference':'tomcat6-javadoc-6.0.53-0.57.16', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},
    {'reference':'tomcat6-jsp-2_1-api-6.0.53-0.57.16', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},
    {'reference':'tomcat6-lib-6.0.53-0.57.16', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},
    {'reference':'tomcat6-servlet-2_5-api-6.0.53-0.57.16', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},
    {'reference':'tomcat6-webapps-6.0.53-0.57.16', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},
    {'reference':'tomcat6-6.0.53-0.57.16', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},
    {'reference':'tomcat6-admin-webapps-6.0.53-0.57.16', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},
    {'reference':'tomcat6-docs-webapp-6.0.53-0.57.16', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},
    {'reference':'tomcat6-javadoc-6.0.53-0.57.16', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},
    {'reference':'tomcat6-jsp-2_1-api-6.0.53-0.57.16', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},
    {'reference':'tomcat6-lib-6.0.53-0.57.16', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},
    {'reference':'tomcat6-servlet-2_5-api-6.0.53-0.57.16', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},
    {'reference':'tomcat6-webapps-6.0.53-0.57.16', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'}
];

flag = 0;
foreach package_array ( pkgs ) {
  reference = NULL;
  release = NULL;
  sp = NULL;
  cpu = NULL;
  exists_check = NULL;
  rpm_spec_vers_cmp = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) release = package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (reference && release && exists_check) {
    if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
  }
  else if (reference && release) {
    if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
  }
}

if (flag)
{
  ltss_plugin_caveat = '\n' +
    'NOTE: This vulnerability check contains fixes that apply to\n' +
    'packages only available in SUSE Enterprise Linux Server LTSS\n' +
    'repositories. Access to these package security updates require\n' +
    'a paid SUSE LTSS subscription.\n';
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get() + ltss_plugin_caveat
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc');
}
VendorProductVersionCPE
novellsuse_linuxtomcat6p-cpe:/a:novell:suse_linux:tomcat6
novellsuse_linuxtomcat6-admin-webappsp-cpe:/a:novell:suse_linux:tomcat6-admin-webapps
novellsuse_linuxtomcat6-docs-webappp-cpe:/a:novell:suse_linux:tomcat6-docs-webapp
novellsuse_linuxtomcat6-javadocp-cpe:/a:novell:suse_linux:tomcat6-javadoc
novellsuse_linuxtomcat6-jsp-2_1-apip-cpe:/a:novell:suse_linux:tomcat6-jsp-2_1-api
novellsuse_linuxtomcat6-libp-cpe:/a:novell:suse_linux:tomcat6-lib
novellsuse_linuxtomcat6-servlet-2_5-apip-cpe:/a:novell:suse_linux:tomcat6-servlet-2_5-api
novellsuse_linuxtomcat6-webappsp-cpe:/a:novell:suse_linux:tomcat6-webapps
novellsuse_linux11cpe:/o:novell:suse_linux:11

Related

openvas 32
nessus 53
redhat 8
gentoo 2
rosalinux 1
atlassian 5
osv 12
symantec 1
cve 3
redhatcve 3
f5 3
debiancve 3
debian 4
fedora 2
oraclelinux 2
tomcat 7
broadcom 1
github 3
kaspersky 3
ubuntucve 3
ibm 8
githubexploit 12
centos 1
archlinux 3
veracode 4
prion 4
cgr 1
mageia 2
suse 1
nuclei 2
amazon 6
freebsd 1
packetstorm 1
zdt 1
exploitdb 1
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2020:14375-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2020:1498-1)
2021-04-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2020:1497-1)
2021-04-19 00:00:00
nessus
nessus
EulerOS 2.0 SP2 : tomcat (EulerOS-SA-2020-1645)
2020-06-17 00:00:00
GLSA-202003-43 : Apache Tomcat: Multiple vulnerabilities
2020-03-20 00:00:00
RHEL 6 / 7 : Red Hat JBoss Web Server 3.1 Service Pack 8 (RHSA-2020:0861)
2020-03-18 00:00:00
redhat
redhat
(RHSA-2020:0860) Important: Red Hat JBoss Web Server 3.1 Service Pack 8 security update
2020-03-17 12:51:05
(RHSA-2020:0861) Important: Red Hat JBoss Web Server 3.1 Service Pack 8 security update
2020-03-17 12:51:11
(RHSA-2020:2509) Important: Red Hat JBoss Web Server 5.3.1 security update
2020-06-10 17:01:08
gentoo
gentoo
Apache Tomcat: Multiple vulnerabilities
2020-03-19 00:00:00
Apache Tomcat: Remote code execution
2020-06-15 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1988
2021-07-02 18:17:52
atlassian
atlassian
Upgrade the bundled version of Apache Tomcat to 8.5.57
2020-07-17 15:19:11
Upgrade the bundled version of Apache Tomcat to 8.5.57
2020-07-17 15:19:11
Upgrade Apache Tomcat 8.5.50 - version affected by CVE-2020-9484
2020-06-25 04:59:30
osv
osv
CVE-2019-12418
2019-12-23 18:15:10
tomcat8 - security update
2020-03-24 00:00:00
tomcat7 - security update
2020-05-23 00:00:00
symantec
symantec
Apache Tomcat CVE-2019-12418 Local Privilege Escalation Vulnerability
2019-12-18 00:00:00
cve
cve
CVE-2019-12418
2019-12-23 18:15:00
CVE-2020-9484
2020-05-20 19:15:00
CVE-2019-0221
2019-05-28 22:29:00
redhatcve
redhatcve
CVE-2019-12418
2020-04-09 10:13:44
CVE-2020-9484
2020-05-20 23:25:22
CVE-2019-0221
2020-04-09 10:31:22
f5
f5
K10107360 : Apache Tomcat vulnerability CVE-2019-12418
2020-01-07 00:00:00
K03121171 : Apache Tomcat vulnerability CVE-2020-9484
2020-05-27 00:00:00
K13184144 : Apache Tomcat vulnerability CVE-2019-0221
2019-10-10 00:00:00
debiancve
debiancve
CVE-2019-12418
2019-12-23 18:15:00
CVE-2020-9484
2020-05-20 19:15:00
CVE-2019-0221
2019-05-28 22:29:00
debian
debian
[SECURITY] [DLA 2155-1] tomcat8 security update
2020-03-24 13:23:18
[SECURITY] [DLA 2217-1] tomcat7 security update
2020-05-23 17:27:59
[SECURITY] [DLA 1810-1] tomcat7 security update
2019-05-30 08:24:55
fedora
fedora
[SECURITY] Fedora 31 Update: tomcat-9.0.36-1.fc31
2020-06-23 01:14:05
[SECURITY] Fedora 32 Update: tomcat-9.0.36-1.fc32
2020-06-23 01:22:02
oraclelinux
oraclelinux
tomcat security update
2020-06-11 00:00:00
tomcat6 security update
2020-06-12 00:00:00
tomcat
tomcat
Fixed in Apache Tomcat 7.0.104
2020-05-16 00:00:00
Fixed in Apache Tomcat 9.0.35
2020-05-11 00:00:00
Fixed in Apache Tomcat 10.0.0-M5
2020-05-11 00:00:00
broadcom
broadcom
BSA-2022-1839
2022-05-03 00:00:00
github
github
Potential remote code execution in Apache Tomcat
2020-05-21 18:52:29
Insufficiently Protected Credentials in Apache Tomcat
2019-12-26 18:22:36
Cross-site scripting in Apache Tomcat
2019-05-30 03:30:42
kaspersky
kaspersky
KLA11627 SB vulnerability in Apache Tomcat
2019-11-21 00:00:00
KLA11785 Security vulnerability in Apache Tomcat
2020-05-11 00:00:00
KLA11784 Security vulnerability in Apache Tomcat
2020-05-16 00:00:00
ubuntucve
ubuntucve
CVE-2019-12418
2019-12-23 00:00:00
CVE-2020-9484
2020-05-20 00:00:00
CVE-2019-0221
2019-05-28 00:00:00
ibm
ibm
Security Bulletin: Open Source Apache Tomcat vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (CVE-2020-9484)
2020-07-24 22:19:08
Security Bulletin: Apache Tomcat vulnerabilities affect IBM Watson Text to Speech and Speech to Text (IBM Watson Speech Services for Cloud Pak for Data 1.2)
2020-12-16 19:02:25
Security Bulletin: Security vulnerability has been identified in Jazz Team Server shipped with Jazz Reporting Service (CVE-2019-0221)
2019-06-19 19:35:02
githubexploit
githubexploit
Exploit for Deserialization of Untrusted Data in Apache Tomcat
2020-09-05 13:56:51
Exploit for Deserialization of Untrusted Data in Oracle Retail Order Broker
2021-01-15 17:59:50
Exploit for Deserialization of Untrusted Data in Apache Tomcat
2021-01-26 22:51:30
centos
centos
tomcat security update
2020-06-11 21:13:08
archlinux
archlinux
[ASA-202006-7] tomcat9: arbitrary code execution
2020-06-06 00:00:00
[ASA-202006-5] tomcat8: arbitrary code execution
2020-06-06 00:00:00
[ASA-202006-6] tomcat7: arbitrary code execution
2020-06-06 00:00:00
veracode
veracode
Privilege Escalation
2019-12-23 08:45:46
Remote Code Execution
2020-05-21 03:52:01
Cross-site Scripting (XSS)
2019-05-21 04:36:22
prion
prion
Design/Logic Flaw
2019-12-23 18:15:00
Deserialization of untrusted data
2020-05-20 19:15:00
Command injection
2019-05-28 22:29:00
cgr
cgr
CVE-2019-12418 vulnerabilities
2024-04-25 09:06:10
mageia
mageia
Updated tomcat packages fix security vulnerability
2020-07-05 14:26:44
Updated tomcat packages fix security vulnerabilities
2020-01-28 10:52:40
suse
suse
Security update for tomcat (important)
2020-05-25 00:00:00
nuclei
nuclei
Apache Tomcat Remote Command Execution
2020-07-03 05:39:02
Apache Tomcat - Cross-Site Scripting
2021-03-05 14:38:39
amazon
amazon
Important: tomcat8
2020-06-23 06:47:00
Important: tomcat7
2020-06-23 06:45:00
Important: tomcat
2020-06-26 22:56:00
freebsd
freebsd
Apache Tomcat Remote Code Execution via session persistence
2020-05-12 00:00:00
packetstorm
packetstorm
Apache Tomcat 9.0.0.M1 Cross Site Scripting
2021-07-12 00:00:00
zdt
zdt
Apache Tomcat 9.0.0.M1 - Cross-Site Scripting (XSS) Vulnerability
2021-07-13 00:00:00
exploitdb
exploitdb
Apache Tomcat 9.0.0.M1 - Cross-Site Scripting (XSS)
2021-07-13 00:00:00

8 High

AI Score

Confidence

High

JSON
Related for SUSE_SU-2020-14375-1.NASL
openvas32nessus53redhat8gentoo2rosalinux1atlassian5osv12symantec1cve3redhatcve3f53debiancve3debian4fedora2oraclelinux2tomcat7broadcom1github3kaspersky3ubuntucve3ibm8githubexploit12centos1archlinux3veracode4prion4cgr1mageia2suse1nuclei2amazon6freebsd1packetstorm1zdt1exploitdb1