Lucene search
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_SU-2023-1769-1.NASLHistoryApr 06, 2023 - 12:00 a.m.
SUSE SLES15 / openSUSE 15 Security Update : tomcat (SUSE-SU-2023:1769-1)
2023-04-0600:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
39
suse sles15
opensuse 15
apache commons fileupload
apache tomcat
dos
remoteipfilter
session cookies
insecure channel
0.034 Low
EPSS
Percentile
91.4%
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:1769-1 advisory.
-
Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured. (CVE-2023-24998)
-
When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel. (CVE-2023-28708)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# SUSE update advisory SUSE-SU-2023:1769-1. The text itself
# is copyright (C) SUSE.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(173961);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/07/14");
script_cve_id("CVE-2023-24998", "CVE-2023-28708");
script_xref(name:"IAVA", value:"2023-A-0112-S");
script_xref(name:"IAVA", value:"2023-A-0156-S");
script_xref(name:"SuSE", value:"SUSE-SU-2023:1769-1");
script_name(english:"SUSE SLES15 / openSUSE 15 Security Update : tomcat (SUSE-SU-2023:1769-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple
vulnerabilities as referenced in the SUSE-SU-2023:1769-1 advisory.
- Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting
in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note
that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is
not enabled by default and must be explicitly configured. (CVE-2023-24998)
- When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the
X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2,
10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This
could result in the user agent transmitting the session cookie over an insecure channel. (CVE-2023-28708)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1208513");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1209622");
script_set_attribute(attribute:"see_also", value:"https://lists.suse.com/pipermail/sle-updates/2023-April/028652.html");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-24998");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-28708");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-28708");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/02/20");
script_set_attribute(attribute:"patch_publication_date", value:"2023/04/05");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/04/06");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:tomcat");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:tomcat-admin-webapps");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:tomcat-el-3_0-api");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:tomcat-jsp-2_3-api");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:tomcat-lib");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:tomcat-servlet-4_0-api");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:tomcat-webapps");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item("Host/SuSE/release");
if (isnull(os_release) || os_release !~ "^(SLED|SLES|SUSE)") audit(AUDIT_OS_NOT, "SUSE / openSUSE");
var os_ver = pregmatch(pattern: "^(SLE(S|D)(?:_SAP)?\d+|SUSE([\d.]+))", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE / openSUSE');
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES15|SLES_SAP15|SUSE15\.4)$", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15 / SLES_SAP15 / openSUSE 15', 'SUSE / openSUSE (' + os_ver + ')');
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE / openSUSE (' + os_ver + ')', cpu);
var service_pack = get_kb_item("Host/SuSE/patchlevel");
if (isnull(service_pack)) service_pack = "0";
if (os_ver == "SLES15" && (! preg(pattern:"^(2|3|4)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES15 SP2/3/4", os_ver + " SP" + service_pack);
if (os_ver == "SLES_SAP15" && (! preg(pattern:"^(2|3|4)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES_SAP15 SP2/3/4", os_ver + " SP" + service_pack);
var pkgs = [
{'reference':'tomcat-9.0.43-150200.35.1', 'sp':'2', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},
{'reference':'tomcat-admin-webapps-9.0.43-150200.35.1', 'sp':'2', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},
{'reference':'tomcat-el-3_0-api-9.0.43-150200.35.1', 'sp':'2', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},
{'reference':'tomcat-jsp-2_3-api-9.0.43-150200.35.1', 'sp':'2', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},
{'reference':'tomcat-lib-9.0.43-150200.35.1', 'sp':'2', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},
{'reference':'tomcat-servlet-4_0-api-9.0.43-150200.35.1', 'sp':'2', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},
{'reference':'tomcat-webapps-9.0.43-150200.35.1', 'sp':'2', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},
{'reference':'tomcat-9.0.43-150200.35.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
{'reference':'tomcat-admin-webapps-9.0.43-150200.35.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
{'reference':'tomcat-el-3_0-api-9.0.43-150200.35.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
{'reference':'tomcat-jsp-2_3-api-9.0.43-150200.35.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
{'reference':'tomcat-lib-9.0.43-150200.35.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
{'reference':'tomcat-servlet-4_0-api-9.0.43-150200.35.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
{'reference':'tomcat-webapps-9.0.43-150200.35.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
{'reference':'tomcat-9.0.43-150200.35.1', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
{'reference':'tomcat-admin-webapps-9.0.43-150200.35.1', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
{'reference':'tomcat-el-3_0-api-9.0.43-150200.35.1', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
{'reference':'tomcat-jsp-2_3-api-9.0.43-150200.35.1', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
{'reference':'tomcat-lib-9.0.43-150200.35.1', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
{'reference':'tomcat-servlet-4_0-api-9.0.43-150200.35.1', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
{'reference':'tomcat-webapps-9.0.43-150200.35.1', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
{'reference':'tomcat-9.0.43-150200.35.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},
{'reference':'tomcat-admin-webapps-9.0.43-150200.35.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},
{'reference':'tomcat-el-3_0-api-9.0.43-150200.35.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},
{'reference':'tomcat-jsp-2_3-api-9.0.43-150200.35.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},
{'reference':'tomcat-lib-9.0.43-150200.35.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},
{'reference':'tomcat-servlet-4_0-api-9.0.43-150200.35.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},
{'reference':'tomcat-webapps-9.0.43-150200.35.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},
{'reference':'tomcat-9.0.43-150200.35.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},
{'reference':'tomcat-admin-webapps-9.0.43-150200.35.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},
{'reference':'tomcat-el-3_0-api-9.0.43-150200.35.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},
{'reference':'tomcat-jsp-2_3-api-9.0.43-150200.35.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},
{'reference':'tomcat-lib-9.0.43-150200.35.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},
{'reference':'tomcat-servlet-4_0-api-9.0.43-150200.35.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},
{'reference':'tomcat-webapps-9.0.43-150200.35.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},
{'reference':'tomcat-9.0.43-150200.35.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3', 'sles-ltss-release-15.3']},
{'reference':'tomcat-admin-webapps-9.0.43-150200.35.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3', 'sles-ltss-release-15.3']},
{'reference':'tomcat-el-3_0-api-9.0.43-150200.35.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3', 'sles-ltss-release-15.3']},
{'reference':'tomcat-jsp-2_3-api-9.0.43-150200.35.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3', 'sles-ltss-release-15.3']},
{'reference':'tomcat-lib-9.0.43-150200.35.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3', 'sles-ltss-release-15.3']},
{'reference':'tomcat-servlet-4_0-api-9.0.43-150200.35.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3', 'sles-ltss-release-15.3']},
{'reference':'tomcat-webapps-9.0.43-150200.35.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3', 'sles-ltss-release-15.3']},
{'reference':'tomcat-9.0.43-150200.35.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-web-scripting-release-15.4', 'sles-release-15.4']},
{'reference':'tomcat-admin-webapps-9.0.43-150200.35.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-web-scripting-release-15.4', 'sles-release-15.4']},
{'reference':'tomcat-el-3_0-api-9.0.43-150200.35.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-web-scripting-release-15.4', 'sles-release-15.4']},
{'reference':'tomcat-jsp-2_3-api-9.0.43-150200.35.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-web-scripting-release-15.4', 'sles-release-15.4']},
{'reference':'tomcat-lib-9.0.43-150200.35.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-web-scripting-release-15.4', 'sles-release-15.4']},
{'reference':'tomcat-servlet-4_0-api-9.0.43-150200.35.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-web-scripting-release-15.4', 'sles-release-15.4']},
{'reference':'tomcat-webapps-9.0.43-150200.35.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-web-scripting-release-15.4', 'sles-release-15.4']},
{'reference':'tomcat-9.0.43-150200.35.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'tomcat-admin-webapps-9.0.43-150200.35.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'tomcat-docs-webapp-9.0.43-150200.35.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'tomcat-el-3_0-api-9.0.43-150200.35.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'tomcat-embed-9.0.43-150200.35.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'tomcat-javadoc-9.0.43-150200.35.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'tomcat-jsp-2_3-api-9.0.43-150200.35.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'tomcat-jsvc-9.0.43-150200.35.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'tomcat-lib-9.0.43-150200.35.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'tomcat-servlet-4_0-api-9.0.43-150200.35.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
{'reference':'tomcat-webapps-9.0.43-150200.35.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']}
];
var ltss_caveat_required = FALSE;
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var exists_check = NULL;
var rpm_spec_vers_cmp = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (reference && _release) {
if (exists_check) {
var check_flag = 0;
foreach var check (exists_check) {
if (!rpm_exists(release:_release, rpm:check)) continue;
if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;
check_flag++;
}
if (!check_flag) continue;
}
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
}
}
if (flag)
{
var ltss_plugin_caveat = NULL;
if(ltss_caveat_required) ltss_plugin_caveat = '\n' +
'NOTE: This vulnerability check contains fixes that apply to\n' +
'packages only available in SUSE Enterprise Linux Server LTSS\n' +
'repositories. Access to these package security updates require\n' +
'a paid SUSE LTSS subscription.\n';
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get() + ltss_plugin_caveat
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| novell | suse_linux | tomcat | p-cpe:/a:novell:suse_linux:tomcat |
| novell | suse_linux | tomcat-admin-webapps | p-cpe:/a:novell:suse_linux:tomcat-admin-webapps |
| novell | suse_linux | tomcat-el-3_0-api | p-cpe:/a:novell:suse_linux:tomcat-el-3_0-api |
| novell | suse_linux | tomcat-jsp-2_3-api | p-cpe:/a:novell:suse_linux:tomcat-jsp-2_3-api |
| novell | suse_linux | tomcat-lib | p-cpe:/a:novell:suse_linux:tomcat-lib |
| novell | suse_linux | tomcat-servlet-4_0-api | p-cpe:/a:novell:suse_linux:tomcat-servlet-4_0-api |
| novell | suse_linux | tomcat-webapps | p-cpe:/a:novell:suse_linux:tomcat-webapps |
| novell | suse_linux | 15 | cpe:/o:novell:suse_linux:15 |
References
Related
ibm
ibm
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2023:1769-1)
2023-04-05 00:00:00
Apache Tomcat Information Disclosure Vulnerability (Mar 2023) - Linux
2023-03-23 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:1669-1)
2023-03-30 00:00:00
tomcat
tomcat
Fixed in Apache Tomcat 11.0.0-M3
2023-02-23 00:00:00
Fixed in Apache Tomcat 8.5.86
2023-02-24 00:00:00
Fixed in Apache Tomcat 9.0.72
2023-02-23 00:00:00
nessus
nessus
Apache Tomcat 11.0.0.M1 < 11.0.0.M3 multiple vulnerabilities
2023-02-21 00:00:00
RHEL 9 : tomcat (RHSA-2023:6570)
2023-11-07 00:00:00
RHEL 8 : tomcat (RHSA-2023:7065)
2023-11-14 00:00:00
osv
osv
Moderate: tomcat security and bug fix update
2023-11-07 00:00:00
Moderate: tomcat security and bug fix update
2023-11-14 00:00:00
CVE-2023-28708
2023-03-22 11:15:10
almalinux
almalinux
Moderate: tomcat security and bug fix update
2023-11-14 00:00:00
Moderate: tomcat security and bug fix update
2023-11-07 00:00:00
oraclelinux
oraclelinux
tomcat security and bug fix update
2023-11-17 00:00:00
tomcat security and bug fix update
2023-11-11 00:00:00
redhat
redhat
(RHSA-2023:6570) Moderate: tomcat security and bug fix update
2023-11-07 06:08:48
(RHSA-2023:7065) Moderate: tomcat security and bug fix update
2023-11-14 08:44:23
cve
cve
CVE-2023-28708
2023-03-22 11:15:10
CVE-2023-24998
2023-02-20 16:15:10
atlassian
atlassian
Upgrade Tomcat for CVE-2023-28708
2023-03-27 12:10:30
Upgrade Tomcat for CVE-2023-28708
2023-03-23 22:22:39
kaspersky
kaspersky
KLA48635 OSI vulnerability in Apache Tomcat
2023-02-24 00:00:00
KLA48634 OSI vulnerability in Apache Tomcat
2023-02-23 00:00:00
KLA40220 DoS vulnerability in Apache Tomcat
2023-01-19 00:00:00
prion
prion
Authentication flaw
2023-03-22 11:15:00
Default credentials
2023-02-20 16:15:00
ubuntucve
ubuntucve
CVE-2023-28708
2023-03-22 00:00:00
CVE-2023-24998
2023-02-20 00:00:00
debiancve
debiancve
CVE-2023-28708
2023-03-22 11:15:10
CVE-2023-24998
2023-02-20 16:15:10
nvd
nvd
CVE-2023-28708
2023-03-22 11:15:10
CVE-2023-24998
2023-02-20 16:15:10
redhatcve
redhatcve
CVE-2023-28708
2023-03-24 13:07:53
CVE-2023-24998
2023-02-21 21:59:14
f5
f5
K000133402 : Apache Tomcat vulnerability CVE-2023-28708
2023-04-05 00:00:00
K000133052 : Apache Commons FileUpload vulnerability CVE-2023-24998
2023-03-18 00:00:00
veracode
veracode
Information Disclosure
2023-03-24 01:12:16
Denial Of Service (DoS)
2023-02-24 11:02:57
github
github
Apache Tomcat vulnerable to Unprotected Transport of Credentials
2023-03-22 12:30:16
DoS vulnerabilities persist in ESAPI file uploads despite remediation of CVE-2023-24998
2023-10-27 21:55:44
Apache Commons FileUpload denial of service vulnerability
2023-02-20 18:30:17
cvelist
cvelist
cnvd
cnvd
Apache Commons FileUpload Denial of Service Vulnerability (CNVD-2023-23552)
2023-02-22 00:00:00
githubexploit
githubexploit
mageia
mageia
Updated apache-commons-fileupload packages fix security vulnerability
2023-02-27 23:27:16
vaadin
vaadin
Apache Commons FileUpload - DoS with excessive parts
2023-06-22 00:00:00
cgr
cgr
CVE-2023-24998 vulnerabilities
2024-05-19 03:07:16
wolfi
wolfi
CVE-2023-24998 vulnerabilities
2024-07-05 09:08:40