Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2009-2021 Tenable Network Security, Inc.SUSE_WEBSPHERE-AS_CE-5850.NASL
HistorySep 24, 2009 - 12:00 a.m.

SuSE 10 Security Update : Websphere Community Edition (ZYPP Patch Number 5850)

2009-09-2400:00:00
This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.
www.tenable.com
12
JSON

Websphere has been updated to version 2.1.0.1 to fix several security vulnerabilities in the included subprojects, such as Apache Geronimo and Tomcat. (CVE-2007-0184 / CVE-2007-0185 / CVE-2007-2377 / CVE-2007-2449 / CVE-2007-2450 / CVE-2007-3382 / CVE-2007-3385 / CVE-2007-3386 / CVE-2007-5333 / CVE-2007-5342 / CVE-2007-5461 / CVE-2007-5613 / CVE-2007-5615 / CVE-2007-6286 / CVE-2008-0002 / CVE-2008-1232 / CVE-2008-1947 / CVE-2008-2370 / CVE-2008-2938)

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The text description of this plugin is (C) Novell, Inc.
#

if (NASL_LEVEL < 3000) exit(0);

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(41596);
  script_version("1.16");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2007-0184", "CVE-2007-0185", "CVE-2007-2377", "CVE-2007-2449", "CVE-2007-2450", "CVE-2007-3382", "CVE-2007-3385", "CVE-2007-3386", "CVE-2007-5333", "CVE-2007-5342", "CVE-2007-5461", "CVE-2007-5613", "CVE-2007-5615", "CVE-2007-6286", "CVE-2008-0002", "CVE-2008-1232", "CVE-2008-1947", "CVE-2008-2370", "CVE-2008-2938");

  script_name(english:"SuSE 10 Security Update : Websphere Community Edition (ZYPP Patch Number 5850)");
  script_summary(english:"Checks rpm output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SuSE 10 host is missing a security-related patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Websphere has been updated to version 2.1.0.1 to fix several security
vulnerabilities in the included subprojects, such as Apache Geronimo
and Tomcat. (CVE-2007-0184 / CVE-2007-0185 / CVE-2007-2377 /
CVE-2007-2449 / CVE-2007-2450 / CVE-2007-3382 / CVE-2007-3385 /
CVE-2007-3386 / CVE-2007-5333 / CVE-2007-5342 / CVE-2007-5461 /
CVE-2007-5613 / CVE-2007-5615 / CVE-2007-6286 / CVE-2008-0002 /
CVE-2008-1232 / CVE-2008-1947 / CVE-2008-2370 / CVE-2008-2938)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2007-0184.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2007-0185.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2007-2377.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2007-2449.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2007-2450.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2007-3382.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2007-3385.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2007-3386.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2007-5333.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2007-5342.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2007-5461.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2007-5613.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2007-5615.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2007-6286.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2008-0002.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2008-1232.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2008-1947.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2008-2370.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2008-2938.html"
  );
  script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 5850.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"d2_elliot_name", value:"Apache Tomcat File Disclosure");
  script_set_attribute(attribute:"exploit_framework_d2_elliot", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack');
  script_cwe_id(22, 79, 94, 200, 264);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2008/12/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/24");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented.");


flag = 0;
if (rpm_check(release:"SLES10", sp:2, reference:"websphere-as_ce-2.1.0.1-3.3")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else exit(0, "The host is not affected.");
VendorProductVersionCPE
susesuse_linuxcpe:/o:suse:suse_linux

References

Related

openvas 47
fedora 9
nessus 43
tomcat 8
redhat 11
gentoo 1
debian 2
osv 8
atlassian 2
centos 4
altlinux 1
oraclelinux 4
vmware 2
securityvulns 8
jvn 2
ubuntucve 4
github 8
seebug 4
veracode 7
prion 9
cve 8
freebsd 1
exploitpack 1
redhatcve 2
cert 2
packetstorm 1
openvas
openvas
SLES10: Security update for Websphere Community Edition
2009-10-13 00:00:00
SLES10: Security update for Websphere Community Edition
2009-10-13 00:00:00
Fedora Update for tomcat5 FEDORA-2008-8130
2009-02-17 00:00:00
fedora
fedora
[SECURITY] Fedora 8 Update: tomcat5-5.5.27-0jpp.2.fc8
2008-09-16 23:28:35
[SECURITY] Fedora 7 Update: tomcat5-5.5.26-1jpp.2.fc7
2008-02-13 04:55:03
[SECURITY] Fedora 8 Update: tomcat5-5.5.26-1jpp.2.fc8
2008-02-13 05:14:35
nessus
nessus
Fedora 8 : tomcat5-5.5.27-0jpp.2.fc8 (2008-8130)
2008-09-17 00:00:00
Fedora 8 : tomcat5-5.5.26-1jpp.2.fc8 (2008-1603)
2008-02-14 00:00:00
Fedora 7 : tomcat5-5.5.26-1jpp.2.fc7 (2008-1467)
2008-02-14 00:00:00
tomcat
tomcat
Fixed in Apache Tomcat 6.0.16
2008-02-08 00:00:00
Fixed in Apache Tomcat 5.5.26
2008-02-05 00:00:00
Fixed in Apache Tomcat 6.0.14
2007-08-13 00:00:00
redhat
redhat
(RHSA-2008:0862) Important: tomcat security update
2008-10-02 00:00:00
(RHSA-2008:0195) Moderate: tomcat security update
2008-04-28 00:00:00
(RHSA-2008:0648) Important: tomcat security update
2008-08-27 00:00:00
gentoo
gentoo
Tomcat: Multiple vulnerabilities
2008-04-10 00:00:00
debian
debian
[SECURITY] [DSA 1447-1] New tomcat5.5 packages fix several vulnerabilities
2008-01-03 21:54:49
[SECURITY] [DSA 1453-1] New tomcat5 packages fix several vulnerabilities
2008-01-07 18:41:20
osv
osv
tomcat5.5 several vulnerabilities
2008-01-03 00:00:00
tomcat5 - several vulnerabilities
2008-01-07 00:00:00
Exposure of Sensitive Information in Apache Tomcat
2022-05-01 18:32:19
atlassian
atlassian
Upgrade standalone Tomcat to 5.5.25
2008-01-15 04:23:59
Upgrade standalone Tomcat to 5.5.25
2008-01-15 04:23:59
centos
centos
tomcat5 security update
2008-08-28 22:01:41
tomcat5 security update
2007-09-28 08:11:50
tomcat5 security update
2008-03-19 00:04:06
altlinux
altlinux
Security fix for the ALT Linux 5 package tomcat5 version 0:5.5.25-alt1_1.1jpp5.0
2007-11-30 00:00:00
oraclelinux
oraclelinux
tomcat security update
2008-08-27 00:00:00
Moderate: tomcat security update
2007-09-26 00:00:00
Moderate: tomcat security update
2008-03-11 00:00:00
vmware
vmware
VirtualCenter Update 4 and ESX patch update Tomcat to version 5.5.27
2009-02-23 00:00:00
VirtualCenter Update 4 and ESX patch update Tomcat to version 5.5.27
2009-02-23 00:00:00
securityvulns
securityvulns
Apache Tomcat multiple security vulnerabilities
2009-01-28 00:00:00
Apache Tomcat multiple security vulnerabilities
2007-08-14 00:00:00
Apache Tomcat crossite scripting
2007-06-14 00:00:00
jvn
jvn
JVN#09470767 Apache Tomcat fails to properly handle cookie value
2008-02-12 00:00:00
JVN#59851336 Apache Tomcat Host Manager cross-site scripting vulnerability
2007-08-15 00:00:00
ubuntucve
ubuntucve
CVE-2007-5333
2008-02-12 00:00:00
CVE-2008-2938
2008-08-13 00:00:00
CVE-2007-6286
2008-02-12 00:00:00
github
github
Exposure of Sensitive Information in Apache Tomcat
2022-05-01 18:32:19
Apache Tomcat Directory Traversal vulnerability
2022-05-01 23:55:04
Apache Tomcat Does Not Properly Handle Empty Requests
2022-05-01 18:41:17
seebug
seebug
Apache Tomcat多个远程信息泄露漏洞
2007-08-23 00:00:00
Apache Tomcat重复请求处理安全漏洞(CVE-2007-6286)
2012-09-27 00:00:00
Apache Tomcat Host Manager Servlet跨站脚本执行漏洞
2007-08-23 00:00:00
veracode
veracode
Session Hijacking
2018-11-13 05:10:16
Session Hijacking
2018-11-12 08:37:47
Replay Attack
2018-11-09 05:47:09
prion
prion
Code injection
2008-02-12 01:00:00
Directory traversal
2008-08-13 00:41:00
Server side request forgery (ssrf)
2008-02-12 01:00:00
cve
cve
CVE-2007-5333
2008-02-12 01:00:00
CVE-2008-2938
2008-08-13 00:41:00
CVE-2007-6286
2008-02-12 01:00:00
freebsd
freebsd
jetty -- multiple vulnerabilities
2007-12-05 00:00:00
exploitpack
exploitpack
Apache Tomcat 6.0.15 - Cookie Quote Handling Remote Information Disclosure
2008-02-09 00:00:00
redhatcve
redhatcve
CVE-2007-5615
2019-10-04 21:10:20
CVE-2007-5613
2019-10-04 21:10:06
cert
cert
Mortbay Jetty vulnerable to HTTP response splitting
2007-12-04 00:00:00
Mortbay Jetty Dump Servlet vulnerable to cross-site scripting
2007-12-04 00:00:00
packetstorm
packetstorm
CVE-2007-3386.txt
2007-08-14 00:00:00
JSON
Related for SUSE_WEBSPHERE-AS_CE-5850.NASL
openvas47fedora9nessus43tomcat8redhat11gentoo1debian2osv8atlassian2centos4altlinux1oraclelinux4vmware2securityvulns8jvn2ubuntucve4github8seebug4veracode7prion9cve8freebsd1exploitpack1redhatcve2cert2packetstorm1