Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2010-2022 and is owned by Tenable, Inc. or an Affiliate thereof.TOMCAT_4_1_32.NASL
HistoryJun 16, 2010 - 12:00 a.m.

Apache Tomcat 4.x < 4.1.32 Multiple Vulnerabilities

2010-06-1600:00:00
This script is Copyright (C) 2010-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
30
JSON

According to its self-reported version number, the instance of Apache Tomcat 4.x listening on the remote host is prior to 4.1.32. It is, therefore, affected by the following vulnerabilities :

  • The remote Apache Tomcat install is vulnerable to a denial of service attack. If directory listing is enabled, function calls to retrieve the contents of large directories can degrade performance.
    (CVE-2005-3510)

  • The remote Apache Tomcat install may be vulnerable to a cross-site scripting attack if the JSP examples are enabled. Several of these JSP examples do not properly validate user input. (CVE-2005-4838)

  • The remote Apache Tomcat install allows remote users to list the contents of a directory by placing a semicolon before a filename with a mapped extension.
    (CVE-2006-3835)

  • If enabled, the JSP calendar example application is vulnerable to a cross-site scripting attack because user input is not properly validated. (CVE-2006-7196)

  • The remote Apache Tomcat install, in its default configuration, permits the use of insecure ciphers when using SSL. (CVE-2007-1858)

  • The remote Apache Tomcat install may be vulnerable to an information disclosure attack by allowing requests from a non-permitted IP address to gain access to a context that is protected with a valve that extends RequestFilterValve. (CVE-2008-3271)

Note that Nessus has not tested for these issues but has instead relied only on the applicationโ€™s self-reported version number.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(47029);
  script_version("1.21");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");

  script_cve_id(
    "CVE-2005-3510",
    "CVE-2005-4838",
    "CVE-2006-3835",
    "CVE-2006-7196",
    "CVE-2007-1858",
    "CVE-2008-3271"
  );
  script_bugtraq_id(
    15325,
    19106,
    25531,
    28482,
    31698
  );
  script_xref(name:"SECUNIA", value:"13737");
  script_xref(name:"SECUNIA", value:"17416");
  script_xref(name:"SECUNIA", value:"32213");

  script_name(english:"Apache Tomcat 4.x < 4.1.32 Multiple Vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"The remote Apache Tomcat server is affected by multiple
vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version number, the instance of Apache
Tomcat 4.x listening on the remote host is prior to 4.1.32. It is,
therefore, affected by the following vulnerabilities :

  - The remote Apache Tomcat install is vulnerable to a
    denial of service attack. If directory listing is
    enabled, function calls to retrieve the contents of
    large directories can degrade performance.
    (CVE-2005-3510)

  - The remote Apache Tomcat install may be vulnerable to
    a cross-site scripting attack if the JSP examples are
    enabled. Several of these JSP examples do not properly
    validate user input. (CVE-2005-4838)

  - The remote Apache Tomcat install allows remote users
    to list the contents of a directory by placing a
    semicolon before a filename with a mapped extension.
    (CVE-2006-3835)

  - If enabled, the JSP calendar example application is
    vulnerable to a cross-site scripting attack because
    user input is not properly validated. (CVE-2006-7196)

  - The remote Apache Tomcat install, in its default
    configuration, permits the use of insecure ciphers when
    using SSL. (CVE-2007-1858)

  - The remote Apache Tomcat install may be vulnerable to an
    information disclosure attack by allowing requests from
    a non-permitted IP address to gain access to a context
    that is protected with a valve that extends
    RequestFilterValve. (CVE-2008-3271)

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.");
  script_set_attribute(attribute:"see_also", value:"http://tomcat.apache.org/security-4.html#Fixed_in_Apache_Tomcat_4.1.32");
  script_set_attribute(attribute:"see_also", value:"https://bz.apache.org/bugzilla/show_bug.cgi?id=25835");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Apache Tomcat version 4.1.32 or later.");
  script_set_attribute(attribute:"agent", value:"all");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2005-3510");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_cwe_id(79, 264);

  script_set_attribute(attribute:"vuln_publication_date", value:"2005/01/03");
  script_set_attribute(attribute:"patch_publication_date", value:"2006/06/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/06/16");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:apache:tomcat");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Web Servers");

  script_copyright(english:"This script is Copyright (C) 2010-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tomcat_error_version.nasl", "tomcat_win_installed.nbin", "apache_tomcat_nix_installed.nbin");
  script_require_keys("installed_sw/Apache Tomcat");

  exit(0);
}


include("tomcat_version.inc");

tomcat_check_version(fixed:"4.1.32", min:"4.0.0", severity:SECURITY_WARNING, xss:TRUE, granularity_regex:"^4(\.1)?$");
VendorProductVersionCPE
apachetomcatcpe:/a:apache:tomcat

Related

tomcat 6
redhat 7
nessus 21
veracode 5
ubuntucve 4
cve 6
securityvulns 5
openvas 19
jvn 1
seebug 5
f5 2
prion 2
checkpoint_advisories 1
osv 1
github 1
packetstorm 1
kitploit 1
exploitpack 1
exploitdb 1
ibm 1
oracle 1
tomcat
tomcat
Fixed in Apache Tomcat 4.1.32
2005-11-06 00:00:00
Fixed in Apache Tomcat 5.5.13, 5.0.SVN
2005-11-06 00:00:00
Fixed in Apache Tomcat 5.5.7, 5.0.SVN
2007-04-25 00:00:00
redhat
redhat
(RHSA-2007:0326) Important: tomcat security update
2007-05-21 00:00:00
(RHSA-2007:1069) Moderate: tomcat security update for Red Hat Network Satellite Server
2007-11-26 00:00:00
(RHSA-2006:0161) RHAPS security and enhancement update
2006-03-07 00:00:00
nessus
nessus
RHEL 3 / 4 : tomcat in Satellite Server (RHSA-2007:1069)
2010-01-10 00:00:00
Apache Tomcat JSP2 Examples XSS
2010-07-13 00:00:00
Apache Tomcat Sample App cal2.jsp 'time' Parameter XSS (CVE-2006-7196)
2007-09-24 00:00:00
veracode
veracode
Cross-Site Scripting (XSS)
2020-04-10 00:32:54
Cross-Site Scripting (XSS)
2019-03-25 08:40:41
Denial Of Service (DoS)
2018-11-13 05:51:23
ubuntucve
ubuntucve
CVE-2005-4838
2005-12-31 00:00:00
CVE-2007-1858
2007-05-10 00:00:00
CVE-2008-3271
2008-10-13 00:00:00
cve
cve
CVE-2005-4838
2005-12-31 05:00:00
CVE-2005-3510
2005-11-06 11:02:00
CVE-2008-3271
2008-10-13 20:00:00
securityvulns
securityvulns
[SECURITY] CVE-2008-3271 - Apache Tomcat information disclosure
2008-10-12 00:00:00
Apache Tomcat information leak
2008-10-12 00:00:00
CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities &#40;Updated - v1.1&#41;
2009-01-28 00:00:00
openvas
openvas
Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
2008-10-16 00:00:00
SLES9: Security update for Tomcat
2009-10-10 00:00:00
SLES10: Security update for Tomcat 5
2009-10-13 00:00:00
jvn
jvn
JVN#30732239: Apache Tomcat allows access from a non-permitted IP address
2008-10-10 00:00:00
seebug
seebug
Apache Tomcat 'RemoteFilterValve'ๅฎ‰ๅ…จ็ป•่ฟ‡ๆผๆดž
2008-10-14 00:00:00
Apache Tomcat RemoteFilterValve็ป•่ฟ‡ๅฎ‰ๅ…จ้™ๅˆถๆผๆดž
2008-10-15 00:00:00
ToutVirtual VirtualIQ Pro 3.2 Multiple Vulnerabilities
2009-11-07 00:00:00
f5
f5
SOL16948 - Apache Tomcat vulnerability CVE-2007-1858
2015-07-10 00:00:00
K16948 : Apache Tomcat vulnerability CVE-2007-1858
2015-07-10 00:00:00
prion
prion
Cross site request forgery (csrf)
2008-10-13 20:00:00
Design/Logic Flaw
2007-05-10 00:19:00
checkpoint_advisories
checkpoint_advisories
Apache Tomcat Directory Listing Information Disclosure (CVE-2006-3835)
2009-10-07 00:00:00
osv
osv
Cross-site scripting in Apache Tomcat
2022-05-01 07:45:38
github
github
Cross-site scripting in Apache Tomcat
2022-05-01 07:45:38
packetstorm
packetstorm
ToutVirtual VirtualIQ Pro XSS / XSRF / Execution
2009-11-17 00:00:00
kitploit
kitploit
Sitadel - Web Application Security Scanner
2019-01-14 12:13:00
exploitpack
exploitpack
toutvirtual virtualiq pro 3.2 - Multiple Vulnerabilities
2009-11-07 00:00:00
exploitdb
exploitdb
toutvirtual virtualiq pro 3.2 - Multiple Vulnerabilities
2009-11-07 00:00:00
ibm
ibm
Security Bulletin: TADDM affected by multiple vulnerabilities due to Apache Tomcat libraries
2023-01-27 10:54:22
oracle
oracle
Oracle Critical Patch Update - January 2014
2014-01-14 00:00:00
JSON
Related for TOMCAT_4_1_32.NASL
tomcat6redhat7nessus21veracode5ubuntucve4cve6securityvulns5openvas19jvn1seebug5f52prion2checkpoint_advisories1osv1github1packetstorm1kitploit1exploitpack1exploitdb1ibm1oracle1