Search...

Apache Tomcat 6.x < 6.0.30 / 7.x < 7.0.5 Multiple XSS

2011-01-14T00:00:00

ID TOMCAT_7_0_5.NASL
Type nessus
Reporter This script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2011-01-14T00:00:00

Description

According to its self-reported version number, the instance of Apache Tomcat listening on the remote host is 6.x prior to 6.0.30 or 7.x prior to 7.0.5. It is, therefore, affected by multiple cross-site scripting vulnerabilities in the Tomcat Manager application's 'sessionList.jsp' file. The 'sort' and 'orderby' parameters are not properly sanitized before being returned to the user and can be used to inject arbitrary script into the user's browser.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Also note, in the case of Tomcat 7.x, successful exploitation requires that the cross-site request forgery (CSRF) filter is disabled.

                                        
                                            #
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(51526);
  script_version("1.20");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/11");

  script_cve_id("CVE-2010-4172");
  script_bugtraq_id(45015);
  script_xref(name:"Secunia", value:"42337");

  script_name(english:"Apache Tomcat 6.x &lt; 6.0.30 / 7.x &lt; 7.0.5 Multiple XSS");
  script_summary(english:"Checks the Apache Tomcat version.");

  script_set_attribute(attribute:"synopsis", value:
"The remote web server is affected by multiple cross-site scripting
vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version number, the instance of Apache
Tomcat listening on the remote host is 6.x prior to 6.0.30 or 7.x
prior to 7.0.5. It is, therefore, affected by multiple cross-site
scripting vulnerabilities in the Tomcat Manager application's
'sessionList.jsp' file. The 'sort' and 'orderby' parameters are not
properly sanitized before being returned to the user and can be used
to inject arbitrary script into the user's browser.

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.

Also note, in the case of Tomcat 7.x, successful exploitation requires
that the cross-site request forgery (CSRF) filter is disabled.");
  script_set_attribute(attribute:"see_also", value:"https://seclists.org/fulldisclosure/2010/Nov/283");
  script_set_attribute(attribute:"see_also", value:"http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.30");
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?37871cd8");
  script_set_attribute(attribute:"solution", value:"Update Apache Tomcat to version 6.0.30 / 7.0.5 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2010-4172");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);

  script_set_attribute(attribute:"vuln_publication_date", value:"2010/11/22");
  script_set_attribute(attribute:"patch_publication_date", value:"2011/01/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2011/01/14");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:apache:tomcat");
  script_set_attribute(attribute:"agent", value:"all");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Web Servers");

  script_copyright(english:"This script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tomcat_error_version.nasl", "tomcat_win_installed.nbin", "apache_tomcat_nix_installed.nbin");
  script_require_keys("installed_sw/Apache Tomcat");

  exit(0);
}

include("tomcat_version.inc");

tomcat_check_version(fixed:make_list("7.0.5", "6.0.30"), severity:SECURITY_WARNING, xss:TRUE, granularity_regex:"^[67](\.0)?$");

JSON Vulners Source

Initial Source

{"id": "TOMCAT_7_0_5.NASL", "bulletinFamily": "scanner", "title": "Apache Tomcat 6.x < 6.0.30 / 7.x < 7.0.5 Multiple XSS", "description": "According to its self-reported version number, the instance of Apache\nTomcat listening on the remote host is 6.x prior to 6.0.30 or 7.x\nprior to 7.0.5. It is, therefore, affected by multiple cross-site\nscripting vulnerabilities in the Tomcat Manager application's\n'sessionList.jsp' file. The 'sort' and 'orderby' parameters are not\nproperly sanitized before being returned to the user and can be used\nto inject arbitrary script into the user's browser.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\n\nAlso note, in the case of Tomcat 7.x, successful exploitation requires\nthat the cross-site request forgery (CSRF) filter is disabled.", "published": "2011-01-14T00:00:00", "modified": "2011-01-14T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "https://www.tenable.com/plugins/nessus/51526", "reporter": "This script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?37871cd8", "http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.30", "https://seclists.org/fulldisclosure/2010/Nov/283"], "cvelist": ["CVE-2010-4172"], "type": "nessus", "lastseen": "2020-09-14T19:09:30", "edition": 19, "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2010-4172"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:11973", "SECURITYVULNS:DOC:27155", "SECURITYVULNS:DOC:25181", "SECURITYVULNS:VULN:11269"]}, {"type": "ubuntu", "idList": ["USN-1048-1"]}, {"type": "openvas", "idList": ["OPENVAS:71550", "OPENVAS:1361412562310103032", "OPENVAS:1361412562310122163", "OPENVAS:1361412562310870626", "OPENVAS:136141256231071550", "OPENVAS:1361412562310802336", "OPENVAS:870626", "OPENVAS:1361412562310840574", "OPENVAS:802336", "OPENVAS:840574"]}, {"type": "exploitdb", "idList": ["EDB-ID:35011"]}, {"type": "nessus", "idList": ["UBUNTU_USN-1048-1.NASL", "REDHAT-RHSA-2011-0791.NASL", "MACOSX_SECUPD2011-006.NASL", "TOMCAT_6_0_30.NASL", "GENTOO_GLSA-201206-24.NASL", "SUSE_11_3_TOMCAT6-110118.NASL", "SUSE_11_2_TOMCAT6-110202.NASL", "SUSE_11_2_TOMCAT6-110118.NASL", "SL_20110519_TOMCAT6_ON_SL6_X.NASL"]}, {"type": "redhat", "idList": ["RHSA-2011:0897", "RHSA-2011:0791"]}, {"type": "oraclelinux", "idList": ["ELSA-2011-0791"]}, {"type": "gentoo", "idList": ["GLSA-201206-24"]}], "modified": "2020-09-14T19:09:30", "rev": 2}, "score": {"value": 5.3, "vector": "NONE", "modified": "2020-09-14T19:09:30", "rev": 2}, "vulnersScore": 5.3}, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(51526);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/11\");\n\n script_cve_id(\"CVE-2010-4172\");\n script_bugtraq_id(45015);\n script_xref(name:\"Secunia\", value:\"42337\");\n\n script_name(english:\"Apache Tomcat 6.x < 6.0.30 / 7.x < 7.0.5 Multiple XSS\");\n script_summary(english:\"Checks the Apache Tomcat version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by multiple cross-site scripting\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the instance of Apache\nTomcat listening on the remote host is 6.x prior to 6.0.30 or 7.x\nprior to 7.0.5. It is, therefore, affected by multiple cross-site\nscripting vulnerabilities in the Tomcat Manager application's\n'sessionList.jsp' file. The 'sort' and 'orderby' parameters are not\nproperly sanitized before being returned to the user and can be used\nto inject arbitrary script into the user's browser.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\n\nAlso note, in the case of Tomcat 7.x, successful exploitation requires\nthat the cross-site request forgery (CSRF) filter is disabled.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/fulldisclosure/2010/Nov/283\");\n script_set_attribute(attribute:\"see_also\", value:\"http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.30\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?37871cd8\");\n script_set_attribute(attribute:\"solution\", value:\"Update Apache Tomcat to version 6.0.30 / 7.0.5 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2010-4172\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/11/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/01/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/01/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n\n exit(0);\n}\n\ninclude(\"tomcat_version.inc\");\n\ntomcat_check_version(fixed:make_list(\"7.0.5\", \"6.0.30\"), severity:SECURITY_WARNING, xss:TRUE, granularity_regex:\"^[67](\\.0)?$\");\n\n", "naslFamily": "Web Servers", "pluginID": "51526", "cpe": ["cpe:/a:apache:tomcat"], "scheme": null, "cvss3": {"score": 5.3, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}}

{"cve": [{"lastseen": "2020-10-03T11:57:31", "description": "Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.", "edition": 3, "cvss3": {}, "published": "2010-11-26T20:00:00", "title": "CVE-2010-4172", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4172"], "modified": "2018-10-10T20:07:00", "cpe": ["cpe:/a:apache:tomcat:6.0.16", "cpe:/a:apache:tomcat:6.0.20", "cpe:/a:apache:tomcat:6.0.28", "cpe:/a:apache:tomcat:7.0.4", "cpe:/a:apache:tomcat:6.0.13", "cpe:/a:apache:tomcat:6.0.14", "cpe:/a:apache:tomcat:7.0.3", "cpe:/a:apache:tomcat:6.0.29", "cpe:/a:apache:tomcat:6.0.19", "cpe:/a:apache:tomcat:6.0.12", "cpe:/a:apache:tomcat:7.0.0", "cpe:/a:apache:tomcat:7.0.2", "cpe:/a:apache:tomcat:6.0.26", "cpe:/a:apache:tomcat:7.0.1", "cpe:/a:apache:tomcat:6.0.24", "cpe:/a:apache:tomcat:6.0.17", "cpe:/a:apache:tomcat:6.0.27", "cpe:/a:apache:tomcat:6.0.15", "cpe:/a:apache:tomcat:6.0.18"], "id": "CVE-2010-4172", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4172", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*"]}], "securityvulns": [{"lastseen": "2018-08-31T11:10:38", "bulletinFamily": "software", "cvelist": ["CVE-2010-4172"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nCVE-2010-4172: Apache Tomcat Manager application XSS vulnerability\r\n\r\nSeverity: Tomcat 7.0.x - Low, Tomcat 6.0.x - Moderate\r\n\r\nVendor: The Apache Software Foundation\r\n\r\nVersions Affected:\r\n- - Tomcat 7.0.0 to 7.0.4\r\n - Not affected in default configuration.\r\n - Affected if CSRF protection is disabled\r\n - Additional XSS issues if web applications are untrusted\r\n- - Tomcat 6.0.12 to 6.0.29\r\n - Affected in default configuration\r\n - Additional XSS issues if web applications are untrusted\r\n- - Tomcat 5.5.x\r\n - Not affected\r\n\r\nDescription:\r\nThe session list screen (provided by sessionList.jsp) in affected\r\nversions uses the orderBy and sort request parameters without applying\r\nfiltering and therefore is vulnerable to a cross-site scripting attack.\r\nUsers should be aware that Tomcat 6 does not use httpOnly for session\r\ncookies by default so this vulnerability could expose session cookies\r\nfrom the manager application to an attacker.\r\nA review of the Manager application by the Apache Tomcat security team\r\nidentified additional XSS vulnerabilities if the web applications\r\ndeployed were not trusted.\r\n\r\nExample:\r\nGET\r\n/manager/html/sessions?path=/&sort="><script>alert('xss')</script>order=ASC&action=injectSessions&refresh=Refresh+Sessions+list\r\n\r\nMitigation:\r\nUsers of affected versions should apply one of the following mitigations\r\n- - Tomcat 7.0.0 to 7.0.4\r\n - Remove the Manager application\r\n - Remove the sessionList.jsp and sessionDetail.jsp files\r\n - Ensure the CSRF protection is enabled\r\n - Apply the patch 7.0.4 patch (see below)\r\n - Update to 7.0.5 when released\r\n- - Tomcat 6.0.12 to 6.0.29\r\n - Remove the Manager application\r\n - Remove the sessionList.jsp and sessionDetail.jsp files\r\n - Apply the patch for 6.0.29 (see below)\r\n - Update to 6.0.30 when released\r\n\r\nNo release date has been set for the next Tomcat 7.0.x and Tomcat 6.0.x\r\nreleases.\r\n\r\nCredit:\r\nThe original issue was discovered by Adam Muntner of Gotham Digital Science.\r\nAdditional issues were identified by the Tomcat security team as a\r\nresult of reviewing the original issue.\r\n\r\nReferences:\r\nhttp://tomcat.apache.org/security.html\r\nhttp://tomcat.apache.org/security-7.html\r\nhttp://tomcat.apache.org/security-6.html\r\n\r\nNote: The patches The Apache Tomcat Security Team\r\n\r\n\r\n****************\r\nPatch for 6.0.29\r\n****************\r\n\r\nIndex: webapps/manager/WEB-INF/jsp/sessionDetail.jsp\r\n===================================================================\r\n- --- webapps/manager/WEB-INF/jsp/sessionDetail.jsp (revision 1037769)\r\n+++ webapps/manager/WEB-INF/jsp/sessionDetail.jsp (working copy)\r\n@@ -30,8 +30,10 @@\r\n <% String path = (String) request.getAttribute("path");\r\n Session currentSession =\r\n(Session)request.getAttribute("currentSession");\r\n HttpSession currentHttpSession = currentSession.getSession();\r\n- - String currentSessionId = currentSession.getId();\r\n- - String submitUrl =\r\n((HttpServletRequest)pageContext.getRequest()).getRequestURL().toString();\r\n+ String currentSessionId = JspHelper.escapeXml(currentSession.getId());\r\n+ String submitUrl = JspHelper.escapeXml(\r\n+ ((HttpServletRequest)\r\npageContext.getRequest()).getRequestURI() +\r\n+ "?path=" + path);\r\n %>\r\n <head>\r\n <meta http-equiv="content-type" content="text/html;\r\ncharset=iso-8859-1"/>\r\n@@ -45,7 +47,7 @@\r\n <title>Sessions Administration: details for <%= currentSessionId\r\n%></title>\r\n </head>\r\n <body>\r\n- -<h1>Details for Session <%= JspHelper.escapeXml(currentSessionId) %></h1>\r\n+<h1>Details for Session <%= currentSessionId %></h1>\r\n <table style="text-align: left;" border="0">\r\n <tr>\r\n@@ -54,7 +56,7 @@\r\n </tr>\r\n <tr>\r\n <th>Guessed Locale</th>\r\n- - <td><%= JspHelper.guessDisplayLocaleFromSession(currentSession)\r\n%></td>\r\n+ <td><%=\r\nJspHelper.escapeXml(JspHelper.guessDisplayLocaleFromSession(currentSession))\r\n%></td>\r\n </tr>\r\n <tr>\r\n <th>Guessed User</th>\r\n@@ -120,7 +122,7 @@\r\n String attributeName = (String)\r\nattributeNamesEnumeration.nextElement();\r\n %>\r\n <tr>\r\n- - <td align="center"><form action="<%= submitUrl %>"><div><input\r\ntype="hidden" name="path" value="<%= path %>" /><input type="hidden"\r\nname="action" value="removeSessionAttribute" /><input type="hidden"\r\nname="sessionId" value="<%= currentSessionId %>" /><input type="hidden"\r\nname="attributeName" value="<%= attributeName %>" /><input type="submit"\r\nvalue="Remove" /></div></form></td>\r\n+ <td align="center"><form action="<%= submitUrl %>"><div><input\r\ntype="hidden" name="action" value="removeSessionAttribute" /><input\r\ntype="hidden" name="sessionId" value="<%= currentSessionId %>" /><input\r\ntype="hidden" name="attributeName" value="<%=\r\nJspHelper.escapeXml(attributeName) %>" /><input type="submit"\r\nvalue="Remove" /></div></form></td>\r\n <td><%= JspHelper.escapeXml(attributeName) %></td>\r\n <td><% Object attributeValue =\r\ncurrentHttpSession.getAttribute(attributeName); %><span title="<%=\r\nattributeValue == null ? "" : attributeValue.getClass().toString()\r\n%>"><%= JspHelper.escapeXml(attributeValue) %></span></td>\r\n </tr>\r\nIndex: webapps/manager/WEB-INF/jsp/sessionsList.jsp\r\n===================================================================\r\n- --- webapps/manager/WEB-INF/jsp/sessionsList.jsp (revision 1037769)\r\n+++ webapps/manager/WEB-INF/jsp/sessionsList.jsp (working copy)\r\n@@ -26,7 +26,9 @@\r\n <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">\r\n <% String path = (String) request.getAttribute("path");\r\n- - String submitUrl =\r\n((HttpServletRequest)pageContext.getRequest()).getRequestURI() +\r\n"?path=" + path;\r\n+ String submitUrl = JspHelper.escapeXml(\r\n+ ((HttpServletRequest)\r\npageContext.getRequest()).getRequestURI() +\r\n+ "?path=" + path);\r\n Collection activeSessions = (Collection)\r\nrequest.getAttribute("activeSessions");\r\n %>\r\n <head>\r\n@@ -38,10 +40,10 @@\r\n <meta name="author" content="Cedrik LIME"/>\r\n <meta name="copyright" content="copyright 2005-2010 the Apache\r\nSoftware Foundation"/>\r\n <meta name="robots" content="noindex,nofollow,noarchive"/>\r\n- - <title>Sessions Administration for <%= path %></title>\r\n+ <title>Sessions Administration for <%= JspHelper.escapeXml(path)\r\n%></title>\r\n </head>\r\n <body>\r\n- -<h1>Sessions Administration for <%= path %></h1>\r\n+<h1>Sessions Administration for <%= JspHelper.escapeXml(path) %></h1>\r\n <p>Tips:</p>\r\n <ul>\r\n@@ -55,13 +57,13 @@\r\n <form action="<%= submitUrl %>" method="post" id="sessionsForm">\r\n <fieldset><legend>Active HttpSessions informations</legend>\r\n <input type="hidden" name="action" id="sessionsFormAction"\r\nvalue="injectSessions"/>\r\n- - <input type="hidden" name="sort" id="sessionsFormSort" value="<%=\r\n(String) request.getAttribute("sort") %>"/>\r\n+ <input type="hidden" name="sort" id="sessionsFormSort" value="<%=\r\nJspHelper.escapeXml(request.getAttribute("sort")) %>"/>\r\n <% String order = (String) request.getAttribute("order");\r\n if (order == null || "".equals(order)) {\r\n order = "ASC";\r\n }\r\n %>\r\n- - <input type="hidden" name="order" id="sessionsFormSortOrder"\r\nvalue="<%= order %>"/>\r\n+ <input type="hidden" name="order" id="sessionsFormSortOrder"\r\nvalue="<%= JspHelper.escapeXml(order) %>"/>\r\n <input type="submit" name="refresh" id="refreshButton" value="Refresh\r\nSessions list"\r\nonclick="document.getElementById('sessionsFormAction').value='refreshSessions';\r\nreturn true;"/>\r\n <%= JspHelper.formatNumber(activeSessions.size()) %> active Sessions<br/>\r\n <table border="1" cellpadding="2" cellspacing="2" width="100%">\r\n@@ -95,13 +97,13 @@\r\n <% Iterator iter = activeSessions.iterator();\r\n while (iter.hasNext()) {\r\n Session currentSession = (Session) iter.next();\r\n- - String currentSessionId = currentSession.getId();\r\n+ String currentSessionId = JspHelper.escapeXml(currentSession.getId());\r\n %>\r\n <tr>\r\n <td>\r\n- -<input type="checkbox" name="sessionIds" value="<%= currentSessionId\r\n%>" /><a href="<%= submitUrl\r\n%>&amp;action=sessionDetail&amp;sessionId=<%= currentSessionId %>"\r\ntarget="_blank"><%= JspHelper.escapeXml(currentSessionId) %></a>\r\n+<input type="checkbox" name="sessionIds" value="<%= currentSessionId\r\n%>" /><a href="<%= submitUrl\r\n%>&amp;action=sessionDetail&amp;sessionId=<%= currentSessionId %>"\r\ntarget="_blank"><%= currentSessionId %></a>\r\n </td>\r\n- - <td style="text-align: center;"><%=\r\nJspHelper.guessDisplayLocaleFromSession(currentSession) %></td>\r\n+ <td style="text-align: center;"><%=\r\nJspHelper.escapeXml(JspHelper.guessDisplayLocaleFromSession(currentSession))\r\n%></td>\r\n <td style="text-align: center;"><%=\r\nJspHelper.guessDisplayUserFromSession(currentSession) %></td>\r\n <td style="text-align: center;"><%=\r\nJspHelper.getDisplayCreationTimeForSession(currentSession) %></td>\r\n <td style="text-align: center;"><%=\r\nJspHelper.getDisplayLastAccessedTimeForSession(currentSession) %></td>\r\n\r\n\r\n\r\n***************\r\nPatch for 7.0.4\r\n***************\r\n\r\nIndex: webapps/manager/WEB-INF/jsp/sessionDetail.jsp\r\n===================================================================\r\n- --- webapps/manager/WEB-INF/jsp/sessionDetail.jsp (revision 1037768)\r\n+++ webapps/manager/WEB-INF/jsp/sessionDetail.jsp (working copy)\r\n@@ -30,9 +30,10 @@\r\n <% String path = (String) request.getAttribute("path");\r\n Session currentSession =\r\n(Session)request.getAttribute("currentSession");\r\n HttpSession currentHttpSession = currentSession.getSession();\r\n- - String currentSessionId = currentSession.getId();\r\n- - String submitUrl = response.encodeURL(((HttpServletRequest)\r\n- - pageContext.getRequest()).getRequestURL().toString());\r\n+ String currentSessionId = JspHelper.escapeXml(currentSession.getId());\r\n+ String submitUrl = JspHelper.escapeXml(response.encodeURL(\r\n+ ((HttpServletRequest)\r\npageContext.getRequest()).getRequestURI() +\r\n+ "?path=" + path));\r\n %>\r\n <head>\r\n <meta http-equiv="content-type" content="text/html;\r\ncharset=iso-8859-1"/>\r\n@@ -46,7 +47,7 @@\r\n <title>Sessions Administration: details for <%= currentSessionId\r\n%></title>\r\n </head>\r\n <body>\r\n- -<h1>Details for Session <%= JspHelper.escapeXml(currentSessionId) %></h1>\r\n+<h1>Details for Session <%= currentSessionId %></h1>\r\n <table style="text-align: left;" border="0">\r\n <tr>\r\n@@ -55,7 +56,7 @@\r\n </tr>\r\n <tr>\r\n <th>Guessed Locale</th>\r\n- - <td><%= JspHelper.guessDisplayLocaleFromSession(currentSession)\r\n%></td>\r\n+ <td><%=\r\nJspHelper.escapeXml(JspHelper.guessDisplayLocaleFromSession(currentSession))\r\n%></td>\r\n </tr>\r\n <tr>\r\n <th>Guessed User</th>\r\n@@ -89,7 +90,6 @@\r\n <form method="post" action="<%= submitUrl %>">\r\n <div>\r\n- - <input type="hidden" name="path" value="<%= path %>" />\r\n <input type="hidden" name="sessionId" value="<%= currentSessionId\r\n%>" />\r\n <input type="hidden" name="action" value="sessionDetail" />\r\n <input type="submit" value="Refresh" />\r\n@@ -131,10 +131,9 @@\r\n <td align="center">\r\n <form method="post" action="<%= submitUrl %>">\r\n <div>\r\n- - <input type="hidden" name="path" value="<%=\r\npath %>" />\r\n <input type="hidden" name="action"\r\nvalue="removeSessionAttribute" />\r\n <input type="hidden" name="sessionId"\r\nvalue="<%= currentSessionId %>" />\r\n- - <input type="hidden" name="attributeName"\r\nvalue="<%= attributeName %>" />\r\n+ <input type="hidden" name="attributeName"\r\nvalue="<%= JspHelper.escapeXml(attributeName) %>" />\r\n <%\r\n if\r\n("Primary".equals(request.getAttribute("sessionType"))) {\r\n %>\r\n@@ -156,7 +155,6 @@\r\n <form method="post" action="<%=submitUrl%>">\r\n <p style="text-align: center;">\r\n- - <input type="hidden" name="path" value="<%= path %>" />\r\n <input type="submit" value="Return to session list" />\r\n </p>\r\n </form>\r\nIndex: webapps/manager/WEB-INF/jsp/sessionsList.jsp\r\n===================================================================\r\n- --- webapps/manager/WEB-INF/jsp/sessionsList.jsp (revision 1037768)\r\n+++ webapps/manager/WEB-INF/jsp/sessionsList.jsp (working copy)\r\n@@ -28,8 +28,9 @@\r\n <%@page import="org.apache.catalina.manager.DummyProxySession"%><html\r\nxmlns="http://www.w3.org/1999/xhtml" xml:lang="en">\r\n <% String path = (String) request.getAttribute("path");\r\n- - String submitUrl = response.encodeURL(((HttpServletRequest)\r\n- - pageContext.getRequest()).getRequestURI() + "?path=" + path);\r\n+ String submitUrl = JspHelper.escapeXml(response.encodeURL(\r\n+ ((HttpServletRequest)\r\npageContext.getRequest()).getRequestURI() +\r\n+ "?path=" + path));\r\n Collection activeSessions = (Collection)\r\nrequest.getAttribute("activeSessions");\r\n %>\r\n <head>\r\n@@ -41,10 +42,10 @@\r\n <meta name="author" content="Cedrik LIME"/>\r\n <meta name="copyright" content="copyright 2005-2010 the Apache\r\nSoftware Foundation"/>\r\n <meta name="robots" content="noindex,nofollow,noarchive"/>\r\n- - <title>Sessions Administration for <%= path %></title>\r\n+ <title>Sessions Administration for <%= JspHelper.escapeXml(path)\r\n%></title>\r\n </head>\r\n <body>\r\n- -<h1>Sessions Administration for <%= path %></h1>\r\n+<h1>Sessions Administration for <%= JspHelper.escapeXml(path) %></h1>\r\n <p>Tips:</p>\r\n <ul>\r\n@@ -58,13 +59,13 @@\r\n <form action="<%= submitUrl %>" method="post" id="sessionsForm">\r\n <fieldset><legend>Active HttpSessions informations</legend>\r\n <input type="hidden" name="action" id="sessionsFormAction"\r\nvalue="injectSessions"/>\r\n- - <input type="hidden" name="sort" id="sessionsFormSort"\r\nvalue="<%= (String) request.getAttribute("sort") %>"/>\r\n+ <input type="hidden" name="sort" id="sessionsFormSort"\r\nvalue="<%= JspHelper.escapeXml(request.getAttribute("sort")) %>"/>\r\n <% String order = (String) request.getAttribute("order");\r\n if (order == null || "".equals(order)) {\r\n order = "ASC";\r\n }\r\n %>\r\n- - <input type="hidden" name="order" id="sessionsFormSortOrder"\r\nvalue="<%= order %>"/>\r\n+ <input type="hidden" name="order" id="sessionsFormSortOrder"\r\nvalue="<%= JspHelper.escapeXml(order) %>"/>\r\n <input type="submit" name="refresh" id="refreshButton"\r\nvalue="Refresh Sessions list"\r\nonclick="document.getElementById('sessionsFormAction').value='refreshSessions';\r\nreturn true;"/>\r\n <%= JspHelper.formatNumber(activeSessions.size()) %> active\r\nSessions<br/>\r\n <table border="1" cellpadding="2" cellspacing="2" width="100%">\r\n@@ -100,7 +101,7 @@\r\n <% Iterator iter = activeSessions.iterator();\r\n while (iter.hasNext()) {\r\n Session currentSession = (Session) iter.next();\r\n- - String currentSessionId = currentSession.getId();\r\n+ String currentSessionId =\r\nJspHelper.escapeXml(currentSession.getId());\r\n String type;\r\n if (currentSession instanceof DeltaSession) {\r\n if (((DeltaSession) currentSession).isPrimarySession()) {\r\n@@ -121,13 +122,13 @@\r\n out.print(currentSessionId);\r\n } else {\r\n %>\r\n- - <a href="<%= submitUrl\r\n%>&amp;action=sessionDetail&amp;sessionId=<%= currentSessionId\r\n%>&amp;sessionType=<%= type %>"><%=\r\nJspHelper.escapeXml(currentSessionId) %></a>\r\n+ <a href="<%= submitUrl\r\n%>&amp;action=sessionDetail&amp;sessionId=<%= currentSessionId\r\n%>&amp;sessionType=<%= type %>"><%= currentSessionId %></a>\r\n <%\r\n }\r\n %>\r\n </td>\r\n <td style="text-align: center;"><%= type %></td>\r\n- - <td style="text-align: center;"><%=\r\nJspHelper.guessDisplayLocaleFromSession(currentSession) %></td>\r\n+ <td style="text-align: center;"><%=\r\nJspHelper.escapeXml(JspHelper.guessDisplayLocaleFromSession(currentSession))\r\n%></td>\r\n <td style="text-align: center;"><%=\r\nJspHelper.guessDisplayUserFromSession(currentSession) %></td>\r\n <td style="text-align: center;"><%=\r\nJspHelper.getDisplayCreationTimeForSession(currentSession) %></td>\r\n <td style="text-align: center;"><%=\r\nJspHelper.getDisplayLastAccessedTimeForSession(currentSession) %></td>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (MingW32)\r\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/\r\n\r\niQIcBAEBAgAGBQJM6sBuAAoJEBDAHFovYFnnrHEQAPA2QmgMopWAzEynFt0htLUS\r\nDx0A8gl4grLLIjDcwCM+jzc44dn0zzSTuXZkhAbCE+gnLpQSCMf1iQmX3hwOKCHx\r\nMgHpWIhpon6FB1+AE3HtqQ2MzH/IUeA0ji2F/nWKors4zdkdpNNZG3O4tNzsd108\r\nIXrDaoJheD0ek9N51PYAuN1ZEhMWnkTYPvpGjCcSn5sj2LYqEGpdrifLBx5QbwZu\r\neOVJHufomeU6lanogTtSaXUhDmfm0NM72OCxm597R9L10Xll2D2AK0MvTZjWf5Mr\r\nxZiotdlFc6E5PPNtdUOO34HW/ClYrTjWQB1RoY8yUnRjRx8a8tZ+rrX9TCfPuy7x\r\nOs8nOEAjWtUYZmP4I+o0c8tcurpF9gP6rITOL4JZlZPB++ZtzILU4NGzoxsQ5WtZ\r\nU1eIgnH1GcboOAu0TKfxESrDFutruN9PvgIaQPdBftENShk20CNBXfaWatkE0nnv\r\nYZS9R5dviKa/u7cNZEusGQirc65bdDuG2u97bZkqoYyywwpeBC7QKEiPfqnfa9Ju\r\nDkucGnejMDbWa5kgvDQH/i0vnyy2lyknGo/vuZMsgVWffgKQoLG0TLk4hg4Evafv\r\nnWeeepnIdDTTc2KuiqO1F/KSGB7VmR8E2ySGj62g75bJOnSzVMpSpwfF/F7FYMsi\r\nNAKAGVImnKte7ogGqU94\r\n=gjUw\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2010-11-24T00:00:00", "published": "2010-11-24T00:00:00", "id": "SECURITYVULNS:DOC:25181", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:25181", "title": "[SECURITY] CVE-2010-4172: Apache Tomcat Manager application XSS vulnerability", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:09:39", "bulletinFamily": "software", "cvelist": ["CVE-2010-4172"], "description": "Crossite srcripting in Manager application.", "edition": 1, "modified": "2010-11-24T00:00:00", "published": "2010-11-24T00:00:00", "id": "SECURITYVULNS:VULN:11269", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11269", "title": "Apache Tomcat crossite scripting", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:42", "bulletinFamily": "software", "cvelist": ["CVE-2011-0187", "CVE-2011-0421", "CVE-2011-1467", "CVE-2011-1153", "CVE-2011-1471", "CVE-2011-3221", "CVE-2011-3227", "CVE-2011-0259", "CVE-2011-3216", "CVE-2011-3246", "CVE-2011-1466", "CVE-2011-3435", "CVE-2011-3222", "CVE-2011-0229", "CVE-2011-1521", "CVE-2010-4172", "CVE-2011-0419", "CVE-2011-1092", "CVE-2011-0252", "CVE-2011-3223", "CVE-2011-0185", "CVE-2011-1755", "CVE-2011-3220", "CVE-2011-0224", "CVE-2011-2464", "CVE-2010-4645", "CVE-2011-3214", "CVE-2010-3436", "CVE-2010-1157", "CVE-2011-0013", "CVE-2011-0708", "CVE-2011-3228", "CVE-2011-0249", "CVE-2011-0231", "CVE-2011-0534", "CVE-2011-3437", "CVE-2011-2691", "CVE-2011-1468", "CVE-2011-0420", "CVE-2010-2089", "CVE-2011-3224", "CVE-2011-0226", "CVE-2011-1470", "CVE-2011-3192", "CVE-2011-3219", "CVE-2011-3436", "CVE-2011-3225", "CVE-2011-3215", "CVE-2011-0260", "CVE-2011-2692", "CVE-2010-2227", "CVE-2011-1469", "CVE-2011-3218", "CVE-2010-3614", "CVE-2011-3213", "CVE-2010-3718", "CVE-2011-0250", "CVE-2011-3217", "CVE-2010-3613", "CVE-2010-1634", "CVE-2010-0097", "CVE-2011-0251", "CVE-2011-0707", "CVE-2011-0230", "CVE-2011-3226", "CVE-2011-2690", "CVE-2011-0411", "CVE-2011-3212", "CVE-2009-4022", "CVE-2011-1910"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2011-10-12-3 OS X Lion v10.7.2 and Security Update 2011-006\r\n\r\nOS X Lion v10.7.2 and Security Update 2011-006 is now available and\r\naddresses the following:\r\n\r\nApache\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: Multiple vulnerabilities in Apache\r\nDescription: Apache is updated to version 2.2.20 to address several\r\nvulnerabilities, the most serious of which may lead to a denial of\r\nservice. CVE-2011-0419 does not affect OS X Lion systems. Further\r\ninformation is available via the Apache web site at\r\nhttp://httpd.apache.org/\r\nCVE-ID\r\nCVE-2011-0419\r\nCVE-2011-3192\r\n\r\nApplication Firewall\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: Executing a binary with a maliciously crafted name may lead\r\nto arbitrary code execution with elevated privileges\r\nDescription: A format string vulnerability existed in Application\r\nFirewall's debug logging.\r\nCVE-ID\r\nCVE-2011-0185 : an anonymous reporter\r\n\r\nATS\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: Viewing or downloading a document containing a maliciously\r\ncrafted embedded font may lead to arbitrary code execution\r\nDescription: A signedness issue existed in ATS' handling of Type 1\r\nfonts. This issue does not affect systems prior to OS X Lion.\r\nCVE-ID\r\nCVE-2011-3437\r\n\r\nATS\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Viewing or downloading a document containing a maliciously\r\ncrafted embedded font may lead to arbitrary code execution\r\nDescription: An out of bounds memory access issue existed in ATS'\r\nhandling of Type 1 fonts. This issue does not affect OS X Lion\r\nsystems.\r\nCVE-ID\r\nCVE-2011-0229 : Will Dormann of the CERT/CC\r\n\r\nATS\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: Applications which use the ATSFontDeactivate API may be\r\nvulnerable to an unexpected application termination or arbitrary code\r\nexecution\r\nDescription: A buffer overflow issue existed in the\r\nATSFontDeactivate API.\r\nCVE-ID\r\nCVE-2011-0230 : Steven Michaud of Mozilla\r\n\r\nBIND\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: Multiple vulnerabilities in BIND 9.7.3\r\nDescription: Multiple denial of service issues existed in BIND\r\n9.7.3. These issues are addressed by updating BIND to version\r\n9.7.3-P3.\r\nCVE-ID\r\nCVE-2011-1910\r\nCVE-2011-2464\r\n\r\nBIND\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Multiple vulnerabilities in BIND\r\nDescription: Multiple denial of service issues existed in BIND.\r\nThese issues are addressed by updating BIND to version 9.6-ESV-R4-P3.\r\nCVE-ID\r\nCVE-2009-4022\r\nCVE-2010-0097\r\nCVE-2010-3613\r\nCVE-2010-3614\r\nCVE-2011-1910\r\nCVE-2011-2464\r\n\r\nCertificate Trust Policy\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1.\r\nImpact: Root certificates have been updated\r\nDescription: Several trusted certificates were added to the list of\r\nsystem roots. Several existing certificates were updated to their\r\nmost recent version. The complete list of recognized system roots may\r\nbe viewed via the Keychain Access application.\r\n\r\nCFNetwork\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Safari may store cookies it is not configured to accept\r\nDescription: A synchronization issue existed in CFNetwork's handling\r\nof cookie policies. Safari's cookie preferences may not be honored,\r\nallowing websites to set cookies that would be blocked were the\r\npreference enforced. This update addresses the issue through improved\r\nhandling of cookie storage.\r\nCVE-ID\r\nCVE-2011-0231 : Martin Tessarek, Steve Riggins of Geeks R Us, Justin\r\nC. Walker, and Stephen Creswell\r\n\r\nCFNetwork\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: Visiting a maliciously crafted website may lead to the\r\ndisclosure of sensitive information\r\nDescription: An issue existed in CFNetwork's handling of HTTP\r\ncookies. When accessing a maliciously crafted HTTP or HTTPS URL,\r\nCFNetwork could incorrectly send the cookies for a domain to a server\r\noutside that domain. This issue does not affect systems prior to OS X\r\nLion.\r\nCVE-ID\r\nCVE-2011-3246 : Erling Ellingsen of Facebook\r\n\r\nCoreFoundation\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Viewing a maliciously crafted website or e-mail message may\r\nlead to an unexpected application termination or arbitrary code\r\nexecution\r\nDescription: A memory corruption issue existed in CoreFoundation's\r\nhandling of string tokenization. This issue does not affect OS X Lion\r\nsystems. This update addresses the issue through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2011-0259 : Apple\r\n\r\nCoreMedia\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: Visiting a maliciously crafted website may lead to the\r\ndisclosure of video data from another site\r\nDescription: A cross-origin issue existed in CoreMedia's handling of\r\ncross-site redirects. This issue is addressed through improved origin\r\ntracking.\r\nCVE-ID\r\nCVE-2011-0187 : Nirankush Panchbhai and Microsoft Vulnerability\r\nResearch (MSVR)\r\n\r\nCoreMedia\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in the\r\nhandling of QuickTime movie files. These issues do not affect OS X\r\nLion systems.\r\nCVE-ID\r\nCVE-2011-0224 : Apple\r\n\r\nCoreProcesses\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: A person with physical access to a system may partially\r\nbypass the screen lock\r\nDescription: A system window, such as a VPN password prompt, that\r\nappeared while the screen was locked may have accepted keystrokes\r\nwhile the screen was locked. This issue is addressed by preventing\r\nsystem windows from requesting keystrokes while the screen is locked.\r\nThis issue does not affect systems prior to OS X Lion.\r\nCVE-ID\r\nCVE-2011-0260 : Clint Tseng of the University of Washington, Michael\r\nKobb, and Adam Kemp\r\n\r\nCoreStorage\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: Converting to FileVault does not erase all existing data\r\nDescription: After enabling FileVault, approximately 250MB at the\r\nstart of the volume was left unencrypted on the disk in an unused\r\narea. Only data which was present on the volume before FileVault was\r\nenabled was left unencrypted. This issue is addressed by erasing this\r\narea when enabling FileVault, and on the first use of an encrypted\r\nvolume affected by this issue. This issue does not affect systems\r\nprior to OS X Lion.\r\nCVE-ID\r\nCVE-2011-3212 : Judson Powers of ATC-NY\r\n\r\nFile Systems\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: An attacker in a privileged network position may manipulate\r\nHTTPS server certificates, leading to the disclosure of sensitive\r\ninformation\r\nDescription: An issue existed in the handling of WebDAV volumes on\r\nHTTPS servers. If the server presented a certificate chain that could\r\nnot be automatically verified, a warning was displayed and the\r\nconnection was closed. If the user clicked the "Continue" button in\r\nthe warning dialog, any certificate was accepted on the following\r\nconnection to that server. An attacker in a privileged network\r\nposition may have manipulated the connection to obtain sensitive\r\ninformation or take action on the server on the user's behalf. This\r\nupdate addresses the issue by validating that the certificate\r\nreceived on the second connection is the same certificate originally\r\npresented to the user.\r\nCVE-ID\r\nCVE-2011-3213 : Apple\r\n\r\nIOGraphics\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: A person with physical access may be able to bypass the\r\nscreen lock\r\nDescription: An issue existed with the screen lock when used with\r\nApple Cinema Displays. When a password is required to wake from\r\nsleep, a person with physical access may be able to access the system\r\nwithout entering a password if the system is in display sleep mode.\r\nThis update addresses the issue by ensuring that the lock screen is\r\ncorrectly activated in display sleep mode. This issue does not affect\r\nOS X Lion systems.\r\nCVE-ID\r\nCVE-2011-3214 : Apple\r\n\r\niChat Server\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: A remote attacker may cause the Jabber server to consume\r\nsystem resources disproportionately\r\nDescription: An issue existed in the handling of XML external\r\nentities in jabberd2, a server for the Extensible Messaging and\r\nPresence Protocol (XMPP). jabberd2 expands external entities in\r\nincoming requests. This allows an attacker to consume system\r\nresources very quickly, denying service to legitimate users of the\r\nserver. This update addresses the issue by disabling entity expansion\r\nin incoming requests.\r\nCVE-ID\r\nCVE-2011-1755\r\n\r\nKernel\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: A person with physical access may be able to access the\r\nuser's password\r\nDescription: A logic error in the kernel's DMA protection permitted\r\nfirewire DMA at loginwindow, boot, and shutdown, although not at\r\nscreen lock. This update addresses the issue by preventing firewire\r\nDMA at all states where the user is not logged in.\r\nCVE-ID\r\nCVE-2011-3215 : Passware, Inc.\r\n\r\nKernel\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: An unprivileged user may be able to delete another user's\r\nfiles in a shared directory\r\nDescription: A logic error existed in the kernel's handling of file\r\ndeletions in directories with the sticky bit.\r\nCVE-ID\r\nCVE-2011-3216 : Gordon Davisson of Crywolf, Linc Davis, R. Dormer,\r\nand Allan Schmid and Oliver Jeckel of brainworks Training\r\n\r\nlibsecurity\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: Viewing a maliciously crafted website or e-mail message may\r\nlead to an unexpected application termination or arbitrary code\r\nexecution\r\nDescription: An error handling issue existed when parsing a\r\nnonstandard certificate revocation list extension.\r\nCVE-ID\r\nCVE-2011-3227 : Richard Godbee of Virginia Tech\r\n\r\nMailman\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Multiple vulnerabilities in Mailman 2.1.14\r\nDescription: Multiple cross-site scripting issues existed in Mailman\r\n2.1.14. These issues are addressed by improved encoding of characters\r\nin HTML output. Further information is available via the Mailman site\r\nat http://mail.python.org/pipermail/mailman-\r\nannounce/2011-February/000158.html This issue does not affect OS X\r\nLion systems.\r\nCVE-ID\r\nCVE-2011-0707\r\n\r\nMediaKit\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Opening a maliciously crafted disk image may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in the\r\nhandling of disk images. These issues do not affect OS X Lion\r\nsystems.\r\nCVE-ID\r\nCVE-2011-3217 : Apple\r\n\r\nOpen Directory\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: Any user may read another local user's password data\r\nDescription: An access control issue existed in Open Directory. This\r\nissue does not affect systems prior to OS X Lion.\r\nCVE-ID\r\nCVE-2011-3435 : Arek Dreyer of Dreyer Network Consultants, Inc, and\r\nPatrick Dunstan at defenseindepth.net\r\n\r\nOpen Directory\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: An authenticated user may change that account's password\r\nwithout providing the current password\r\nDescription: An access control issue existed in Open Directory. This\r\nissue does not affect systems prior to OS X Lion.\r\nCVE-ID\r\nCVE-2011-3436 : Patrick Dunstan at defenceindepth.net\r\n\r\nOpen Directory\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: A user may be able to log in without a password\r\nDescription: When Open Directory is bound to an LDAPv3 server using\r\nRFC2307 or custom mappings, such that there is no\r\nAuthenticationAuthority attribute for a user, an LDAP user may be\r\nallowed to log in without a password. This issue does not affect\r\nsystems prior to OS X Lion.\r\nCVE-ID\r\nCVE-2011-3226 : Jeffry Strunk of The University of Texas at Austin,\r\nSteven Eppler of Colorado Mesa University, Hugh Cole-Baker, and\r\nFrederic Metoz of Institut de Biologie Structurale\r\n\r\nPHP\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: Viewing a maliciously crafted PDF file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A signedness issue existed in FreeType's handling of\r\nType 1 fonts. This issue is addressed by updating FreeType to version\r\n2.4.6. This issue does not affect systems prior to OS X Lion. Further\r\ninformation is available via the FreeType site at\r\nhttp://www.freetype.org/\r\nCVE-ID\r\nCVE-2011-0226\r\n\r\nPHP\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: Multiple vulnerabilities in libpng 1.4.3\r\nDescription: libpng is updated to version 1.5.4 to address multiple\r\nvulnerabilities, the most serious of which may lead to arbitrary code\r\nexecution. Further information is available via the libpng website at\r\nhttp://www.libpng.org/pub/png/libpng.html\r\nCVE-ID\r\nCVE-2011-2690\r\nCVE-2011-2691\r\nCVE-2011-2692\r\n\r\nPHP\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Multiple vulnerabilities in PHP 5.3.4\r\nDescription: PHP is updated to version 5.3.6 to address multiple\r\nvulnerabilities, the most serious of which may lead to arbitrary code\r\nexecution. This issues do not affect OS X Lion systems. Further\r\ninformation is available via the PHP website at http://www.php.net/\r\nCVE-ID\r\nCVE-2010-3436\r\nCVE-2010-4645\r\nCVE-2011-0420\r\nCVE-2011-0421\r\nCVE-2011-0708\r\nCVE-2011-1092\r\nCVE-2011-1153\r\nCVE-2011-1466\r\nCVE-2011-1467\r\nCVE-2011-1468\r\nCVE-2011-1469\r\nCVE-2011-1470\r\nCVE-2011-1471\r\n\r\npostfix\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: An attacker in a privileged network position may manipulate\r\nmail sessions, resulting in the disclosure of sensitive information\r\nDescription: A logic issue existed in Postfix in the handling of the\r\nSTARTTLS command. After receiving a STARTTLS command, Postfix may\r\nprocess other plain-text commands. An attacker in a privileged\r\nnetwork position may manipulate the mail session to obtain sensitive\r\ninformation from the encrypted traffic. This update addresses the\r\nissue by clearing the command queue after processing a STARTTLS\r\ncommand. This issue does not affect OS X Lion systems. Further\r\ninformation is available via the Postfix site at\r\nhttp://www.postfix.org/announcements/postfix-2.7.3.html\r\nCVE-ID\r\nCVE-2011-0411\r\n\r\npython\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: Multiple vulnerabilities in python\r\nDescription: Multiple vulnerabilities existed in python, the most\r\nserious of which may lead to arbitrary code execution. This update\r\naddresses the issues by applying patches from the python project.\r\nFurther information is available via the python site at\r\nhttp://www.python.org/download/releases/\r\nCVE-ID\r\nCVE-2010-1634\r\nCVE-2010-2089\r\nCVE-2011-1521\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in\r\nQuickTime's handling of movie files.\r\nCVE-ID\r\nCVE-2011-3228 : Apple\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A heap buffer overflow existed in the handling of STSC\r\natoms in QuickTime movie files. This issue does not affect OS X Lion\r\nsystems.\r\nCVE-ID\r\nCVE-2011-0249 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero\r\nDay Initiative\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A heap buffer overflow existed in the handling of STSS\r\natoms in QuickTime movie files. This issue does not affect OS X Lion\r\nsystems.\r\nCVE-ID\r\nCVE-2011-0250 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero\r\nDay Initiative\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A heap buffer overflow existed in the handling of STSZ\r\natoms in QuickTime movie files. This issue does not affect OS X Lion\r\nsystems.\r\nCVE-ID\r\nCVE-2011-0251 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero\r\nDay Initiative\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A heap buffer overflow existed in the handling of STTS\r\natoms in QuickTime movie files. This issue does not affect OS X Lion\r\nsystems.\r\nCVE-ID\r\nCVE-2011-0252 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero\r\nDay Initiative\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: An attacker in a privileged network position may inject\r\nscript in the local domain when viewing template HTML\r\nDescription: A cross-site scripting issue existed in QuickTime\r\nPlayer's "Save for Web" export. The template HTML files generated by\r\nthis feature referenced a script file from a non-encrypted origin. An\r\nattacker in a privileged network position may be able to inject\r\nmalicious scripts in the local domain if the user views a template\r\nfile locally. This issue is resolved by removing the reference to an\r\nonline script. This issue does not affect OS X Lion systems.\r\nCVE-ID\r\nCVE-2011-3218 : Aaron Sigel of vtty.com\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in QuickTime's handling of\r\nH.264 encoded movie files.\r\nCVE-ID\r\nCVE-2011-3219 : Damian Put working with TippingPoint's Zero Day\r\nInitiative\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: Viewing a maliciously crafted movie file may lead to the\r\ndisclosure of memory contents\r\nDescription: An uninitialized memory access issue existed in\r\nQuickTime's handling of URL data handlers within movie files.\r\nCVE-ID\r\nCVE-2011-3220 : Luigi Auriemma working with TippingPoint's Zero Day\r\nInitiative\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: An implementation issue existed in QuickTime's handling\r\nof the atom hierarchy within a movie file.\r\nCVE-ID\r\nCVE-2011-3221 : an anonymous researcher working with TippingPoint's\r\nZero Day Initiative\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: Viewing a maliciously crafted FlashPix file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in QuickTime's handling of\r\nFlashPix files.\r\nCVE-ID\r\nCVE-2011-3222 : Damian Put working with TippingPoint's Zero Day\r\nInitiative\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in QuickTime's handling of\r\nFLIC files.\r\nCVE-ID\r\nCVE-2011-3223 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero\r\nDay Initiative\r\n\r\nSMB File Server\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: A guest user may browse shared folders\r\nDescription: An access control issue existed in the SMB File Server.\r\nDisallowing guest access to the share point record for a folder\r\nprevented the '_unknown' user from browsing the share point but not\r\nguests (user 'nobody'). This issue is addressed by applying the\r\naccess control to the guest user. This issue does not affect systems\r\nprior to OS X Lion.\r\nCVE-ID\r\nCVE-2011-3225\r\n\r\nTomcat\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Multiple vulnerabilities in Tomcat 6.0.24\r\nDescription: Tomcat is updated to version 6.0.32 to address multiple\r\nvulnerabilities, the most serious of which may lead to a cross site\r\nscripting attack. Tomcat is only provided on Mac OS X Server systems.\r\nThis issue does not affect OS X Lion systems. Further information is\r\navailable via the Tomcat site at http://tomcat.apache.org/\r\nCVE-ID\r\nCVE-2010-1157\r\nCVE-2010-2227\r\nCVE-2010-3718\r\nCVE-2010-4172\r\nCVE-2011-0013\r\nCVE-2011-0534\r\n\r\nUser Documentation\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: An attacker in a privileged network position may manipulate\r\nApp Store help content, leading to arbitrary code execution\r\nDescription: App Store help content was updated over HTTP. This\r\nupdate addresses the issue by updating App Store help content over\r\nHTTPS. This issue does not affect OS X Lion systems.\r\nCVE-ID\r\nCVE-2011-3224 : Aaron Sigel of vtty.com\r\n\r\nWeb Server\r\nAvailable for: Mac OS X Server v10.6.8\r\nImpact: Clients may be unable to access web services that require\r\ndigest authentication\r\nDescription: An issue in the handling of HTTP Digest authentication\r\nwas addressed. Users may be denied access to the server's resources,\r\nwhen the server configuration should have allowed the access. This\r\nissue does not represent a security risk, and was addressed to\r\nfacilitate the use of stronger authentication mechanisms. Systems\r\nrunning OS X Lion Server are not affected by this issue.\r\n\r\nX11\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: Multiple vulnerabilities in libpng\r\nDescription: Multiple vulnerabilities existed in libpng, the most\r\nserious of which may lead to arbitrary code execution. These issues\r\nare addressed by updating libpng to version 1.5.4 on OS Lion systems,\r\nand to 1.2.46 on Mac OS X v10.6 systems. Further information is\r\navailable via the libpng website at\r\nhttp://www.libpng.org/pub/png/libpng.html\r\nCVE-ID\r\nCVE-2011-2690\r\nCVE-2011-2691\r\nCVE-2011-2692\r\n\r\nOS X Lion v10.7.2 also includes Safari 5.1.1. For information on\r\nthe security content of Safari 5.1.1, please visit:\r\nhttp://support.apple.com/kb/HT5000\r\n\r\nOS X Lion v10.7.2 and Security Update 2011-006 may be obtained from\r\nthe Software Update pane in System Preferences, or Apple's Software\r\nDownloads web site:\r\nhttp://www.apple.com/support/downloads/\r\n\r\nThe Software Update utility will present the update that applies\r\nto your system configuration. Only one is needed, either\r\nSecurity Update 2011-006 or OS X v10.7.2.\r\n\r\nFor OS X Lion v10.7.1\r\nThe download file is named: MacOSXUpd10.7.2.dmg\r\nIts SHA-1 digest is: 37f784e08d4461e83a891a7f8b8af24c2ceb8229\r\n\r\nFor OS X Lion v10.7\r\nThe download file is named: MacOSXUpdCombo10.7.2.dmg\r\nIts SHA-1 digest is: accd06d610af57df24f62ce7af261395944620eb\r\n\r\nFor OS X Lion Server v10.7.1\r\nThe download file is named: MacOSXServerUpd10.7.2.dmg\r\nIts SHA-1 digest is: e4084bf1dfa295a42f619224d149e515317955da\r\n\r\nFor OS X Lion Server v10.7\r\nThe download file is named: MacOSXServerUpdCombo10.7.2.dmg\r\nIts SHA-1 digest is: 25e86f5cf97b6644c7a025230431b1992962ec4a\r\n\r\nFor Mac OS X v10.6.8\r\nThe download file is named: SecUpd2011-006Snow.dmg\r\nIts SHA-1 digest is: 0f9c29610a06370d0c85a4c92dc278a48ba17a84\r\n\r\nFor Mac OS X Server v10.6.8\r\nThe download file is named: SecUpdSrvr2011-006.dmg\r\nIts SHA-1 digest is: 12de3732710bb03059f93527189d221c97ef8a06\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.16 (Darwin)\r\n\r\niQEcBAEBAgAGBQJOlc/zAAoJEGnF2JsdZQeeWFcH/RDHS+dCP8T4a92uYRIbs9T3\r\nTFbT7hnOoTB0H+2eN3oziLNime2N4mO921heHobiAKSXv/luU41ZPHxVd6rE77Md\r\n/BHDqLv65RA0XFTIPmrTcfpLhI5UgXDLfOLrsmdwTm52l5zQZkoxufYFf3mB3h7U\r\nZJUD1s081Pjy45/Cbao097+JrDwS7ahhgkvTmpmSvJK/wWRz4JtZkvIYcQ2uQFR4\r\nsTg4l6pmi3d8sJJ4wzrEaxDpclRjvjURI4DiBMYwGAXeCMRgYi0y03tYtkjXoaSG\r\n69h2yD8EXQBuJkDyouak7/M/eMwUfb2S6o1HyXTldjdvFBFvvwvl+Y3xp8YmDzU=\r\n=gsvn\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2011-10-16T00:00:00", "published": "2011-10-16T00:00:00", "id": "SECURITYVULNS:DOC:27155", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27155", "title": "APPLE-SA-2011-10-12-3 OS X Lion v10.7.2 and Security Update 2011-006", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:44", "bulletinFamily": "software", "cvelist": ["CVE-2011-0187", "CVE-2011-0421", "CVE-2011-1467", "CVE-2011-1153", "CVE-2011-1471", "CVE-2011-3221", "CVE-2011-3227", "CVE-2011-0259", "CVE-2011-3216", "CVE-2011-3246", "CVE-2011-1466", "CVE-2011-3435", "CVE-2011-3222", "CVE-2011-0229", "CVE-2011-1521", "CVE-2010-4172", "CVE-2011-0419", "CVE-2011-1092", "CVE-2011-0252", "CVE-2011-3223", "CVE-2011-0185", "CVE-2011-1755", "CVE-2011-3220", "CVE-2011-0224", "CVE-2011-2464", "CVE-2010-4645", "CVE-2011-3214", "CVE-2010-3436", "CVE-2010-1157", "CVE-2011-0013", "CVE-2011-0708", "CVE-2011-3228", "CVE-2011-0249", "CVE-2011-0231", "CVE-2011-0534", "CVE-2011-3437", "CVE-2011-2691", "CVE-2011-1468", "CVE-2011-0420", "CVE-2010-2089", "CVE-2011-3224", "CVE-2011-0226", "CVE-2011-1470", "CVE-2011-3192", "CVE-2011-3219", "CVE-2011-3436", "CVE-2011-3225", "CVE-2011-3215", "CVE-2011-0260", "CVE-2011-2692", "CVE-2010-2227", "CVE-2011-1469", "CVE-2011-3218", "CVE-2010-3614", "CVE-2011-3213", "CVE-2010-3718", "CVE-2011-0250", "CVE-2011-3217", "CVE-2010-3613", "CVE-2010-1634", "CVE-2010-0097", "CVE-2011-0251", "CVE-2011-0707", "CVE-2011-0230", "CVE-2011-3226", "CVE-2011-2690", "CVE-2011-0411", "CVE-2011-3212", "CVE-2009-4022", "CVE-2011-1910"], "description": "Multiple vulnerabilities in different system components.", "edition": 1, "modified": "2011-10-24T00:00:00", "published": "2011-10-24T00:00:00", "id": "SECURITYVULNS:VULN:11973", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11973", "title": "Apple OS X multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2020-07-09T00:21:00", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4172"], "description": "It was discovered that Tomcat did not properly escape certain parameters in \nthe Manager application which could result in browsers becoming vulnerable \nto cross-site scripting attacks when processing the output. With cross-site \nscripting vulnerabilities, if a user were tricked into viewing server \noutput during a crafted server request, a remote attacker could exploit \nthis to modify the contents, or steal confidential data (such as \npasswords), within the same domain.", "edition": 5, "modified": "2011-01-24T00:00:00", "published": "2011-01-24T00:00:00", "id": "USN-1048-1", "href": "https://ubuntu.com/security/notices/USN-1048-1", "title": "Tomcat vulnerability", "type": "ubuntu", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "openvas": [{"lastseen": "2019-05-29T18:39:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4172"], "description": "Apache Tomcat is prone to multiple cross-site scripting\n vulnerabilities because it fails to properly sanitize user-supplied input.", "modified": "2019-05-10T00:00:00", "published": "2011-01-14T00:00:00", "id": "OPENVAS:1361412562310103032", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310103032", "type": "openvas", "title": "Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:tomcat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.103032\");\n script_version(\"2019-05-10T11:41:35+0000\");\n script_tag(name:\"last_modification\", value:\"2019-05-10 11:41:35 +0000 (Fri, 10 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2011-01-14 14:24:22 +0100 (Fri, 14 Jan 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_bugtraq_id(45015);\n script_cve_id(\"CVE-2010-4172\");\n script_name(\"Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web Servers\");\n script_copyright(\"This script is Copyright (C) 2011 Greenbone Networks GmbH\");\n script_dependencies(\"gb_apache_tomcat_consolidation.nasl\");\n script_mandatory_keys(\"apache/tomcat/detected\");\n\n script_xref(name:\"URL\", value:\"https://www.securityfocus.com/bid/45015\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-6.html\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-7.html\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-6.html\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-7.html\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/archive/1/514866\");\n\n script_tag(name:\"solution\", value:\"Updates are available. Please see the references for more information.\");\n\n script_tag(name:\"summary\", value:\"Apache Tomcat is prone to multiple cross-site scripting\n vulnerabilities because it fails to properly sanitize user-supplied input.\");\n\n script_tag(name:\"affected\", value:\"Tomcat 6.0.12 through 6.0.29, Tomcat 7.0.0\n through 7.0.4\");\n\n script_tag(name:\"impact\", value:\"An attacker may leverage these issues to execute arbitrary script code\n in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal\n cookie-based authentication credentials and launch other attacks.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( isnull( port = get_app_port( cpe:CPE ) ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_location( cpe:CPE, port:port, exit_no_version:TRUE ) )\n exit( 0 );\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif( version_in_range( version:vers, test_version:\"7.0.0\", test_version2:\"7.0.4\" ) ||\n version_in_range( version:vers, test_version:\"6.0.12\", test_version2:\"6.0.29\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"6.0.30/7.0.5\", install_path:path );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2017-12-04T11:27:28", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4172"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1048-1", "modified": "2017-12-01T00:00:00", "published": "2011-01-31T00:00:00", "id": "OPENVAS:840574", "href": "http://plugins.openvas.org/nasl.php?oid=840574", "type": "openvas", "title": "Ubuntu Update for tomcat6 vulnerability USN-1048-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1048_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for tomcat6 vulnerability USN-1048-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that Tomcat did not properly escape certain parameters in\n the Manager application which could result in browsers becoming vulnerable\n to cross-site scripting attacks when processing the output. With cross-site\n scripting vulnerabilities, if a user were tricked into viewing server\n output during a crafted server request, a remote attacker could exploit\n this to modify the contents, or steal confidential data (such as\n passwords), within the same domain.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1048-1\";\ntag_affected = \"tomcat6 vulnerability on Ubuntu 9.10 ,\n Ubuntu 10.04 LTS ,\n Ubuntu 10.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1048-1/\");\n script_id(840574);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-01-31 15:15:14 +0100 (Mon, 31 Jan 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"USN\", value: \"1048-1\");\n script_cve_id(\"CVE-2010-4172\");\n script_name(\"Ubuntu Update for tomcat6 vulnerability USN-1048-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libservlet2.5-java-doc\", ver:\"6.0.20-2ubuntu2.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libservlet2.5-java\", ver:\"6.0.20-2ubuntu2.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.20-2ubuntu2.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-admin\", ver:\"6.0.20-2ubuntu2.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-common\", ver:\"6.0.20-2ubuntu2.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-docs\", ver:\"6.0.20-2ubuntu2.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-examples\", ver:\"6.0.20-2ubuntu2.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-user\", ver:\"6.0.20-2ubuntu2.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6\", ver:\"6.0.20-2ubuntu2.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libservlet2.5-java-doc\", ver:\"6.0.28-2ubuntu1.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libservlet2.5-java\", ver:\"6.0.28-2ubuntu1.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.28-2ubuntu1.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-admin\", ver:\"6.0.28-2ubuntu1.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-common\", ver:\"6.0.28-2ubuntu1.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-docs\", ver:\"6.0.28-2ubuntu1.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-examples\", ver:\"6.0.28-2ubuntu1.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-user\", ver:\"6.0.28-2ubuntu1.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6\", ver:\"6.0.28-2ubuntu1.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libservlet2.5-java-doc\", ver:\"6.0.24-2ubuntu1.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libservlet2.5-java\", ver:\"6.0.24-2ubuntu1.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.24-2ubuntu1.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-admin\", ver:\"6.0.24-2ubuntu1.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-common\", ver:\"6.0.24-2ubuntu1.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-docs\", ver:\"6.0.24-2ubuntu1.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-examples\", ver:\"6.0.24-2ubuntu1.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-user\", ver:\"6.0.24-2ubuntu1.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6\", ver:\"6.0.24-2ubuntu1.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:39:45", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4172"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1048-1", "modified": "2019-03-13T00:00:00", "published": "2011-01-31T00:00:00", "id": "OPENVAS:1361412562310840574", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840574", "type": "openvas", "title": "Ubuntu Update for tomcat6 vulnerability USN-1048-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1048_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for tomcat6 vulnerability USN-1048-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1048-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840574\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-01-31 15:15:14 +0100 (Mon, 31 Jan 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name:\"USN\", value:\"1048-1\");\n script_cve_id(\"CVE-2010-4172\");\n script_name(\"Ubuntu Update for tomcat6 vulnerability USN-1048-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(9\\.10|10\\.10|10\\.04 LTS)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1048-1\");\n script_tag(name:\"affected\", value:\"tomcat6 vulnerability on Ubuntu 9.10,\n Ubuntu 10.04 LTS,\n Ubuntu 10.10\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"It was discovered that Tomcat did not properly escape certain parameters in\n the Manager application which could result in browsers becoming vulnerable\n to cross-site scripting attacks when processing the output. With cross-site\n scripting vulnerabilities, if a user were tricked into viewing server\n output during a crafted server request, a remote attacker could exploit\n this to modify the contents, or steal confidential data (such as\n passwords), within the same domain.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libservlet2.5-java-doc\", ver:\"6.0.20-2ubuntu2.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libservlet2.5-java\", ver:\"6.0.20-2ubuntu2.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.20-2ubuntu2.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-admin\", ver:\"6.0.20-2ubuntu2.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-common\", ver:\"6.0.20-2ubuntu2.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-docs\", ver:\"6.0.20-2ubuntu2.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-examples\", ver:\"6.0.20-2ubuntu2.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-user\", ver:\"6.0.20-2ubuntu2.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6\", ver:\"6.0.20-2ubuntu2.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libservlet2.5-java-doc\", ver:\"6.0.28-2ubuntu1.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libservlet2.5-java\", ver:\"6.0.28-2ubuntu1.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.28-2ubuntu1.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-admin\", ver:\"6.0.28-2ubuntu1.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-common\", ver:\"6.0.28-2ubuntu1.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-docs\", ver:\"6.0.28-2ubuntu1.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-examples\", ver:\"6.0.28-2ubuntu1.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-user\", ver:\"6.0.28-2ubuntu1.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6\", ver:\"6.0.28-2ubuntu1.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libservlet2.5-java-doc\", ver:\"6.0.24-2ubuntu1.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libservlet2.5-java\", ver:\"6.0.24-2ubuntu1.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.24-2ubuntu1.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-admin\", ver:\"6.0.24-2ubuntu1.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-common\", ver:\"6.0.24-2ubuntu1.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-docs\", ver:\"6.0.24-2ubuntu1.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-examples\", ver:\"6.0.24-2ubuntu1.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6-user\", ver:\"6.0.24-2ubuntu1.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6\", ver:\"6.0.24-2ubuntu1.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2018-01-06T13:07:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4172", "CVE-2011-0013", "CVE-2010-3718"], "description": "Check for the Version of tomcat6", "modified": "2018-01-04T00:00:00", "published": "2012-06-06T00:00:00", "id": "OPENVAS:870626", "href": "http://plugins.openvas.org/nasl.php?oid=870626", "type": "openvas", "title": "RedHat Update for tomcat6 RHSA-2011:0791-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for tomcat6 RHSA-2011:0791-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Apache Tomcat is a servlet container for the Java Servlet and JavaServer\n Pages (JSP) technologies.\n\n It was found that web applications could modify the location of the Tomcat\n host's work directory. As web applications deployed on Tomcat have read and\n write access to this directory, a malicious web application could use this\n flaw to trick Tomcat into giving it read and write access to an arbitrary\n directory on the file system. (CVE-2010-3718)\n\n A cross-site scripting (XSS) flaw was found in the Manager application,\n used for managing web applications on Tomcat. If a remote attacker could\n trick a user who is logged into the Manager application into visiting a\n specially-crafted URL, the attacker could perform Manager application tasks\n with the privileges of the logged in user. (CVE-2010-4172)\n\n A second cross-site scripting (XSS) flaw was found in the Manager\n application. A malicious web application could use this flaw to conduct an\n XSS attack, leading to arbitrary web script execution with the privileges\n of victims who are logged into and viewing Manager application web pages.\n (CVE-2011-0013)\n\n This update also fixes the following bugs:\n\n * A bug in the "tomcat6" init script prevented additional Tomcat instances\n from starting. As well, running "service tomcat6 start" caused\n configuration options applied from "/etc/sysconfig/tomcat6" to be\n overwritten with those from "/etc/tomcat6/tomcat6.conf". With this update,\n multiple instances of Tomcat run as expected. (BZ#636997)\n\n * The "/usr/share/java/" directory was missing a symbolic link to the\n "/usr/share/tomcat6/bin/tomcat-juli.jar" library. Because this library was\n mandatory for certain operations (such as running the Jasper JSP\n precompiler), the "build-jar-repository" command was unable to compose a\n valid classpath. With this update, the missing symbolic link has been\n added. (BZ#661244)\n\n * Previously, the "tomcat6" init script failed to start Tomcat with a "This\n account is currently not available." message when Tomcat was configured to\n run under a user that did not have a valid shell configured as a login\n shell. This update modifies the init script to work correctly regardless of\n the daemon user's login shell. Additionally, these new tomcat6 packages now\n set "/sbin/nologin" as the login shell for the "tomcat" user upon\n installation, as recommended by deployment best practices. (BZ#678671 ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"tomcat6 on Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2011-May/msg00026.html\");\n script_id(870626);\n script_version(\"$Revision: 8285 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-04 07:29:16 +0100 (Thu, 04 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-06 10:35:19 +0530 (Wed, 06 Jun 2012)\");\n script_cve_id(\"CVE-2010-3718\", \"CVE-2010-4172\", \"CVE-2011-0013\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"RHSA\", value: \"2011:0791-01\");\n script_name(\"RedHat Update for tomcat6 RHSA-2011:0791-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tomcat6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.24~33.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-el-2.1-api\", rpm:\"tomcat6-el-2.1-api~6.0.24~33.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-jsp-2.1-api\", rpm:\"tomcat6-jsp-2.1-api~6.0.24~33.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-lib\", rpm:\"tomcat6-lib~6.0.24~33.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-servlet-2.5-api\", rpm:\"tomcat6-servlet-2.5-api~6.0.24~33.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:38:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4172", "CVE-2011-0013", "CVE-2010-3718"], "description": "The remote host is missing an update for the ", "modified": "2019-03-12T00:00:00", "published": "2012-06-06T00:00:00", "id": "OPENVAS:1361412562310870626", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870626", "type": "openvas", "title": "RedHat Update for tomcat6 RHSA-2011:0791-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for tomcat6 RHSA-2011:0791-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2011-May/msg00026.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870626\");\n script_version(\"$Revision: 14114 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-12 12:48:52 +0100 (Tue, 12 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-06 10:35:19 +0530 (Wed, 06 Jun 2012)\");\n script_cve_id(\"CVE-2010-3718\", \"CVE-2010-4172\", \"CVE-2011-0013\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name:\"RHSA\", value:\"2011:0791-01\");\n script_name(\"RedHat Update for tomcat6 RHSA-2011:0791-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat6'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n script_tag(name:\"affected\", value:\"tomcat6 on Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Apache Tomcat is a servlet container for the Java Servlet and JavaServer\n Pages (JSP) technologies.\n\n It was found that web applications could modify the location of the Tomcat\n host's work directory. As web applications deployed on Tomcat have read and\n write access to this directory, a malicious web application could use this\n flaw to trick Tomcat into giving it read and write access to an arbitrary\n directory on the file system. (CVE-2010-3718)\n\n A cross-site scripting (XSS) flaw was found in the Manager application,\n used for managing web applications on Tomcat. If a remote attacker could\n trick a user who is logged into the Manager application into visiting a\n specially-crafted URL, the attacker could perform Manager application tasks\n with the privileges of the logged in user. (CVE-2010-4172)\n\n A second cross-site scripting (XSS) flaw was found in the Manager\n application. A malicious web application could use this flaw to conduct an\n XSS attack, leading to arbitrary web script execution with the privileges\n of victims who are logged into and viewing Manager application web pages.\n (CVE-2011-0013)\n\n This update also fixes the following bugs:\n\n * A bug in the 'tomcat6' init script prevented additional Tomcat instances\n from starting. As well, running 'service tomcat6 start' caused\n configuration options applied from '/etc/sysconfig/tomcat6' to be\n overwritten with those from '/etc/tomcat6/tomcat6.conf'. With this update,\n multiple instances of Tomcat run as expected. (BZ#636997)\n\n * The '/usr/share/java/' directory was missing a symbolic link to the\n '/usr/share/tomcat6/bin/tomcat-juli.jar' library. Because this library was\n mandatory for certain operations (such as running the Jasper JSP\n precompiler), the 'build-jar-repository' command was unable to compose a\n valid classpath. With this update, the missing symbolic link has been\n added. (BZ#661244)\n\n * Previously, the 'tomcat6' init script failed to start Tomcat with a 'This\n account is currently not available.' message when Tomcat was configured to\n run under a user that did not have a valid shell configured as a login\n shell. This update modifies the init script to work correctly regardless of\n the daemon user's login shell. Additionally, these new tomcat6 packages now\n set '/sbin/nologin' as the login shell for the 'tomcat' user upon\n installation, as recommended by deployment best practices. (BZ#678671 ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.24~33.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-el-2.1-api\", rpm:\"tomcat6-el-2.1-api~6.0.24~33.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-jsp-2.1-api\", rpm:\"tomcat6-jsp-2.1-api~6.0.24~33.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-lib\", rpm:\"tomcat6-lib~6.0.24~33.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-servlet-2.5-api\", rpm:\"tomcat6-servlet-2.5-api~6.0.24~33.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-03-14T19:00:42", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4172", "CVE-2011-0013", "CVE-2010-3718"], "description": "Oracle Linux Local Security Checks ELSA-2011-0791", "modified": "2020-03-13T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310122163", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122163", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2011-0791", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122163\");\n script_version(\"2020-03-13T10:06:41+0000\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:14:06 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 10:06:41 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Oracle Linux Local Check: ELSA-2011-0791\");\n script_tag(name:\"insight\", value:\"ELSA-2011-0791 - tomcat6 security and bug fix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2011-0791\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2011-0791.html\");\n script_cve_id(\"CVE-2010-3718\", \"CVE-2010-4172\", \"CVE-2011-0013\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.24~33.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat6-admin-webapps\", rpm:\"tomcat6-admin-webapps~6.0.24~33.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat6-docs-webapp\", rpm:\"tomcat6-docs-webapp~6.0.24~33.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat6-el-2.1-api\", rpm:\"tomcat6-el-2.1-api~6.0.24~33.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat6-javadoc\", rpm:\"tomcat6-javadoc~6.0.24~33.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat6-jsp-2.1-api\", rpm:\"tomcat6-jsp-2.1-api~6.0.24~33.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat6-lib\", rpm:\"tomcat6-lib~6.0.24~33.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat6-servlet-2.5-api\", rpm:\"tomcat6-servlet-2.5-api~6.0.24~33.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat6-webapps\", rpm:\"tomcat6-webapps~6.0.24~33.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:38:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4312", "CVE-2009-0033", "CVE-2011-1088", "CVE-2010-4172", "CVE-2011-1183", "CVE-2012-0022", "CVE-2009-2693", "CVE-2009-0580", "CVE-2009-0781", "CVE-2008-5515", "CVE-2011-2204", "CVE-2011-1419", "CVE-2011-2526", "CVE-2011-2729", "CVE-2011-1582", "CVE-2010-1157", "CVE-2011-0013", "CVE-2011-4858", "CVE-2011-0534", "CVE-2011-5063", "CVE-2009-2901", "CVE-2011-5062", "CVE-2011-1184", "CVE-2010-2227", "CVE-2009-0783", "CVE-2010-3718", "CVE-2011-3375", "CVE-2011-5064", "CVE-2011-1475", "CVE-2009-2902", "CVE-2011-3190", "CVE-2011-2481"], "description": "The remote host is missing updates announced in\nadvisory GLSA 201206-24.", "modified": "2018-10-12T00:00:00", "published": "2012-08-10T00:00:00", "id": "OPENVAS:136141256231071550", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071550", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201206-24 (apache tomcat)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa_201206_24.nasl 11859 2018-10-12 08:53:01Z cfischer $\n#\n# Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71550\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2008-5515\", \"CVE-2009-0033\", \"CVE-2009-0580\", \"CVE-2009-0781\", \"CVE-2009-0783\", \"CVE-2009-2693\", \"CVE-2009-2901\", \"CVE-2009-2902\", \"CVE-2010-1157\", \"CVE-2010-2227\", \"CVE-2010-3718\", \"CVE-2010-4172\", \"CVE-2010-4312\", \"CVE-2011-0013\", \"CVE-2011-0534\", \"CVE-2011-1088\", \"CVE-2011-1183\", \"CVE-2011-1184\", \"CVE-2011-1419\", \"CVE-2011-1475\", \"CVE-2011-1582\", \"CVE-2011-2204\", \"CVE-2011-2481\", \"CVE-2011-2526\", \"CVE-2011-2729\", \"CVE-2011-3190\", \"CVE-2011-3375\", \"CVE-2011-4858\", \"CVE-2011-5062\", \"CVE-2011-5063\", \"CVE-2011-5064\", \"CVE-2012-0022\");\n script_version(\"$Revision: 11859 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 10:53:01 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-10 03:22:53 -0400 (Fri, 10 Aug 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201206-24 (apache tomcat)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities were found in Apache Tomcat, the worst of\nwhich allowing to read, modify and overwrite arbitrary files.\");\n script_tag(name:\"solution\", value:\"All Apache Tomcat 6.0.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/tomcat-6.0.35'\n\n\nAll Apache Tomcat 7.0.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/tomcat-7.0.23'\");\n\n script_xref(name:\"URL\", value:\"http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201206-24\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=272566\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=273662\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=303719\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=320963\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=329937\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=373987\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=374619\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=382043\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=386213\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=396401\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=399227\");\n script_tag(name:\"summary\", value:\"The remote host is missing updates announced in\nadvisory GLSA 201206-24.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-gentoo.inc\");\ninclude(\"revisions-lib.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"www-servers/tomcat\", unaffected: make_list(\"rge 6.0.35\", \"ge 7.0.23\"), vulnerable: make_list(\"rlt 5.5.34\", \"rlt 6.0.35\", \"lt 7.0.23\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:50:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4312", "CVE-2009-0033", "CVE-2011-1088", "CVE-2010-4172", "CVE-2011-1183", "CVE-2012-0022", "CVE-2009-2693", "CVE-2009-0580", "CVE-2009-0781", "CVE-2008-5515", "CVE-2011-2204", "CVE-2011-1419", "CVE-2011-2526", "CVE-2011-2729", "CVE-2011-1582", "CVE-2010-1157", "CVE-2011-0013", "CVE-2011-4858", "CVE-2011-0534", "CVE-2011-5063", "CVE-2009-2901", "CVE-2011-5062", "CVE-2011-1184", "CVE-2010-2227", "CVE-2009-0783", "CVE-2010-3718", "CVE-2011-3375", "CVE-2011-5064", "CVE-2011-1475", "CVE-2009-2902", "CVE-2011-3190", "CVE-2011-2481"], "description": "The remote host is missing updates announced in\nadvisory GLSA 201206-24.", "modified": "2017-07-07T00:00:00", "published": "2012-08-10T00:00:00", "id": "OPENVAS:71550", "href": "http://plugins.openvas.org/nasl.php?oid=71550", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201206-24 (apache tomcat)", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities were found in Apache Tomcat, the worst of\nwhich allowing to read, modify and overwrite arbitrary files.\";\ntag_solution = \"All Apache Tomcat 6.0.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/tomcat-6.0.35'\n \n\nAll Apache Tomcat 7.0.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/tomcat-7.0.23'\n \n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20201206-24\nhttp://bugs.gentoo.org/show_bug.cgi?id=272566\nhttp://bugs.gentoo.org/show_bug.cgi?id=273662\nhttp://bugs.gentoo.org/show_bug.cgi?id=303719\nhttp://bugs.gentoo.org/show_bug.cgi?id=320963\nhttp://bugs.gentoo.org/show_bug.cgi?id=329937\nhttp://bugs.gentoo.org/show_bug.cgi?id=373987\nhttp://bugs.gentoo.org/show_bug.cgi?id=374619\nhttp://bugs.gentoo.org/show_bug.cgi?id=382043\nhttp://bugs.gentoo.org/show_bug.cgi?id=386213\nhttp://bugs.gentoo.org/show_bug.cgi?id=396401\nhttp://bugs.gentoo.org/show_bug.cgi?id=399227\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 201206-24.\";\n\n \n \nif(description)\n{\n script_id(71550);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2008-5515\", \"CVE-2009-0033\", \"CVE-2009-0580\", \"CVE-2009-0781\", \"CVE-2009-0783\", \"CVE-2009-2693\", \"CVE-2009-2901\", \"CVE-2009-2902\", \"CVE-2010-1157\", \"CVE-2010-2227\", \"CVE-2010-3718\", \"CVE-2010-4172\", \"CVE-2010-4312\", \"CVE-2011-0013\", \"CVE-2011-0534\", \"CVE-2011-1088\", \"CVE-2011-1183\", \"CVE-2011-1184\", \"CVE-2011-1419\", \"CVE-2011-1475\", \"CVE-2011-1582\", \"CVE-2011-2204\", \"CVE-2011-2481\", \"CVE-2011-2526\", \"CVE-2011-2729\", \"CVE-2011-3190\", \"CVE-2011-3375\", \"CVE-2011-4858\", \"CVE-2011-5062\", \"CVE-2011-5063\", \"CVE-2011-5064\", \"CVE-2012-0022\");\n script_version(\"$Revision: 6589 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 10:27:50 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-10 03:22:53 -0400 (Fri, 10 Aug 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201206-24 (apache tomcat)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"www-servers/tomcat\", unaffected: make_list(\"rge 6.0.35\", \"ge 7.0.23\"), vulnerable: make_list(\"rlt 5.5.34\", \"rlt 6.0.35\", \"lt 7.0.23\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-09-04T14:19:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0187", "CVE-2011-0421", "CVE-2011-1467", "CVE-2011-1153", "CVE-2011-1471", "CVE-2011-3221", "CVE-2011-3227", "CVE-2011-0259", "CVE-2011-3216", "CVE-2011-3246", "CVE-2011-1466", "CVE-2011-3435", "CVE-2011-3222", "CVE-2011-0229", "CVE-2011-1521", "CVE-2010-4172", "CVE-2011-0419", "CVE-2011-1092", "CVE-2011-0252", "CVE-2011-3223", "CVE-2011-0185", "CVE-2011-1755", "CVE-2011-3220", "CVE-2011-0224", "CVE-2011-2464", "CVE-2010-4645", "CVE-2011-3214", "CVE-2010-3436", "CVE-2010-1157", "CVE-2011-0013", "CVE-2011-0708", "CVE-2011-3228", "CVE-2011-0249", "CVE-2011-0231", "CVE-2011-0534", "CVE-2011-3437", "CVE-2011-2691", "CVE-2011-1468", "CVE-2011-0420", "CVE-2010-2089", "CVE-2011-3224", "CVE-2011-0226", "CVE-2011-1470", "CVE-2011-3192", "CVE-2011-3219", "CVE-2011-3436", "CVE-2011-3225", "CVE-2011-3215", "CVE-2011-0260", "CVE-2011-2692", "CVE-2010-2227", "CVE-2011-1469", "CVE-2011-3218", "CVE-2010-3614", "CVE-2011-3213", "CVE-2010-3718", "CVE-2011-0250", "CVE-2011-3217", "CVE-2010-3613", "CVE-2010-1634", "CVE-2010-0097", "CVE-2011-0251", "CVE-2011-0707", "CVE-2011-0230", "CVE-2011-3226", "CVE-2011-2690", "CVE-2011-0411", "CVE-2011-3212", "CVE-2009-4022", "CVE-2011-1910"], "description": "This host is missing an important security update according to\n Mac OS X 10.6.8 Update/Mac OS X Security Update 2011-006.", "modified": "2017-08-31T00:00:00", "published": "2011-10-20T00:00:00", "id": "OPENVAS:802336", "href": "http://plugins.openvas.org/nasl.php?oid=802336", "type": "openvas", "title": "Mac OS X v10.6.8 Multiple Vulnerabilities (2011-006)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_macosx_su11-006.nasl 7029 2017-08-31 11:51:40Z teissa $\n#\n# Mac OS X v10.6.8 Multiple Vulnerabilities (2011-006)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation could allow attackers to execute arbitrary code in\n the context of the browser, inject scripts, bypass certain security\n restrictions or cause a denial of service condition.\n Impact Level: System/Application\";\ntag_affected = \"Apache, Application Firewall, ATS, BIND, Certificate Trust Policy, CFNetwork,\n CoreFoundation, CoreMedia, CoreProcesses, CoreStorage, File Systems,\n iChat Server, IOGraphics, Kernel, libsecurity, Mailman, MediaKit,\n Open Directory, PHP, postfix, python, QuickTime, SMB File Server, Tomcat,\n User Documentation, Web Server and X11.\";\ntag_insight = \"For more information on the vulnerabilities refer to the links below.\";\ntag_solution = \"Run Mac Updates and update the Security Update 2011-006\n For updates refer to http://support.apple.com/kb/HT1222\";\ntag_summary = \"This host is missing an important security update according to\n Mac OS X 10.6.8 Update/Mac OS X Security Update 2011-006.\";\n\nif(description)\n{\n script_id(802336);\n script_version(\"$Revision: 7029 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-08-31 13:51:40 +0200 (Thu, 31 Aug 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-20 08:43:23 +0200 (Thu, 20 Oct 2011)\");\n script_cve_id(\"CVE-2011-0419\", \"CVE-2011-3192\", \"CVE-2011-0185\", \"CVE-2011-3437\",\n \"CVE-2011-0229\", \"CVE-2011-0230\", \"CVE-2011-1910\", \"CVE-2011-2464\",\n \"CVE-2009-4022\", \"CVE-2010-0097\", \"CVE-2010-3613\", \"CVE-2010-3614\",\n \"CVE-2011-0231\", \"CVE-2011-3246\", \"CVE-2011-0259\", \"CVE-2011-0187\",\n \"CVE-2011-0224\", \"CVE-2011-0260\", \"CVE-2011-3212\", \"CVE-2011-3213\",\n \"CVE-2011-3214\", \"CVE-2011-1755\", \"CVE-2011-3215\", \"CVE-2011-3216\",\n \"CVE-2011-3227\", \"CVE-2011-0707\", \"CVE-2011-3217\", \"CVE-2011-3435\",\n \"CVE-2010-3436\", \"CVE-2010-4645\", \"CVE-2011-0420\", \"CVE-2011-0421\",\n \"CVE-2011-0708\", \"CVE-2011-1092\", \"CVE-2011-1153\", \"CVE-2011-1466\",\n \"CVE-2011-1467\", \"CVE-2011-1468\", \"CVE-2011-1469\", \"CVE-2011-1470\",\n \"CVE-2011-1471\", \"CVE-2011-0411\", \"CVE-2010-1634\", \"CVE-2010-2089\",\n \"CVE-2011-1521\", \"CVE-2011-3228\", \"CVE-2011-0249\", \"CVE-2011-0250\",\n \"CVE-2011-0251\", \"CVE-2011-0252\", \"CVE-2011-3218\", \"CVE-2011-3219\",\n \"CVE-2011-3220\", \"CVE-2011-3221\", \"CVE-2011-3222\", \"CVE-2011-3223\",\n \"CVE-2011-3225\", \"CVE-2010-1157\", \"CVE-2010-2227\", \"CVE-2010-3718\",\n \"CVE-2010-4172\", \"CVE-2011-0013\", \"CVE-2011-0534\", \"CVE-2011-3224\",\n \"CVE-2011-2690\", \"CVE-2011-2691\", \"CVE-2011-2692\", \"CVE-2011-3436\",\n \"CVE-2011-3226\", \"CVE-2011-0226\");\n script_bugtraq_id(47820, 49303, 50092, 50112, 50091, 50099, 48007, 48566, 37118,\n 37865, 45133, 45137, 50098, 50115, 50067, 46992, 50095, 50120,\n 50109, 50116, 50111, 48250, 50113, 50121, 50129, 46464, 50117,\n 50114, 50146, 50153, 48619, 48660, 48618, 44723, 45668, 46429,\n 46354, 46365, 46786, 46854, 46967, 46968, 46977, 46970, 46969,\n 46975, 46767, 40370, 40863, 47024, 50127, 48993, 49038, 50122,\n 50068, 50130, 50131, 50100, 50101, 50144, 39635, 41544, 46177,\n 45015, 46174, 46164, 50150);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Mac OS X v10.6.8 Multiple Vulnerabilities (2011-006)\");\n script_xref(name : \"URL\" , value : \"http://support.apple.com/kb/HT1222\");\n script_xref(name : \"URL\" , value : \"http://support.apple.com/kb/HT5000\");\n script_xref(name : \"URL\" , value : \"http://support.apple.com/kb/HT5002\");\n script_xref(name : \"URL\" , value : \"http://lists.apple.com/archives/security-announce//2011//Oct//msg00003.html\");\n\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\ninclude(\"pkg-lib-macosx.inc\");\n\n## Get the OS name\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName){\n exit (0);\n}\n\n## Get the OS Version\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer){\n exit(0);\n}\n\n## Check for the Mac OS X and Mac OS X Server\nif(\"Mac OS X\" >< osName)\n{\n ## Check the affected OS versions\n if(version_is_equal(version:osVer, test_version:\"10.6.8\"))\n {\n ## Check for the security update 2011.006\n if(isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2011.006\"))\n {\n security_message(0);\n exit(0);\n }\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-04-27T19:22:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0187", "CVE-2011-0421", "CVE-2011-1467", "CVE-2011-1153", "CVE-2011-1471", "CVE-2011-3221", "CVE-2011-3227", "CVE-2011-0259", "CVE-2011-3216", "CVE-2011-3246", "CVE-2011-1466", "CVE-2011-3435", "CVE-2011-3222", "CVE-2011-0229", "CVE-2011-1521", "CVE-2010-4172", "CVE-2011-0419", "CVE-2011-1092", "CVE-2011-0252", "CVE-2011-3223", "CVE-2011-0185", "CVE-2011-1755", "CVE-2011-3220", "CVE-2011-0224", "CVE-2011-2464", "CVE-2010-4645", "CVE-2011-3214", "CVE-2010-3436", "CVE-2010-1157", "CVE-2011-0013", "CVE-2011-0708", "CVE-2011-3228", "CVE-2011-0249", "CVE-2011-0231", "CVE-2011-0534", "CVE-2011-3437", "CVE-2011-2691", "CVE-2011-1468", "CVE-2011-0420", "CVE-2010-2089", "CVE-2011-3224", "CVE-2011-0226", "CVE-2011-1470", "CVE-2011-3192", "CVE-2011-3219", "CVE-2011-3436", "CVE-2011-3225", "CVE-2011-3215", "CVE-2011-0260", "CVE-2011-2692", "CVE-2010-2227", "CVE-2011-1469", "CVE-2011-3218", "CVE-2010-3614", "CVE-2011-3213", "CVE-2010-3718", "CVE-2011-0250", "CVE-2011-3217", "CVE-2010-3613", "CVE-2010-1634", "CVE-2010-0097", "CVE-2011-0251", "CVE-2011-0707", "CVE-2011-0230", "CVE-2011-3226", "CVE-2011-2690", "CVE-2011-0411", "CVE-2011-3212", "CVE-2009-4022", "CVE-2011-1910"], "description": "This host is missing an important security update according to\n Mac OS X 10.6.8 Update/Mac OS X Security Update 2011-006.", "modified": "2020-04-23T00:00:00", "published": "2011-10-20T00:00:00", "id": "OPENVAS:1361412562310802336", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802336", "type": "openvas", "title": "Mac OS X v10.6.8 Multiple Vulnerabilities (2011-006)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mac OS X v10.6.8 Multiple Vulnerabilities (2011-006)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802336\");\n script_version(\"2020-04-23T08:43:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-23 08:43:39 +0000 (Thu, 23 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2011-10-20 08:43:23 +0200 (Thu, 20 Oct 2011)\");\n script_cve_id(\"CVE-2011-0419\", \"CVE-2011-3192\", \"CVE-2011-0185\", \"CVE-2011-3437\",\n \"CVE-2011-0229\", \"CVE-2011-0230\", \"CVE-2011-1910\", \"CVE-2011-2464\",\n \"CVE-2009-4022\", \"CVE-2010-0097\", \"CVE-2010-3613\", \"CVE-2010-3614\",\n \"CVE-2011-0231\", \"CVE-2011-3246\", \"CVE-2011-0259\", \"CVE-2011-0187\",\n \"CVE-2011-0224\", \"CVE-2011-0260\", \"CVE-2011-3212\", \"CVE-2011-3213\",\n \"CVE-2011-3214\", \"CVE-2011-1755\", \"CVE-2011-3215\", \"CVE-2011-3216\",\n \"CVE-2011-3227\", \"CVE-2011-0707\", \"CVE-2011-3217\", \"CVE-2011-3435\",\n \"CVE-2010-3436\", \"CVE-2010-4645\", \"CVE-2011-0420\", \"CVE-2011-0421\",\n \"CVE-2011-0708\", \"CVE-2011-1092\", \"CVE-2011-1153\", \"CVE-2011-1466\",\n \"CVE-2011-1467\", \"CVE-2011-1468\", \"CVE-2011-1469\", \"CVE-2011-1470\",\n \"CVE-2011-1471\", \"CVE-2011-0411\", \"CVE-2010-1634\", \"CVE-2010-2089\",\n \"CVE-2011-1521\", \"CVE-2011-3228\", \"CVE-2011-0249\", \"CVE-2011-0250\",\n \"CVE-2011-0251\", \"CVE-2011-0252\", \"CVE-2011-3218\", \"CVE-2011-3219\",\n \"CVE-2011-3220\", \"CVE-2011-3221\", \"CVE-2011-3222\", \"CVE-2011-3223\",\n \"CVE-2011-3225\", \"CVE-2010-1157\", \"CVE-2010-2227\", \"CVE-2010-3718\",\n \"CVE-2010-4172\", \"CVE-2011-0013\", \"CVE-2011-0534\", \"CVE-2011-3224\",\n \"CVE-2011-2690\", \"CVE-2011-2691\", \"CVE-2011-2692\", \"CVE-2011-3436\",\n \"CVE-2011-3226\", \"CVE-2011-0226\");\n script_bugtraq_id(47820, 49303, 50092, 50112, 50091, 50099, 48007, 48566, 37118,\n 37865, 45133, 45137, 50098, 50115, 50067, 46992, 50095, 50120,\n 50109, 50116, 50111, 48250, 50113, 50121, 50129, 46464, 50117,\n 50114, 50146, 50153, 48619, 48660, 48618, 44723, 45668, 46429,\n 46354, 46365, 46786, 46854, 46967, 46968, 46977, 46970, 46969,\n 46975, 46767, 40370, 40863, 47024, 50127, 48993, 49038, 50122,\n 50068, 50130, 50131, 50100, 50101, 50144, 39635, 41544, 46177,\n 45015, 46174, 46164, 50150);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Mac OS X v10.6.8 Multiple Vulnerabilities (2011-006)\");\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT1222\");\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT5000\");\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT5002\");\n script_xref(name:\"URL\", value:\"http://lists.apple.com/archives/security-announce//2011//Oct//msg00003.html\");\n\n script_copyright(\"Copyright (C) 2011 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.6\\.8\");\n script_tag(name:\"impact\", value:\"Successful exploitation could allow attackers to execute arbitrary code in\n the context of the browser, inject scripts, bypass certain security\n restrictions or cause a denial of service condition.\");\n script_tag(name:\"affected\", value:\"Apache, Application Firewall, ATS, BIND, Certificate Trust Policy, CFNetwork,\n CoreFoundation, CoreMedia, CoreProcesses, CoreStorage, File Systems,\n iChat Server, IOGraphics, Kernel, libsecurity, Mailman, MediaKit,\n Open Directory, PHP, postfix, python, QuickTime, SMB File Server, Tomcat,\n User Documentation, Web Server and X11.\");\n script_tag(name:\"insight\", value:\"Please see the references for more information on the vulnerabilities.\");\n script_tag(name:\"solution\", value:\"Run Mac Updates and update the Security Update 2011-006\");\n script_tag(name:\"summary\", value:\"This host is missing an important security update according to\n Mac OS X 10.6.8 Update/Mac OS X Security Update 2011-006.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"pkg-lib-macosx.inc\");\n\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName)\n exit(0);\n\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer)\n exit(0);\n\nif(\"Mac OS X\" >< osName)\n{\n if(version_is_equal(version:osVer, test_version:\"10.6.8\"))\n {\n if(isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2011.006\"))\n {\n report = report_fixed_ver(installed_version:osVer, vulnerable_range:\"Equal to 10.6.8\");\n security_message(port:0, data:report);\n exit(0);\n }\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "exploitdb": [{"lastseen": "2016-02-04T00:24:55", "description": "Apache Tomcat 7.0.4 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities. CVE-2010-4172 . Remote exploit for linux platform", "published": "2010-11-22T00:00:00", "type": "exploitdb", "title": "Apache Tomcat <= 7.0.4 - 'sort' and 'orderBy' Parameters Cross-Site Scripting Vulnerabilities", "bulletinFamily": "exploit", "cvelist": ["CVE-2010-4172"], "modified": "2010-11-22T00:00:00", "id": "EDB-ID:35011", "href": "https://www.exploit-db.com/exploits/35011/", "sourceData": "source: http://www.securityfocus.com/bid/45015/info\r\n\r\nApache Tomcat is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.\r\n\r\nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. \r\n\r\nhttp:/www.example.com/html/sessions?path=/&sort=[xss] ", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/35011/"}], "nessus": [{"lastseen": "2021-01-01T06:34:16", "description": "It was discovered that Tomcat did not properly escape certain\nparameters in the Manager application which could result in browsers\nbecoming vulnerable to cross-site scripting attacks when processing\nthe output. With cross-site scripting vulnerabilities, if a user were\ntricked into viewing server output during a crafted server request, a\nremote attacker could exploit this to modify the contents, or steal\nconfidential data (such as passwords), within the same domain.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2011-01-25T00:00:00", "title": "Ubuntu 9.10 / 10.04 LTS / 10.10 : tomcat6 vulnerability (USN-1048-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4172"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:tomcat6-examples", "p-cpe:/a:canonical:ubuntu_linux:tomcat6-admin", "p-cpe:/a:canonical:ubuntu_linux:tomcat6", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:10.10", "cpe:/o:canonical:ubuntu_linux:9.10", "p-cpe:/a:canonical:ubuntu_linux:tomcat6-user", "p-cpe:/a:canonical:ubuntu_linux:libservlet2.5-java-doc", "p-cpe:/a:canonical:ubuntu_linux:tomcat6-common", "p-cpe:/a:canonical:ubuntu_linux:tomcat6-docs", "p-cpe:/a:canonical:ubuntu_linux:libservlet2.5-java", "p-cpe:/a:canonical:ubuntu_linux:libtomcat6-java"], "id": "UBUNTU_USN-1048-1.NASL", "href": "https://www.tenable.com/plugins/nessus/51669", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1048-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(51669);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/09/19 12:54:26\");\n\n script_cve_id(\"CVE-2010-4172\");\n script_bugtraq_id(45015);\n script_xref(name:\"USN\", value:\"1048-1\");\n\n script_name(english:\"Ubuntu 9.10 / 10.04 LTS / 10.10 : tomcat6 vulnerability (USN-1048-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that Tomcat did not properly escape certain\nparameters in the Manager application which could result in browsers\nbecoming vulnerable to cross-site scripting attacks when processing\nthe output. With cross-site scripting vulnerabilities, if a user were\ntricked into viewing server output during a crafted server request, a\nremote attacker could exploit this to modify the contents, or steal\nconfidential data (such as passwords), within the same domain.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1048-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libservlet2.5-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libservlet2.5-java-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libtomcat6-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:tomcat6-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:tomcat6-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:tomcat6-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:tomcat6-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:tomcat6-user\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/11/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/01/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(9\\.10|10\\.04|10\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 9.10 / 10.04 / 10.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libservlet2.5-java\", pkgver:\"6.0.20-2ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libservlet2.5-java-doc\", pkgver:\"6.0.20-2ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libtomcat6-java\", pkgver:\"6.0.20-2ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"tomcat6\", pkgver:\"6.0.20-2ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"tomcat6-admin\", pkgver:\"6.0.20-2ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"tomcat6-common\", pkgver:\"6.0.20-2ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"tomcat6-docs\", pkgver:\"6.0.20-2ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"tomcat6-examples\", pkgver:\"6.0.20-2ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"tomcat6-user\", pkgver:\"6.0.20-2ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libservlet2.5-java\", pkgver:\"6.0.24-2ubuntu1.6\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libservlet2.5-java-doc\", pkgver:\"6.0.24-2ubuntu1.6\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libtomcat6-java\", pkgver:\"6.0.24-2ubuntu1.6\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"tomcat6\", pkgver:\"6.0.24-2ubuntu1.6\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"tomcat6-admin\", pkgver:\"6.0.24-2ubuntu1.6\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"tomcat6-common\", pkgver:\"6.0.24-2ubuntu1.6\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"tomcat6-docs\", pkgver:\"6.0.24-2ubuntu1.6\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"tomcat6-examples\", pkgver:\"6.0.24-2ubuntu1.6\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"tomcat6-user\", pkgver:\"6.0.24-2ubuntu1.6\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libservlet2.5-java\", pkgver:\"6.0.28-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libservlet2.5-java-doc\", pkgver:\"6.0.28-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libtomcat6-java\", pkgver:\"6.0.28-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"tomcat6\", pkgver:\"6.0.28-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"tomcat6-admin\", pkgver:\"6.0.28-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"tomcat6-common\", pkgver:\"6.0.28-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"tomcat6-docs\", pkgver:\"6.0.28-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"tomcat6-examples\", pkgver:\"6.0.28-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"tomcat6-user\", pkgver:\"6.0.28-2ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libservlet2.5-java / libservlet2.5-java-doc / libtomcat6-java / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-17T14:06:42", "description": "This update fixes a cross-site scripting vulnerability that affects\nthe session list screen. This can be used to steal session cookies\nbecause tomcat 6 does not use the httpOnly flag for its cookies.\n(CVE-2010-4172)", "edition": 24, "published": "2011-05-05T00:00:00", "title": "openSUSE Security Update : tomcat6 (openSUSE-SU-2011:0082-2)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4172"], "modified": "2011-05-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:tomcat6-jsp-2_1-api", "p-cpe:/a:novell:opensuse:tomcat6-javadoc", "p-cpe:/a:novell:opensuse:tomcat6", "cpe:/o:novell:opensuse:11.2", "p-cpe:/a:novell:opensuse:tomcat6-webapps", "p-cpe:/a:novell:opensuse:tomcat6-lib", "p-cpe:/a:novell:opensuse:tomcat6-admin-webapps", "p-cpe:/a:novell:opensuse:tomcat6-servlet-2_5-api", "p-cpe:/a:novell:opensuse:tomcat6-docs-webapp"], "id": "SUSE_11_2_TOMCAT6-110202.NASL", "href": "https://www.tenable.com/plugins/nessus/53806", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update tomcat6-3907.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53806);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-4172\");\n\n script_name(english:\"openSUSE Security Update : tomcat6 (openSUSE-SU-2011:0082-2)\");\n script_summary(english:\"Check for the tomcat6-3907 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes a cross-site scripting vulnerability that affects\nthe session list screen. This can be used to steal session cookies\nbecause tomcat 6 does not use the httpOnly flag for its cookies.\n(CVE-2010-4172)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=655440\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-02/msg00001.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat6 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-jsp-2_1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-servlet-2_5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"tomcat6-6.0.20-24.31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"tomcat6-admin-webapps-6.0.20-24.31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"tomcat6-docs-webapp-6.0.20-24.31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"tomcat6-javadoc-6.0.20-24.31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"tomcat6-jsp-2_1-api-6.0.20-24.31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"tomcat6-lib-6.0.20-24.31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"tomcat6-servlet-2_5-api-6.0.20-24.31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"tomcat6-webapps-6.0.20-24.31.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-17T14:06:42", "description": "This update fixes a cross-site scripting vulnerability that affects\nthe session list screen. This can be used to steal session cookies\nbecause tomcat 6 does not use the httpOnly flag for its cookies.\n(CVE-2010-4172)", "edition": 24, "published": "2011-05-05T00:00:00", "title": "openSUSE Security Update : tomcat6 (openSUSE-SU-2011:0082-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4172"], "modified": "2011-05-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:tomcat6-jsp-2_1-api", "p-cpe:/a:novell:opensuse:tomcat6-javadoc", "p-cpe:/a:novell:opensuse:tomcat6", "cpe:/o:novell:opensuse:11.2", "p-cpe:/a:novell:opensuse:tomcat6-webapps", "p-cpe:/a:novell:opensuse:tomcat6-lib", "p-cpe:/a:novell:opensuse:tomcat6-admin-webapps", "p-cpe:/a:novell:opensuse:tomcat6-servlet-2_5-api", "p-cpe:/a:novell:opensuse:tomcat6-docs-webapp"], "id": "SUSE_11_2_TOMCAT6-110118.NASL", "href": "https://www.tenable.com/plugins/nessus/53805", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update tomcat6-3849.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53805);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-4172\");\n\n script_name(english:\"openSUSE Security Update : tomcat6 (openSUSE-SU-2011:0082-1)\");\n script_summary(english:\"Check for the tomcat6-3849 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes a cross-site scripting vulnerability that affects\nthe session list screen. This can be used to steal session cookies\nbecause tomcat 6 does not use the httpOnly flag for its cookies.\n(CVE-2010-4172)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=655440\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-01/msg00031.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat6 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-jsp-2_1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-servlet-2_5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/01/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"tomcat6-6.0.20-24.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"tomcat6-admin-webapps-6.0.20-24.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"tomcat6-docs-webapp-6.0.20-24.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"tomcat6-javadoc-6.0.20-24.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"tomcat6-jsp-2_1-api-6.0.20-24.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"tomcat6-lib-6.0.20-24.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"tomcat6-servlet-2_5-api-6.0.20-24.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"tomcat6-webapps-6.0.20-24.27.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-17T14:08:20", "description": "This update fixes a cross-site scripting vulnerability that affects\nthe session list screen. This can be used to steal session cookies\nbecause tomcat 6 does not use the httpOnly flag for its cookies.\n(CVE-2010-4172)", "edition": 24, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : tomcat6 (openSUSE-SU-2011:0082-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4172"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:tomcat6-jsp-2_1-api", "p-cpe:/a:novell:opensuse:tomcat6-javadoc", "p-cpe:/a:novell:opensuse:tomcat6", "p-cpe:/a:novell:opensuse:tomcat6-webapps", "p-cpe:/a:novell:opensuse:tomcat6-lib", "cpe:/o:novell:opensuse:11.3", "p-cpe:/a:novell:opensuse:tomcat6-el-1_0-api", "p-cpe:/a:novell:opensuse:tomcat6-admin-webapps", "p-cpe:/a:novell:opensuse:tomcat6-servlet-2_5-api", "p-cpe:/a:novell:opensuse:tomcat6-docs-webapp"], "id": "SUSE_11_3_TOMCAT6-110118.NASL", "href": "https://www.tenable.com/plugins/nessus/75760", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update tomcat6-3849.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75760);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-4172\");\n\n script_name(english:\"openSUSE Security Update : tomcat6 (openSUSE-SU-2011:0082-1)\");\n script_summary(english:\"Check for the tomcat6-3849 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes a cross-site scripting vulnerability that affects\nthe session list screen. This can be used to steal session cookies\nbecause tomcat 6 does not use the httpOnly flag for its cookies.\n(CVE-2010-4172)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=655440\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-01/msg00031.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat6 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-el-1_0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-jsp-2_1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-servlet-2_5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/01/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"tomcat6-6.0.24-5.8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"tomcat6-admin-webapps-6.0.24-5.8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"tomcat6-docs-webapp-6.0.24-5.8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"tomcat6-el-1_0-api-6.0.24-5.8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"tomcat6-javadoc-6.0.24-5.8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"tomcat6-jsp-2_1-api-6.0.24-5.8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"tomcat6-lib-6.0.24-5.8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"tomcat6-servlet-2_5-api-6.0.24-5.8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"tomcat6-webapps-6.0.24-5.8.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-17T13:09:15", "description": "Updated tomcat6 packages that fix three security issues and several\nbugs are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nIt was found that web applications could modify the location of the\nTomcat host's work directory. As web applications deployed on Tomcat\nhave read and write access to this directory, a malicious web\napplication could use this flaw to trick Tomcat into giving it read\nand write access to an arbitrary directory on the file system.\n(CVE-2010-3718)\n\nA cross-site scripting (XSS) flaw was found in the Manager\napplication, used for managing web applications on Tomcat. If a remote\nattacker could trick a user who is logged into the Manager application\ninto visiting a specially crafted URL, the attacker could perform\nManager application tasks with the privileges of the logged in user.\n(CVE-2010-4172)\n\nA second cross-site scripting (XSS) flaw was found in the Manager\napplication. A malicious web application could use this flaw to\nconduct an XSS attack, leading to arbitrary web script execution with\nthe privileges of victims who are logged into and viewing Manager\napplication web pages. (CVE-2011-0013)\n\nThis update also fixes the following bugs :\n\n* A bug in the 'tomcat6' init script prevented additional Tomcat\ninstances from starting. As well, running 'service tomcat6 start'\ncaused configuration options applied from '/etc/sysconfig/tomcat6' to\nbe overwritten with those from '/etc/tomcat6/tomcat6.conf'. With this\nupdate, multiple instances of Tomcat run as expected. (BZ#636997)\n\n* The '/usr/share/java/' directory was missing a symbolic link to the\n'/usr/share/tomcat6/bin/tomcat-juli.jar' library. Because this library\nwas mandatory for certain operations (such as running the Jasper JSP\nprecompiler), the 'build-jar-repository' command was unable to compose\na valid classpath. With this update, the missing symbolic link has\nbeen added. (BZ#661244)\n\n* Previously, the 'tomcat6' init script failed to start Tomcat with a\n'This account is currently not available.' message when Tomcat was\nconfigured to run under a user that did not have a valid shell\nconfigured as a login shell. This update modifies the init script to\nwork correctly regardless of the daemon user's login shell.\nAdditionally, these new tomcat6 packages now set '/sbin/nologin' as\nthe login shell for the 'tomcat' user upon installation, as\nrecommended by deployment best practices. (BZ#678671)\n\n* Some standard Tomcat directories were missing write permissions for\nthe 'tomcat' group, which could cause certain applications to fail\nwith errors such as 'No output folder'. This update adds write\npermissions for the 'tomcat' group to the affected directories.\n(BZ#643809)\n\n* The '/usr/sbin/tomcat6' wrapper script used a hard-coded path to the\n'catalina.out' file, which may have caused problems (such as for\nlogging init script output) if Tomcat was being run with a user other\nthan 'tomcat' and with CATALINA_BASE set to a directory other than the\ndefault. (BZ#695284, BZ#697504)\n\n* Stopping Tomcat could have resulted in traceback errors being logged\nto 'catalina.out' when certain web applications were deployed.\n(BZ#698624)\n\nUsers of Tomcat should upgrade to these updated packages, which\ncontain backported patches to correct these issues. Tomcat must be\nrestarted for this update to take effect.", "edition": 28, "published": "2011-05-20T00:00:00", "title": "RHEL 6 : tomcat6 (RHSA-2011:0791)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4172", "CVE-2011-0013", "CVE-2010-3718"], "modified": "2011-05-20T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:tomcat6", "p-cpe:/a:redhat:enterprise_linux:tomcat6-docs-webapp", "p-cpe:/a:redhat:enterprise_linux:tomcat6-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat6-servlet-2.5-api", "p-cpe:/a:redhat:enterprise_linux:tomcat6-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat6-el-2.1-api", "p-cpe:/a:redhat:enterprise_linux:tomcat6-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat6-lib", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:tomcat6-jsp-2.1-api"], "id": "REDHAT-RHSA-2011-0791.NASL", "href": "https://www.tenable.com/plugins/nessus/54601", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:0791. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(54601);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-3718\", \"CVE-2010-4172\", \"CVE-2011-0013\");\n script_bugtraq_id(45015, 46174, 46177);\n script_xref(name:\"RHSA\", value:\"2011:0791\");\n\n script_name(english:\"RHEL 6 : tomcat6 (RHSA-2011:0791)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated tomcat6 packages that fix three security issues and several\nbugs are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nIt was found that web applications could modify the location of the\nTomcat host's work directory. As web applications deployed on Tomcat\nhave read and write access to this directory, a malicious web\napplication could use this flaw to trick Tomcat into giving it read\nand write access to an arbitrary directory on the file system.\n(CVE-2010-3718)\n\nA cross-site scripting (XSS) flaw was found in the Manager\napplication, used for managing web applications on Tomcat. If a remote\nattacker could trick a user who is logged into the Manager application\ninto visiting a specially crafted URL, the attacker could perform\nManager application tasks with the privileges of the logged in user.\n(CVE-2010-4172)\n\nA second cross-site scripting (XSS) flaw was found in the Manager\napplication. A malicious web application could use this flaw to\nconduct an XSS attack, leading to arbitrary web script execution with\nthe privileges of victims who are logged into and viewing Manager\napplication web pages. (CVE-2011-0013)\n\nThis update also fixes the following bugs :\n\n* A bug in the 'tomcat6' init script prevented additional Tomcat\ninstances from starting. As well, running 'service tomcat6 start'\ncaused configuration options applied from '/etc/sysconfig/tomcat6' to\nbe overwritten with those from '/etc/tomcat6/tomcat6.conf'. With this\nupdate, multiple instances of Tomcat run as expected. (BZ#636997)\n\n* The '/usr/share/java/' directory was missing a symbolic link to the\n'/usr/share/tomcat6/bin/tomcat-juli.jar' library. Because this library\nwas mandatory for certain operations (such as running the Jasper JSP\nprecompiler), the 'build-jar-repository' command was unable to compose\na valid classpath. With this update, the missing symbolic link has\nbeen added. (BZ#661244)\n\n* Previously, the 'tomcat6' init script failed to start Tomcat with a\n'This account is currently not available.' message when Tomcat was\nconfigured to run under a user that did not have a valid shell\nconfigured as a login shell. This update modifies the init script to\nwork correctly regardless of the daemon user's login shell.\nAdditionally, these new tomcat6 packages now set '/sbin/nologin' as\nthe login shell for the 'tomcat' user upon installation, as\nrecommended by deployment best practices. (BZ#678671)\n\n* Some standard Tomcat directories were missing write permissions for\nthe 'tomcat' group, which could cause certain applications to fail\nwith errors such as 'No output folder'. This update adds write\npermissions for the 'tomcat' group to the affected directories.\n(BZ#643809)\n\n* The '/usr/sbin/tomcat6' wrapper script used a hard-coded path to the\n'catalina.out' file, which may have caused problems (such as for\nlogging init script output) if Tomcat was being run with a user other\nthan 'tomcat' and with CATALINA_BASE set to a directory other than the\ndefault. (BZ#695284, BZ#697504)\n\n* Stopping Tomcat could have resulted in traceback errors being logged\nto 'catalina.out' when certain web applications were deployed.\n(BZ#698624)\n\nUsers of Tomcat should upgrade to these updated packages, which\ncontain backported patches to correct these issues. Tomcat must be\nrestarted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3718\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4172\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0013\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://tomcat.apache.org/security-6.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:0791\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/11/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:0791\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-6.0.24-33.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-admin-webapps-6.0.24-33.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-docs-webapp-6.0.24-33.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-el-2.1-api-6.0.24-33.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-javadoc-6.0.24-33.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-jsp-2.1-api-6.0.24-33.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-lib-6.0.24-33.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-servlet-2.5-api-6.0.24-33.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-webapps-6.0.24-33.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n }\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-17T13:45:41", "description": "Apache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nIt was found that web applications could modify the location of the\nTomcat host's work directory. As web applications deployed on Tomcat\nhave read and write access to this directory, a malicious web\napplication could use this flaw to trick Tomcat into giving it read\nand write access to an arbitrary directory on the file system.\n(CVE-2010-3718)\n\nA cross-site scripting (XSS) flaw was found in the Manager\napplication, used for managing web applications on Tomcat. If a remote\nattacker could trick a user who is logged into the Manager application\ninto visiting a specially crafted URL, the attacker could perform\nManager application tasks with the privileges of the logged in user.\n(CVE-2010-4172)\n\nA second cross-site scripting (XSS) flaw was found in the Manager\napplication. A malicious web application could use this flaw to\nconduct an XSS attack, leading to arbitrary web script execution with\nthe privileges of victims who are logged into and viewing Manager\napplication web pages. (CVE-2011-0013)\n\nThis update also fixes the following bugs :\n\n - A bug in the 'tomcat6' init script prevented additional\n Tomcat instances from starting. As well, running\n 'service tomcat6 start' caused configuration options\n applied from '/etc/sysconfig/tomcat6' to be overwritten\n with those from '/etc/tomcat6/tomcat6.conf'. With this\n update, multiple instances of Tomcat run as expected.\n (BZ#636997)\n\n - The '/usr/share/java/' directory was missing a symbolic\n link to the '/usr/share/tomcat6/bin/tomcat-juli.jar'\n library. Because this library was mandatory for certain\n operations (such as running the Jasper JSP precompiler),\n the 'build-jar-repository' command was unable to compose\n a valid classpath. With this update, the missing\n symbolic link has been added. (BZ#661244)\n\n - Previously, the 'tomcat6' init script failed to start\n Tomcat with a 'This account is currently not available.'\n message when Tomcat was configured to run under a user\n that did not have a valid shell configured as a login\n shell. This update modifies the init script to work\n correctly regardless of the daemon user's login shell.\n Additionally, these new tomcat6 packages now set\n '/sbin/nologin' as the login shell for the 'tomcat' user\n upon installation, as recommended by deployment best\n practices. (BZ#678671)\n\n - Some standard Tomcat directories were missing write\n permissions for the 'tomcat' group, which could cause\n certain applications to fail with errors such as 'No\n output folder'. This update adds write permissions for\n the 'tomcat' group to the affected directories.\n (BZ#643809)\n\n - The '/usr/sbin/tomcat6' wrapper script used a hard-coded\n path to the 'catalina.out' file, which may have caused\n problems (such as for logging init script output) if\n Tomcat was being run with a user other than 'tomcat' and\n with CATALINA_BASE set to a directory other than the\n default. (BZ#695284, BZ#697504)\n\n - Stopping Tomcat could have resulted in traceback errors\n being logged to 'catalina.out' when certain web\n applications were deployed. (BZ#698624)\n\nUsers of Tomcat should upgrade to these updated packages, which\ncontain backported patches to correct these issues. Tomcat must be\nrestarted for this update to take effect.", "edition": 25, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : tomcat6 on SL6.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4172", "CVE-2011-0013", "CVE-2010-3718"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20110519_TOMCAT6_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61051", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61051);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-3718\", \"CVE-2010-4172\", \"CVE-2011-0013\");\n\n script_name(english:\"Scientific Linux Security Update : tomcat6 on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Apache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nIt was found that web applications could modify the location of the\nTomcat host's work directory. As web applications deployed on Tomcat\nhave read and write access to this directory, a malicious web\napplication could use this flaw to trick Tomcat into giving it read\nand write access to an arbitrary directory on the file system.\n(CVE-2010-3718)\n\nA cross-site scripting (XSS) flaw was found in the Manager\napplication, used for managing web applications on Tomcat. If a remote\nattacker could trick a user who is logged into the Manager application\ninto visiting a specially crafted URL, the attacker could perform\nManager application tasks with the privileges of the logged in user.\n(CVE-2010-4172)\n\nA second cross-site scripting (XSS) flaw was found in the Manager\napplication. A malicious web application could use this flaw to\nconduct an XSS attack, leading to arbitrary web script execution with\nthe privileges of victims who are logged into and viewing Manager\napplication web pages. (CVE-2011-0013)\n\nThis update also fixes the following bugs :\n\n - A bug in the 'tomcat6' init script prevented additional\n Tomcat instances from starting. As well, running\n 'service tomcat6 start' caused configuration options\n applied from '/etc/sysconfig/tomcat6' to be overwritten\n with those from '/etc/tomcat6/tomcat6.conf'. With this\n update, multiple instances of Tomcat run as expected.\n (BZ#636997)\n\n - The '/usr/share/java/' directory was missing a symbolic\n link to the '/usr/share/tomcat6/bin/tomcat-juli.jar'\n library. Because this library was mandatory for certain\n operations (such as running the Jasper JSP precompiler),\n the 'build-jar-repository' command was unable to compose\n a valid classpath. With this update, the missing\n symbolic link has been added. (BZ#661244)\n\n - Previously, the 'tomcat6' init script failed to start\n Tomcat with a 'This account is currently not available.'\n message when Tomcat was configured to run under a user\n that did not have a valid shell configured as a login\n shell. This update modifies the init script to work\n correctly regardless of the daemon user's login shell.\n Additionally, these new tomcat6 packages now set\n '/sbin/nologin' as the login shell for the 'tomcat' user\n upon installation, as recommended by deployment best\n practices. (BZ#678671)\n\n - Some standard Tomcat directories were missing write\n permissions for the 'tomcat' group, which could cause\n certain applications to fail with errors such as 'No\n output folder'. This update adds write permissions for\n the 'tomcat' group to the affected directories.\n (BZ#643809)\n\n - The '/usr/sbin/tomcat6' wrapper script used a hard-coded\n path to the 'catalina.out' file, which may have caused\n problems (such as for logging init script output) if\n Tomcat was being run with a user other than 'tomcat' and\n with CATALINA_BASE set to a directory other than the\n default. (BZ#695284, BZ#697504)\n\n - Stopping Tomcat could have resulted in traceback errors\n being logged to 'catalina.out' when certain web\n applications were deployed. (BZ#698624)\n\nUsers of Tomcat should upgrade to these updated packages, which\ncontain backported patches to correct these issues. Tomcat must be\nrestarted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=636997\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=643809\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=661244\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=678671\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=695284\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=697504\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=698624\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1106&L=scientific-linux-errata&T=0&P=2006\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a5e979a2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/11/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-6.0.24-33.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-admin-webapps-6.0.24-33.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-docs-webapp-6.0.24-33.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-el-2.1-api-6.0.24-33.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-javadoc-6.0.24-33.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-jsp-2.1-api-6.0.24-33.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-lib-6.0.24-33.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-servlet-2.5-api-6.0.24-33.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-webapps-6.0.24-33.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-09-14T19:09:28", "description": "According to its self-reported version number, the instance of Apache\nTomcat 6.0.x listening on the remote host is prior to 6.0.30. It is,\ntherefore, affected by multiple vulnerabilities :\n\n - An error in the access restriction on a 'ServletContext'\n attribute that holds the location of the work directory\n in Tomcat's SecurityManager. A malicious web application\n can modify the location of the working directory which\n then allows improper read and write access to arbitrary\n files and directories in the context of Tomcat.\n (CVE-2010-3718)\n\n - An input validation error exists in the Manager\n application in that it fails to filter the 'sort' and\n 'orderBy' input parameters. (CVE-2010-4172)\n\n - The default configuration does not include the HTTPOnly\n flag in a Set-Cookie header, which makes it easier for\n remote attackers to hijack a session via script access\n to a cookie. (CVE-2010-4312)\n\n - An input validation error exists in the HTML manager\n application in that it fails to filter various input\n data before returning it to the browser. (CVE-2011-0013)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.", "edition": 24, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}, "published": "2011-02-14T00:00:00", "title": "Apache Tomcat 6.0.x < 6.0.30 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4312", "CVE-2010-4172", "CVE-2011-0013", "CVE-2010-3718"], "modified": "2011-02-14T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_6_0_30.NASL", "href": "https://www.tenable.com/plugins/nessus/51975", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(51975);\n script_version(\"1.28\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/11\");\n\n script_cve_id(\"CVE-2010-3718\", \"CVE-2010-4172\", \"CVE-2010-4312\", \"CVE-2011-0013\");\n script_bugtraq_id(45015, 46174, 46177);\n script_xref(name:\"Secunia\", value:\"42337\");\n script_xref(name:\"Secunia\", value:\"43194\");\n\n script_name(english:\"Apache Tomcat 6.0.x < 6.0.30 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the Apache Tomcat version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the instance of Apache\nTomcat 6.0.x listening on the remote host is prior to 6.0.30. It is,\ntherefore, affected by multiple vulnerabilities :\n\n - An error in the access restriction on a 'ServletContext'\n attribute that holds the location of the work directory\n in Tomcat's SecurityManager. A malicious web application\n can modify the location of the working directory which\n then allows improper read and write access to arbitrary\n files and directories in the context of Tomcat.\n (CVE-2010-3718)\n\n - An input validation error exists in the Manager\n application in that it fails to filter the 'sort' and\n 'orderBy' input parameters. (CVE-2010-4172)\n\n - The default configuration does not include the HTTPOnly\n flag in a Set-Cookie header, which makes it easier for\n remote attackers to hijack a session via script access\n to a cookie. (CVE-2010-4312)\n\n - An input validation error exists in the HTML manager\n application in that it fails to filter various input\n data before returning it to the browser. (CVE-2011-0013)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.30\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/fulldisclosure/2010/Nov/283\");\n script_set_attribute(attribute:\"solution\", value:\"Update Apache Tomcat to version 6.0.30 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2010-4312\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/11/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/01/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/02/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n\n exit(0);\n}\n\ninclude(\"tomcat_version.inc\");\n\ntomcat_check_version(fixed:\"6.0.30\", min:\"6.0.0\", severity:SECURITY_WARNING, xss:TRUE, granularity_regex:\"^6(\\.0)?$\");\n\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-01-07T10:54:20", "description": "The remote host is affected by the vulnerability described in GLSA-201206-24\n(Apache Tomcat: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Apache Tomcat. Please\n review the CVE identifiers referenced below for details.\n \nImpact :\n\n The vulnerabilities allow an attacker to cause a Denial of Service, to\n hijack a session, to bypass authentication, to inject webscript, to\n enumerate valid usernames, to read, modify and overwrite arbitrary files,\n to bypass intended access restrictions, to delete work-directory files,\n to discover the server’s hostname or IP, to bypass read permissions for\n files or HTTP headers, to read or write files outside of the intended\n working directory, and to obtain sensitive information by reading a log\n file.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 23, "cvss3": {"score": 4.2, "vector": "AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"}, "published": "2012-06-25T00:00:00", "title": "GLSA-201206-24 : Apache Tomcat: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4312", "CVE-2009-0033", "CVE-2011-1088", "CVE-2010-4172", "CVE-2011-1183", "CVE-2012-0022", "CVE-2009-2693", "CVE-2009-0580", "CVE-2009-0781", "CVE-2008-5515", "CVE-2011-2204", "CVE-2011-1419", "CVE-2011-2526", "CVE-2011-2729", "CVE-2011-1582", "CVE-2010-1157", "CVE-2011-0013", "CVE-2011-4858", "CVE-2011-0534", "CVE-2011-5063", "CVE-2009-2901", "CVE-2011-5062", "CVE-2011-1184", "CVE-2010-2227", "CVE-2009-0783", "CVE-2010-3718", "CVE-2011-3375", "CVE-2011-5064", "CVE-2011-1475", "CVE-2009-2902", "CVE-2011-3190", "CVE-2011-2481"], "modified": "2012-06-25T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:tomcat"], "id": "GENTOO_GLSA-201206-24.NASL", "href": "https://www.tenable.com/plugins/nessus/59677", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201206-24.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59677);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-5515\", \"CVE-2009-0033\", \"CVE-2009-0580\", \"CVE-2009-0781\", \"CVE-2009-0783\", \"CVE-2009-2693\", \"CVE-2009-2901\", \"CVE-2009-2902\", \"CVE-2010-1157\", \"CVE-2010-2227\", \"CVE-2010-3718\", \"CVE-2010-4172\", \"CVE-2010-4312\", \"CVE-2011-0013\", \"CVE-2011-0534\", \"CVE-2011-1088\", \"CVE-2011-1183\", \"CVE-2011-1184\", \"CVE-2011-1419\", \"CVE-2011-1475\", \"CVE-2011-1582\", \"CVE-2011-2204\", \"CVE-2011-2481\", \"CVE-2011-2526\", \"CVE-2011-2729\", \"CVE-2011-3190\", \"CVE-2011-3375\", \"CVE-2011-4858\", \"CVE-2011-5062\", \"CVE-2011-5063\", \"CVE-2011-5064\", \"CVE-2012-0022\");\n script_bugtraq_id(35193, 35196, 35263, 35416, 37942, 37944, 37945, 39635, 41544, 45015, 46164, 46174, 46177, 46685, 47196, 47199, 47886, 48456, 48667, 49143, 49147, 49353, 49762, 51200, 51442, 51447);\n script_xref(name:\"GLSA\", value:\"201206-24\");\n\n script_name(english:\"GLSA-201206-24 : Apache Tomcat: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201206-24\n(Apache Tomcat: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Apache Tomcat. Please\n review the CVE identifiers referenced below for details.\n \nImpact :\n\n The vulnerabilities allow an attacker to cause a Denial of Service, to\n hijack a session, to bypass authentication, to inject webscript, to\n enumerate valid usernames, to read, modify and overwrite arbitrary files,\n to bypass intended access restrictions, to delete work-directory files,\n to discover the server’s hostname or IP, to bypass read permissions for\n files or HTTP headers, to read or write files outside of the intended\n working directory, and to obtain sensitive information by reading a log\n file.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201206-24\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Apache Tomcat 6.0.x users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/tomcat-6.0.35'\n All Apache Tomcat 7.0.x users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/tomcat-7.0.23'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(20, 22, 79, 200, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-servers/tomcat\", unaffected:make_list(\"rge 6.0.35\", \"ge 7.0.23\", \"rge 6.0.44\", \"rge 6.0.45\", \"rge 6.0.46\", \"rge 6.0.47\", \"rge 6.0.48\"), vulnerable:make_list(\"lt 7.0.23\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Apache Tomcat\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T03:25:31", "description": "The remote host is running a version of Mac OS X 10.6 that does not\nhave Security Update 2011-006 applied. This update contains numerous\nsecurity-related fixes for the following components :\n\n - Apache\n - Application Firewall\n - ATS\n - BIND\n - Certificate Trust Policy\n - CFNetwork\n - CoreFoundation\n - CoreMedia\n - File Systems\n - IOGraphics\n - iChat Server\n - Mailman\n - MediaKit\n - PHP\n - postfix\n - python\n - QuickTime\n - Tomcat\n - User Documentation\n - Web Server\n - X11", "edition": 24, "published": "2011-10-13T00:00:00", "title": "Mac OS X Multiple Vulnerabilities (Security Update 2011-006)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0421", "CVE-2011-1467", "CVE-2011-1153", "CVE-2011-1471", "CVE-2011-3221", "CVE-2011-0259", "CVE-2011-1466", "CVE-2011-3222", "CVE-2011-0229", "CVE-2011-1521", "CVE-2010-4172", "CVE-2011-0419", "CVE-2011-1092", "CVE-2011-0252", "CVE-2011-3223", "CVE-2011-0185", "CVE-2011-1755", "CVE-2011-3220", "CVE-2011-0224", "CVE-2011-2464", "CVE-2010-4645", "CVE-2011-3214", "CVE-2010-3436", "CVE-2010-1157", "CVE-2011-0013", "CVE-2011-0708", "CVE-2011-3228", "CVE-2011-0249", "CVE-2011-0231", "CVE-2011-0534", "CVE-2011-2691", "CVE-2011-1468", "CVE-2011-0420", "CVE-2010-2089", "CVE-2011-3224", "CVE-2011-1470", "CVE-2011-3192", "CVE-2011-3219", "CVE-2011-2692", "CVE-2010-2227", "CVE-2011-1469", "CVE-2011-3218", "CVE-2010-3614", "CVE-2011-3213", "CVE-2010-3718", "CVE-2011-0250", "CVE-2011-3217", "CVE-2010-3613", "CVE-2010-1634", "CVE-2010-0097", "CVE-2011-0251", "CVE-2011-0707", "CVE-2011-0230", "CVE-2011-2690", "CVE-2011-0411", "CVE-2009-4022", "CVE-2011-1910"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_SECUPD2011-006.NASL", "href": "https://www.tenable.com/plugins/nessus/56481", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\nif (!defined_func(\"bn_random\")) exit(0);\nif (NASL_LEVEL < 3000) exit(0); # Avoid problems with large number of xrefs.\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(56481);\n script_version(\"1.27\");\n script_cvs_date(\"Date: 2018/07/14 1:59:35\");\n\n script_cve_id(\n \"CVE-2009-4022\",\n \"CVE-2010-0097\",\n \"CVE-2010-1157\",\n \"CVE-2010-1634\",\n \"CVE-2010-2089\",\n \"CVE-2010-2227\",\n \"CVE-2010-3436\",\n \"CVE-2010-3613\",\n \"CVE-2010-3614\",\n \"CVE-2010-3718\",\n \"CVE-2010-4172\",\n \"CVE-2010-4645\",\n \"CVE-2011-0013\",\n \"CVE-2011-0185\",\n \"CVE-2011-0224\",\n \"CVE-2011-0229\",\n \"CVE-2011-0230\",\n \"CVE-2011-0231\",\n \"CVE-2011-0249\",\n \"CVE-2011-0250\",\n \"CVE-2011-0251\",\n \"CVE-2011-0252\",\n \"CVE-2011-0259\",\n \"CVE-2011-0411\",\n \"CVE-2011-0419\",\n \"CVE-2011-0420\",\n \"CVE-2011-0421\",\n \"CVE-2011-0534\",\n \"CVE-2011-0707\",\n \"CVE-2011-0708\",\n \"CVE-2011-1092\",\n \"CVE-2011-1153\",\n \"CVE-2011-1466\",\n \"CVE-2011-1467\",\n \"CVE-2011-1468\",\n \"CVE-2011-1469\",\n \"CVE-2011-1470\",\n \"CVE-2011-1471\",\n \"CVE-2011-1521\",\n \"CVE-2011-1755\",\n \"CVE-2011-1910\",\n \"CVE-2011-2464\",\n \"CVE-2011-2690\",\n \"CVE-2011-2691\",\n \"CVE-2011-2692\",\n \"CVE-2011-3192\",\n \"CVE-2011-3213\",\n \"CVE-2011-3214\",\n \"CVE-2011-3217\",\n \"CVE-2011-3218\",\n \"CVE-2011-3219\",\n \"CVE-2011-3220\",\n \"CVE-2011-3221\",\n \"CVE-2011-3222\",\n \"CVE-2011-3223\",\n \"CVE-2011-3224\",\n \"CVE-2011-3228\"\n );\n script_bugtraq_id(\n 37118,\n 37865,\n 39635,\n 40370,\n 40863,\n 41544,\n 44723,\n 45015,\n 45133,\n 45137,\n 45668,\n 46164,\n 46174,\n 46177,\n 46354,\n 46365,\n 46429,\n 46464,\n 46767,\n 46786,\n 46854,\n 46967,\n 46968,\n 46969,\n 46970,\n 46975,\n 46977,\n 48007,\n 48250,\n 48566,\n 48618,\n 48660,\n 49303,\n 50085,\n 50091,\n 50092,\n 50095,\n 50098,\n 50100,\n 50101,\n 50111,\n 50116,\n 50117,\n 50122,\n 50127,\n 50130,\n 50131,\n 50150 \n );\n\n script_name(english:\"Mac OS X Multiple Vulnerabilities (Security Update 2011-006)\");\n script_summary(english:\"Check for the presence of Security Update 2011-006\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote host is missing a Mac OS X update that fixes several\nsecurity issues.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is running a version of Mac OS X 10.6 that does not\nhave Security Update 2011-006 applied. This update contains numerous\nsecurity-related fixes for the following components :\n\n - Apache\n - Application Firewall\n - ATS\n - BIND\n - Certificate Trust Policy\n - CFNetwork\n - CoreFoundation\n - CoreMedia\n - File Systems\n - IOGraphics\n - iChat Server\n - Mailman\n - MediaKit\n - PHP\n - postfix\n - python\n - QuickTime\n - Tomcat\n - User Documentation\n - Web Server\n - X11\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-11-295/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-11-303/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-12-136/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/523931/30/0/threaded\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT5002\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.apple.com/archives/security-announce/2011/Oct/msg00003.html\");\n script_set_attribute(attribute:\"solution\", value:\"Install Security Update 2011-006 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/11/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"Host/MacOSX/packages/boms\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) exit(0, \"The host does not appear to be running Mac OS X.\");\n\n\nif (ereg(pattern:\"Mac OS X 10\\.6([^0-9]|$)\", string:os)) \n{\n packages = get_kb_item_or_exit(\"Host/MacOSX/packages/boms\", exit_code:1);\n\n if (egrep(pattern:\"^com\\.apple\\.pkg\\.update\\.security\\.(2011\\.00[6-9]|201[2-9]\\.[0-9]+)(\\.snowleopard[0-9.]*)?\\.bom\", string:packages)) \n exit(0, \"The host has Security Update 2011-006 or later installed and therefore is not affected.\");\n else \n security_hole(0);\n}\nelse exit(0, \"The host is running \"+os+\" and therefore is not affected.\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:46:18", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3718", "CVE-2010-4172", "CVE-2011-0013"], "description": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nIt was found that web applications could modify the location of the Tomcat\nhost's work directory. As web applications deployed on Tomcat have read and\nwrite access to this directory, a malicious web application could use this\nflaw to trick Tomcat into giving it read and write access to an arbitrary\ndirectory on the file system. (CVE-2010-3718)\n\nA cross-site scripting (XSS) flaw was found in the Manager application,\nused for managing web applications on Tomcat. If a remote attacker could\ntrick a user who is logged into the Manager application into visiting a\nspecially-crafted URL, the attacker could perform Manager application tasks\nwith the privileges of the logged in user. (CVE-2010-4172)\n\nA second cross-site scripting (XSS) flaw was found in the Manager\napplication. A malicious web application could use this flaw to conduct an\nXSS attack, leading to arbitrary web script execution with the privileges\nof victims who are logged into and viewing Manager application web pages.\n(CVE-2011-0013)\n\nThis update also fixes the following bugs:\n\n* A bug in the \"tomcat6\" init script prevented additional Tomcat instances\nfrom starting. As well, running \"service tomcat6 start\" caused\nconfiguration options applied from \"/etc/sysconfig/tomcat6\" to be\noverwritten with those from \"/etc/tomcat6/tomcat6.conf\". With this update,\nmultiple instances of Tomcat run as expected. (BZ#636997)\n\n* The \"/usr/share/java/\" directory was missing a symbolic link to the\n\"/usr/share/tomcat6/bin/tomcat-juli.jar\" library. Because this library was\nmandatory for certain operations (such as running the Jasper JSP\nprecompiler), the \"build-jar-repository\" command was unable to compose a\nvalid classpath. With this update, the missing symbolic link has been\nadded. (BZ#661244)\n\n* Previously, the \"tomcat6\" init script failed to start Tomcat with a \"This\naccount is currently not available.\" message when Tomcat was configured to\nrun under a user that did not have a valid shell configured as a login\nshell. This update modifies the init script to work correctly regardless of\nthe daemon user's login shell. Additionally, these new tomcat6 packages now\nset \"/sbin/nologin\" as the login shell for the \"tomcat\" user upon\ninstallation, as recommended by deployment best practices. (BZ#678671)\n\n* Some standard Tomcat directories were missing write permissions for the\n\"tomcat\" group, which could cause certain applications to fail with errors\nsuch as \"No output folder\". This update adds write permissions for the\n\"tomcat\" group to the affected directories. (BZ#643809)\n\n* The \"/usr/sbin/tomcat6\" wrapper script used a hard-coded path to the\n\"catalina.out\" file, which may have caused problems (such as for logging\ninit script output) if Tomcat was being run with a user other than \"tomcat\"\nand with CATALINA_BASE set to a directory other than the default.\n(BZ#695284, BZ#697504)\n\n* Stopping Tomcat could have resulted in traceback errors being logged to\n\"catalina.out\" when certain web applications were deployed. (BZ#698624)\n\nUsers of Tomcat should upgrade to these updated packages, which contain\nbackported patches to correct these issues. Tomcat must be restarted for\nthis update to take effect.\n", "modified": "2018-06-06T20:24:35", "published": "2011-05-19T04:00:00", "id": "RHSA-2011:0791", "href": "https://access.redhat.com/errata/RHSA-2011:0791", "type": "redhat", "title": "(RHSA-2011:0791) Moderate: tomcat6 security and bug fix update", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-12-11T13:31:28", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1157", "CVE-2010-1452", "CVE-2010-1623", "CVE-2010-3718", "CVE-2010-4172", "CVE-2011-0013", "CVE-2011-0419", "CVE-2012-4557"], "description": "JBoss Enterprise Web Server is a fully-integrated and certified set of\ncomponents for hosting Java web applications.\n\nThis is the first release of JBoss Enterprise Web Server for Red Hat\nEnterprise Linux 6. For Red Hat Enterprise Linux 4 and 5, this release\nserves as a replacement for JBoss Enterprise Web Server 1.0.1, and includes\na number of bug fixes. Refer to the Release Notes, linked in the\nReferences, for more information.\n\nThis update corrects security flaws in the following components:\n\ntomcat6:\n\nA cross-site scripting (XSS) flaw was found in the Manager application,\nused for managing web applications on Apache Tomcat. If a remote attacker\ncould trick a user who is logged into the Manager application into visiting\na specially-crafted URL, the attacker could perform Manager application\ntasks with the privileges of the logged in user. (CVE-2010-4172)\n\ntomcat5 and tomcat6:\n\nIt was found that web applications could modify the location of the Apache\nTomcat host's work directory. As web applications deployed on Tomcat have\nread and write access to this directory, a malicious web application could\nuse this flaw to trick Tomcat into giving it read and write access to an\narbitrary directory on the file system. (CVE-2010-3718)\n\nA second cross-site scripting (XSS) flaw was found in the Manager\napplication. A malicious web application could use this flaw to conduct an\nXSS attack, leading to arbitrary web script execution with the privileges\nof victims who are logged into and viewing Manager application web pages.\n(CVE-2011-0013)\n\nA possible minor information leak was found in the way Apache Tomcat\ngenerated HTTP BASIC and DIGEST authentication requests. For configurations\nwhere a realm name was not specified and Tomcat was accessed via a proxy,\nthe default generated realm contained the hostname and port used by the\nproxy to send requests to the Tomcat server. (CVE-2010-1157)\n\nhttpd:\n\nA flaw was found in the way the mod_dav module of the Apache HTTP Server\nhandled certain requests. If a remote attacker were to send a carefully\ncrafted request to the server, it could cause the httpd child process to\ncrash. (CVE-2010-1452)\n\napr:\n\nIt was found that the apr_fnmatch() function used an unconstrained\nrecursion when processing patterns with the '*' wildcard. An attacker could\nuse this flaw to cause an application using this function, which also\naccepted untrusted input as a pattern for matching (such as an httpd server\nusing the mod_autoindex module), to exhaust all stack memory or use an\nexcessive amount of CPU time when performing matching. (CVE-2011-0419)\n\napr-util:\n\nIt was found that certain input could cause the apr-util library to\nallocate more memory than intended in the apr_brigade_split_line()\nfunction. An attacker able to provide input in small chunks to an\napplication using the apr-util library (such as httpd) could possibly use\nthis flaw to trigger high memory consumption. Note: This issue only\naffected the JBoss Enterprise Web Server packages on Red Hat Enterprise\nLinux 4. (CVE-2010-1623)\n\nAll users of JBoss Enterprise Web Server 1.0.1 are advised to upgrade to\nJBoss Enterprise Web Server 1.0.2, which corrects these issues. After\ninstalling this update, the relevant Apache Tomcat service (\"tomcat5\" or\n\"tomcat6\") and the Apache HTTP Server (\"httpd\") must be restarted for the\nupdate to take effect.\n", "modified": "2018-06-07T02:42:41", "published": "2011-06-22T04:00:00", "id": "RHSA-2011:0897", "href": "https://access.redhat.com/errata/RHSA-2011:0897", "type": "redhat", "title": "(RHSA-2011:0897) Moderate: JBoss Enterprise Web Server 1.0.2 update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:34:52", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4172", "CVE-2011-0013", "CVE-2011-0534", "CVE-2010-4476", "CVE-2010-3718"], "description": "[6.0.24-33]\n- resolves: rhbz 695284 - multiple instances logging fiasco\n[6.0.24-32]\n- Resolves: rhbz 698624 - inet4address can't be cast to String\n[6.0.24-31]\n- Resolves: rhbz 656403 - cve-2010-4172 jsp syntax error\n[6.0.24-30]\n- Resolves: rhbz#697504 initscript logging location\n[6.0.24-29]\n- Resolves: rhbz#656403, rhbz#675926, rhbz#676011\n- CVE-2010-4172, CVE-2010-3718, CVE-2011-0013, CVE-2010-4476,\n- CVE-2011-0534\n[6.0.24-28]\n- Resovles rhbz#695284 - wrapper logs to different locations\n- CVE-2010-4172, CVE-2011-0013, CVE-2010-3718 commented out \n- until needed.\n[6.0.24-27]\n- naming-factory-dbcp missing fix in tomcat6.conf\n- Add Obsoletes for log4j\n[6.0.24-26]\n- Add log4j to package lib. Corrected typo in log4 Provides\n- epock versus epoch\n[6.0.24-25]\n- Installed permissions do not allow tomcat to start\n- incrementing NVR so yum won't get confused with the zstream", "edition": 4, "modified": "2011-05-28T00:00:00", "published": "2011-05-28T00:00:00", "id": "ELSA-2011-0791", "href": "http://linux.oracle.com/errata/ELSA-2011-0791.html", "title": "tomcat6 security and bug fix update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:13", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4312", "CVE-2009-0033", "CVE-2011-1088", "CVE-2010-4172", "CVE-2011-1183", "CVE-2012-0022", "CVE-2009-2693", "CVE-2009-0580", "CVE-2009-0781", "CVE-2008-5515", "CVE-2011-2204", "CVE-2011-1419", "CVE-2011-2526", "CVE-2011-2729", "CVE-2011-1582", "CVE-2010-1157", "CVE-2011-0013", "CVE-2011-4858", "CVE-2011-0534", "CVE-2011-5063", "CVE-2009-2901", "CVE-2011-5062", "CVE-2011-1184", "CVE-2010-2227", "CVE-2009-0783", "CVE-2010-3718", "CVE-2011-3375", "CVE-2011-5064", "CVE-2011-1475", "CVE-2009-2902", "CVE-2011-3190", "CVE-2011-2481"], "description": "### Background\n\nApache Tomcat is a Servlet-3.0/JSP-2.2 Container.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Apache Tomcat. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nThe vulnerabilities allow an attacker to cause a Denial of Service, to hijack a session, to bypass authentication, to inject webscript, to enumerate valid usernames, to read, modify and overwrite arbitrary files, to bypass intended access restrictions, to delete work-directory files, to discover the server\u2019s hostname or IP, to bypass read permissions for files or HTTP headers, to read or write files outside of the intended working directory, and to obtain sensitive information by reading a log file. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Apache Tomcat 6.0.x users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-servers/tomcat-6.0.35\"\n \n\nAll Apache Tomcat 7.0.x users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-servers/tomcat-7.0.23\"", "edition": 1, "modified": "2016-03-20T00:00:00", "published": "2012-06-24T00:00:00", "id": "GLSA-201206-24", "href": "https://security.gentoo.org/glsa/201206-24", "type": "gentoo", "title": "Apache Tomcat: Multiple vulnerabilities", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}

Apache Tomcat 6.x &lt; 6.0.30 / 7.x &lt; 7.0.5 Multiple XSS

Description

Apache Tomcat 6.x < 6.0.30 / 7.x < 7.0.5 Multiple XSS