{"id": "TOMCAT_SNOOP_URI_XSS.NASL", "bulletinFamily": "scanner", "title": "Apache Tomcat snoop.jsp URI XSS", "description": "The remote Apache Tomcat web server includes an example JSP\napplication, 'snoop.jsp', that fails to sanitize user-supplied input\nbefore using it to generate dynamic content. An unauthenticated,\nremote attacker can exploit this issue to inject arbitrary HTML or\nscript code into a user's browser to be executed within the security\ncontext of the affected site.", "published": "2007-06-18T00:00:00", "modified": "2007-06-18T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "https://www.tenable.com/plugins/nessus/25525", "reporter": "This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.", "references": ["https://seclists.org/bugtraq/2007/Jun/182"], "cvelist": ["CVE-2007-2449"], "type": "nessus", "lastseen": "2021-01-20T15:18:47", "edition": 29, "viewCount": 663, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-2449"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:57183"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:17267", "SECURITYVULNS:VULN:7815", "SECURITYVULNS:DOC:21244"]}, {"type": "jvn", "idList": ["JVN:64851600"]}, {"type": "exploitdb", "idList": ["EDB-ID:30189"]}, {"type": "osvdb", "idList": ["OSVDB:36080"]}, {"type": "centos", "idList": ["CESA-2007:0569"]}, {"type": "oraclelinux", "idList": ["ELSA-2007-0569"]}, {"type": "redhat", "idList": ["RHSA-2007:0569", "RHSA-2008:0524", "RHSA-2008:0630", "RHSA-2007:0876", "RHSA-2008:0261"]}, {"type": "openvas", "idList": ["OPENVAS:861582", "OPENVAS:136141256231065993", "OPENVAS:136141256231065285", "OPENVAS:1361412562310830069", "OPENVAS:65285", "OPENVAS:830069", "OPENVAS:1361412562310122674", "OPENVAS:861516", "OPENVAS:860524", "OPENVAS:65993"]}, {"type": "nessus", "idList": ["SUSE_TOMCAT55-5069.NASL", "TOMCAT_6_0_14.NASL", "SL_20070717_TOMCAT_ON_SL5_X.NASL", "TOMCAT_5_5_25.NASL", "SUSE_TOMCAT5-5070.NASL", "SUSE9_12116.NASL", "REDHAT-RHSA-2007-0569.NASL", "SUSE_TOMCAT5-5071.NASL", "ORACLELINUX_ELSA-2007-0569.NASL", "CENTOS_RHSA-2007-0569.NASL"]}, {"type": "fedora", "idList": ["FEDORA:M1D4RW3M004324", "FEDORA:EC5A9208DCA", "FEDORA:LAH5YH76010685", "FEDORA:LAH5BMCQ011096", "FEDORA:M1D5DC2X006390"]}], "modified": "2021-01-20T15:18:47", "rev": 2}, "score": {"value": 5.0, "vector": "NONE", "modified": "2021-01-20T15:18:47", "rev": 2}, "vulnersScore": 5.0}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(25525);\n script_version(\"1.29\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2007-2449\");\n script_bugtraq_id(24476);\n\n script_name(english:\"Apache Tomcat snoop.jsp URI XSS\");\n script_summary(english:\"Checks for an XSS flaw in Tomcat's snoop.jsp.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apache Tomcat web server contains a JSP application that is\naffected by a cross-site scripting vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Apache Tomcat web server includes an example JSP\napplication, 'snoop.jsp', that fails to sanitize user-supplied input\nbefore using it to generate dynamic content. An unauthenticated,\nremote attacker can exploit this issue to inject arbitrary HTML or\nscript code into a user's browser to be executed within the security\ncontext of the affected site.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/bugtraq/2007/Jun/182\");\n script_set_attribute(attribute:\"solution\", value:\"Undeploy the Tomcat examples web application.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/06/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/06/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"exploited_by_nessus\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_ATTACK);\n script_family(english:\"CGI abuses : XSS\");\n\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"cross_site_scripting.nasl\");\n script_require_ports(\"Services/www\", 8080);\n script_require_keys(\"installed_sw/Apache Tomcat\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"audit.inc\");\ninclude(\"install_func.inc\");\n\nget_install_count(app_name:\"Apache Tomcat\", exit_if_zero:TRUE);\nport = get_http_port(default:8080);\ninstall = get_single_install(app_name:\"Apache Tomcat\", port:port);\n\nget_kb_item_or_exit(\"www/\"+port+\"/generic_xss\");\n\n# Send a request to exploit the flaw.\nxss = raw_string(\"<script>alert('\", SCRIPT_NAME, \"')</script>\");\nexploit = string(\";\", xss, \"test.jsp\");\nforeach dir (make_list(\"/examples/jsp\", \"/jsp-examples\"))\n{\n if (\"/examples/jsp\" == dir)\n {\n w = http_send_recv3(\n method:\"GET\", \n item:string(dir, \"/snp/snoop.jsp\"), \n port:port, \n add_headers: make_array(\"Host\", xss),\n exit_on_fail:TRUE\n );\n }\n else\n {\n w = http_send_recv3(\n method: \"GET\", \n item:string(dir, \"/snp/snoop.jsp\", exploit), \n port:port, \n exit_on_fail:TRUE\n );\n }\n res = w[2];\n\n # There's a problem if our exploit appears in the request URI.\n if (\n (\"/examples/jsp\" == dir && string(\"Server name: \", xss) >< res) ||\n (string(\"Request URI: /jsp-examples/snp/snoop.jsp\", exploit) >< res)\n ) \n {\n if (report_verbosity > 0)\n {\n report = \n '\\n' + 'Nessus was able to exploit the issue using the following HTTP request :' +\n '\\n' +\n '\\n' + crap(data:\"-\", length:30) + \" snip \" + crap(data:\"-\", length:30) + \n '\\n' + chomp(http_last_sent_request()) +\n '\\n' + crap(data:\"-\", length:30) + \" snip \" + crap(data:\"-\", length:30) + '\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n set_kb_item(name: 'www/'+port+'/XSS', value: TRUE);\n exit(0);\n }\n}\naudit(AUDIT_LISTEN_NOT_VULN, \"Apache Tomcat\", port, install[\"version\"]);\n", "naslFamily": "CGI abuses : XSS", "pluginID": "25525", "cpe": ["cpe:/a:apache:tomcat"], "scheme": null, "cvss3": {"score": 5.3, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}}

{"cve": [{"lastseen": "2021-02-02T05:31:23", "description": "Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ';' character, as demonstrated by a URI containing a \"snp/snoop.jsp;\" sequence.", "edition": 7, "cvss3": {}, "published": "2007-06-14T23:30:00", "title": "CVE-2007-2449", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-2449"], "modified": "2019-03-25T11:29:00", "cpe": ["cpe:/a:apache:tomcat:4.1.36", "cpe:/a:apache:tomcat:5.5.0", "cpe:/a:apache:tomcat:4.0.3", "cpe:/a:apache:tomcat:5.5.18", "cpe:/a:apache:tomcat:5.0.5", "cpe:/a:apache:tomcat:4.0.4", "cpe:/a:apache:tomcat:5.5.2", "cpe:/a:apache:tomcat:6.0.7", "cpe:/a:apache:tomcat:5.5.1", "cpe:/a:apache:tomcat:5.0.26", "cpe:/a:apache:tomcat:6.0.0", "cpe:/a:apache:tomcat:5.0.10", "cpe:/a:apache:tomcat:6.0.4", "cpe:/a:apache:tomcat:5.0.11", "cpe:/a:apache:tomcat:5.0.14", "cpe:/a:apache:tomcat:6.0.10", "cpe:/a:apache:tomcat:5.0.13", "cpe:/a:apache:tomcat:6.0.5", "cpe:/a:apache:tomcat:5.5.4", "cpe:/a:apache:tomcat:6.0.6", "cpe:/a:apache:tomcat:4.0.2", "cpe:/a:apache:tomcat:5.5.22", "cpe:/a:apache:tomcat:5.0.27", "cpe:/a:apache:tomcat:5.5.14", "cpe:/a:apache:tomcat:5.5.16", "cpe:/a:apache:tomcat:6.0.13", "cpe:/a:apache:tomcat:5.5.3", "cpe:/a:apache:tomcat:5.5.10", "cpe:/a:apache:tomcat:5.0.2", "cpe:/a:apache:tomcat:5.5.9", "cpe:/a:apache:tomcat:5.0.21", "cpe:/a:apache:tomcat:5.0.28", "cpe:/a:apache:tomcat:5.0.6", "cpe:/a:apache:tomcat:5.0.8", "cpe:/a:apache:tomcat:6.0.12", "cpe:/a:apache:tomcat:5.5.11", "cpe:/a:apache:tomcat:5.0.19", "cpe:/a:apache:tomcat:5.0.17", "cpe:/a:apache:tomcat:6.0.11", "cpe:/a:apache:tomcat:4.0.0", "cpe:/a:apache:tomcat:6.0.8", "cpe:/a:apache:tomcat:5.5.19", "cpe:/a:apache:tomcat:5.0.24", "cpe:/a:apache:tomcat:5.5.21", "cpe:/a:apache:tomcat:5.0.22", "cpe:/a:apache:tomcat:5.0.25", "cpe:/a:apache:tomcat:5.5.5", "cpe:/a:apache:tomcat:5.0.3", "cpe:/a:apache:tomcat:5.0.12", "cpe:/a:apache:tomcat:6.0.2", "cpe:/a:apache:tomcat:6.0.1", "cpe:/a:apache:tomcat:5.0.4", "cpe:/a:apache:tomcat:5.0.0", "cpe:/a:apache:tomcat:5.0.30", "cpe:/a:apache:tomcat:5.5.17", "cpe:/a:apache:tomcat:5.0.1", "cpe:/a:apache:tomcat:5.0.18", "cpe:/a:apache:tomcat:5.0.7", "cpe:/a:apache:tomcat:5.5.7", "cpe:/a:apache:tomcat:5.5.13", "cpe:/a:apache:tomcat:5.0.16", "cpe:/a:apache:tomcat:4.0.5", "cpe:/a:apache:tomcat:5.0.29", "cpe:/a:apache:tomcat:6.0.3", "cpe:/a:apache:tomcat:5.5.15", "cpe:/a:apache:tomcat:5.0.23", "cpe:/a:apache:tomcat:5.5.8", "cpe:/a:apache:tomcat:5.5.6", "cpe:/a:apache:tomcat:5.0.15", "cpe:/a:apache:tomcat:5.0.9", "cpe:/a:apache:tomcat:5.5.12", "cpe:/a:apache:tomcat:5.5.20", "cpe:/a:apache:tomcat:4.0.1"], "id": "CVE-2007-2449", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-2449", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.0.27:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.0.28:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:4.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:4.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:4.1.36:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:4.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:4.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:4.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.0.25:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.0.16:*:*:*:*:*:*:*"]}], "packetstorm": [{"lastseen": "2016-12-05T22:16:48", "description": "", "published": "2007-06-15T00:00:00", "type": "packetstorm", "title": "CVE-2007-2449.txt", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-2449"], "modified": "2007-06-15T00:00:00", "id": "PACKETSTORM:57183", "href": "https://packetstormsecurity.com/files/57183/CVE-2007-2449.txt.html", "sourceData": "`-----BEGIN PGP SIGNED MESSAGE----- \nHash: SHA1 \n \nCVE-2007-2449: Apache Tomcat XSS vulnerabilities in the JSP examples \n \nSeverity: low (cross-site scripting) \n \nVendor: \nThe Apache Software Foundation \n \nVersions Affected: \nTomcat 4.0.0 to 4.0.6 \nTomcat 4.1.0 to 4.1.36 \nTomcat 5.0.0 to 5.0.30 \nTomcat 5.5.0 to 5.5.24 \nTomcat 6.0.0 to 6.0.13 \n \nDescription: \nThe JSP examples web application displays does not escape some user \nprovided data before including it in the output. This enables a XSS \nattack. \n \nMitigation: \n1. Undeploy the examples web application(s). \n \nExample: \nhttp://host:port/jsp-examples/snp/snoop.jsp;<script>alert()</script>test.jsp \n \nCredit: \nThese issues were discovered by an unknown security researcher and \nreported to JPCERT. \n \nReferences: \nhttp://tomcat.apache.org/security.html \n \nMark Thomas \n \n \n \n \n-----BEGIN PGP SIGNATURE----- \nVersion: GnuPG v1.4.7 (MingW32) \nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org \n \niD8DBQFGcKbJb7IeiTPGAkMRAi9BAKDsuoomGh2n9BYl7mT/tGEjQ+HIlQCdHjnU \nzdreMwViLR/bDBnys5YkhPk= \n=SK7+ \n-----END PGP SIGNATURE----- \n`\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/57183/CVE-2007-2449.txt"}], "securityvulns": [{"lastseen": "2018-08-31T11:10:22", "bulletinFamily": "software", "cvelist": ["CVE-2007-2449"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nCVE-2007-2449: Apache Tomcat XSS vulnerabilities in the JSP examples\r\n\r\nSeverity: low &#40;cross-site scripting&#41;\r\n\r\nVendor:\r\nThe Apache Software Foundation\r\n\r\nVersions Affected:\r\nTomcat 4.0.0 to 4.0.6\r\nTomcat 4.1.0 to 4.1.36\r\nTomcat 5.0.0 to 5.0.30\r\nTomcat 5.5.0 to 5.5.24\r\nTomcat 6.0.0 to 6.0.13\r\n\r\nDescription:\r\nThe JSP examples web application displays does not escape some user\r\nprovided data before including it in the output. This enables a XSS\r\nattack.\r\n\r\nMitigation:\r\n1. Undeploy the examples web application&#40;s&#41;.\r\n\r\nExample:\r\nhttp://host:port/jsp-examples/snp/snoop.jsp;&lt;script&gt;alert&#40;&#41;&lt;/script&gt;test.jsp\r\n\r\nCredit:\r\nThese issues were discovered by an unknown security researcher and\r\nreported to JPCERT.\r\n\r\nReferences:\r\nhttp://tomcat.apache.org/security.html\r\n\r\nMark Thomas\r\n\r\n\r\n\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.7 &#40;MingW32&#41;\r\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org\r\n\r\niD8DBQFGcKbJb7IeiTPGAkMRAi9BAKDsuoomGh2n9BYl7mT/tGEjQ+HIlQCdHjnU\r\nzdreMwViLR/bDBnys5YkhPk=\r\n=SK7+\r\n-----END PGP SIGNATURE-----\r\n\r\n_______________________________________________\r\nFull-Disclosure - We believe in it.\r\nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\r\nHosted and sponsored by Secunia - http://secunia.com/", "edition": 1, "modified": "2007-06-14T00:00:00", "published": "2007-06-14T00:00:00", "id": "SECURITYVULNS:DOC:17267", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:17267", "title": "[Full-disclosure] [CVE-2007-2449] Apache Tomcat XSS vulnerabilities in the JSP examples", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:09:26", "bulletinFamily": "software", "cvelist": ["CVE-2007-2450", "CVE-2007-2449"], "description": "Crossite scripting with Manager / Host Manager or JSP pages examples.", "edition": 1, "modified": "2007-06-14T00:00:00", "published": "2007-06-14T00:00:00", "id": "SECURITYVULNS:VULN:7815", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7815", "title": "Apache Tomcat crossite scripting", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:29", "bulletinFamily": "software", "cvelist": ["CVE-2007-1355", "CVE-2005-2090", "CVE-2007-3382", "CVE-2007-2450", "CVE-2007-2449", "CVE-2007-3386", "CVE-2006-7195", "CVE-2007-0450", "CVE-2008-0128", "CVE-2006-7196", "CVE-2007-3385", "CVE-2005-3510", "CVE-2007-1358", "CVE-2007-1858", "CVE-2006-3835"], "description": "Title: CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities\r\n\r\n\r\nCA Advisory Reference: CA20090123-01\r\n\r\n\r\nCA Advisory Date: 2009-01-23\r\n\r\n\r\nReported By: n/a\r\n\r\n\r\nImpact: Refer to the CVE identifiers for details.\r\n\r\n\r\nSummary: Multiple security risks exist in Apache Tomcat as \r\nincluded with CA Cohesion Application Configuration Manager. CA \r\nhas issued an update to address the vulnerabilities. Refer to the \r\nReferences section for the full list of resolved issues by CVE \r\nidentifier.\r\n\r\n\r\nMitigating Factors: None\r\n\r\n\r\nSeverity: CA has given these vulnerabilities a Medium risk rating.\r\n\r\n\r\nAffected Products:\r\nCA Cohesion Application Configuration Manager 4.5\r\n\r\n\r\nNon-Affected Products\r\nCA Cohesion Application Configuration Manager 4.5 SP1\r\n\r\n\r\nAffected Platforms:\r\nWindows\r\n\r\n\r\nStatus and Recommendation:\r\nCA has issued the following update to address the vulnerabilities.\r\n\r\nCA Cohesion Application Configuration Manager 4.5:\r\n\r\nRO04648\r\nhttps://support.ca.com/irj/portal/anonymous/redirArticles?reqPage=search\r\n&amp;searchID=RO04648\r\n\r\n\r\nHow to determine if you are affected:\r\n\r\n1. Using Windows Explorer, locate the file &quot;RELEASE-NOTES&quot;.\r\n2. By default, the file is located in the \r\n &quot;C:&#92;Program Files&#92;CA&#92;Cohesion&#92;Server&#92;server&#92;&quot; directory.\r\n3. Open the file with a text editor.\r\n4. If the version is less than 5.5.25, the installation is \r\n vulnerable.\r\n\r\n\r\nWorkaround: None\r\n\r\n\r\nReferences &#40;URLs may wrap&#41;:\r\nCA Support:\r\nhttp://support.ca.com/\r\nCA20090123-01: Security Notice for Cohesion Tomcat\r\nhttps://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=1975\r\n40\r\nSolution Document Reference APARs:\r\nRO04648\r\nCA Security Response Blog posting:\r\nCA20090123-01: Cohesion Tomcat Multiple Vulnerabilities\r\ncommunity.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx\r\nReported By: \r\nn/a\r\nCVE References:\r\nCVE-2005-2090\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2090\r\nCVE-2005-3510\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3510\r\nCVE-2006-3835\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3835\r\nCVE-2006-7195\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7195\r\nCVE-2006-7196\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7196\r\nCVE-2007-0450\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450\r\nCVE-2007-1355\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1355\r\nCVE-2007-1358\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1358\r\nCVE-2007-1858\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1858\r\nCVE-2007-2449\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2449\r\nCVE-2007-2450\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2450\r\nCVE-2007-3382\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3382\r\nCVE-2007-3385 *\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385\r\nCVE-2007-3386\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3386\r\nCVE-2008-0128\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0128\r\n*Note: the issue was not completely fixed by Tomcat maintainers.\r\nOSVDB References: Pending\r\nhttp://osvdb.org/\r\n\r\n\r\nChangelog for this advisory:\r\nv1.0 - Initial Release\r\nv1.1 - Updated Impact, Summary, Affected Products\r\n\r\n\r\nCustomers who require additional information should contact CA\r\nTechnical Support at http://support.ca.com.\r\n\r\nFor technical questions or comments related to this advisory, \r\nplease send email to vuln AT ca DOT com.\r\n\r\nIf you discover a vulnerability in CA products, please report your \r\nfindings to the CA Product Vulnerability Response Team.\r\nhttps://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=1777\r\n82\r\n\r\n\r\nRegards,\r\nKen Williams, Director ; 0xE2941985\r\nCA Product Vulnerability Response Team\r\n\r\n\r\nCA, 1 CA Plaza, Islandia, NY 11749\r\n \r\nContact http://www.ca.com/us/contact/\r\nLegal Notice http://www.ca.com/us/legal/\r\nPrivacy Policy http://www.ca.com/us/privacy/\r\nCopyright &#40;c&#41; 2009 CA. All rights reserved.", "edition": 1, "modified": "2009-01-28T00:00:00", "published": "2009-01-28T00:00:00", "id": "SECURITYVULNS:DOC:21244", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:21244", "title": "CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities &#40;Updated - v1.1&#41;", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "jvn": [{"lastseen": "2019-05-29T17:21:31", "bulletinFamily": "info", "cvelist": ["CVE-2007-2449"], "description": "\n ## Description\n\nApache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page (JSP) technologies. \njsp-examples, a sample web application included in Apache Tomcat, contains a cross-site scripting vulnerability. \n\n ## Impact\n\nAn arbitrary script may be executed on the user's web browser. \n\n ## Solution\n\n**Update the Software** \nUpdate to Apache Tomcat 6.0.14, available from the developer as of August 9, 2007. \n \n**Workarounds** \nAvoid installing the sample program. \nWe recommend that users of Apache Tomcat 4.x and 5.x apply the above workaround, as the latest version is not available yet. \n \n\n\n ## Products Affected\n\n * Apache Tomcat 4.0.0 - 4.0.6\n * Apache Tomcat 4.1.0 - 4.1.36\n * Apache Tomcat 5.0.0 - 5.0.30\n * Apache Tomcat 5.5.0 - 5.5.24\n * Apache Tomcat 6.0.0 - 6.0.13\n", "edition": 4, "modified": "2008-05-21T00:00:00", "published": "2007-06-15T00:00:00", "id": "JVN:64851600", "href": "http://jvn.jp/en/jp/JVN64851600/index.html", "title": "JVN#64851600 Apache Tomcat sample web application cross-site scripting vulnerability", "type": "jvn", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "exploitdb": [{"lastseen": "2016-02-03T11:55:51", "description": "Apache Tomcat 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability. CVE-2007-2449. Webapps exploit for jsp platform", "published": "2007-06-14T00:00:00", "type": "exploitdb", "title": "Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross-Site Scripting Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-2449"], "modified": "2007-06-14T00:00:00", "id": "EDB-ID:30189", "href": "https://www.exploit-db.com/exploits/30189/", "sourceData": "source: http://www.securityfocus.com/bid/24476/info\r\n\r\nApache Tomcat is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.\r\n\r\nExploiting this vulnerability may allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected website. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks.\r\n\r\nhttp:/;www.example.com/jsp-examples/snp/snoop.jsp;[xss] ", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/30189/"}], "osvdb": [{"lastseen": "2017-04-28T13:20:32", "bulletinFamily": "software", "cvelist": ["CVE-2007-2449"], "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: http://tomcat.apache.org/security-6.html\nVendor Specific News/Changelog Entry: http://tomcat.apache.org/security-5.html\nVendor Specific News/Changelog Entry: http://tomcat.apache.org/security-4.html\nSecurity Tracker: 1018245\n[Secunia Advisory ID:26076](https://secuniaresearch.flexerasoftware.com/advisories/26076/)\n[Secunia Advisory ID:27727](https://secuniaresearch.flexerasoftware.com/advisories/27727/)\nRedHat RHSA: RHSA-2007:0569\nOther Advisory URL: https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-06/0183.html\nISS X-Force ID: 34869\nFrSIRT Advisory: ADV-2007-2213\n[CVE-2007-2449](https://vulners.com/cve/CVE-2007-2449)\nBugtraq ID: 24476\n", "edition": 1, "modified": "2007-06-13T00:00:00", "published": "2007-06-13T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:36080", "id": "OSVDB:36080", "title": "Apache Tomcat JSP Examples Crafted URI XSS", "type": "osvdb", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "centos": [{"lastseen": "2019-12-20T18:27:45", "bulletinFamily": "unix", "cvelist": ["CVE-2007-2450", "CVE-2007-2449"], "description": "**CentOS Errata and Security Advisory** CESA-2007:0569\n\n\nTomcat is a servlet container for Java Servlet and JavaServer Pages (JSP)\r\ntechnologies.\r\n\r\nSome JSPs within the 'examples' web application did not escape user\r\nprovided data. If the JSP examples were accessible, this flaw could allow a\r\nremote attacker to perform cross-site scripting attacks (CVE-2007-2449).\r\n\r\nNote: it is recommended the 'examples' web application not be installed on\r\na production system.\r\n\r\nThe Manager and Host Manager web applications did not escape user provided\r\ndata. If a user is logged in to the Manager or Host Manager web\r\napplication, an attacker could perform a cross-site scripting attack\r\n(CVE-2007-2450).\r\n\r\nUsers of Tomcat should update to these erratum packages, which contain\r\nbackported patches to correct these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2007-July/026105.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-July/026106.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-September/026293.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-September/026294.html\n\n**Affected packages:**\ntomcat5\ntomcat5-admin-webapps\ntomcat5-common-lib\ntomcat5-jasper\ntomcat5-jasper-javadoc\ntomcat5-jsp-2.0-api\ntomcat5-jsp-2.0-api-javadoc\ntomcat5-server-lib\ntomcat5-servlet-2.4-api\ntomcat5-servlet-2.4-api-javadoc\ntomcat5-webapps\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2007-0569.html", "edition": 3, "modified": "2007-09-28T08:06:39", "published": "2007-07-22T15:57:46", "href": "http://lists.centos.org/pipermail/centos-announce/2007-July/026105.html", "id": "CESA-2007:0569", "title": "tomcat5 security update", "type": "centos", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "redhat": [{"lastseen": "2019-08-13T18:46:27", "bulletinFamily": "unix", "cvelist": ["CVE-2007-2449", "CVE-2007-2450"], "description": "Tomcat is a servlet container for Java Servlet and JavaServer Pages (JSP)\r\ntechnologies.\r\n\r\nSome JSPs within the 'examples' web application did not escape user\r\nprovided data. If the JSP examples were accessible, this flaw could allow a\r\nremote attacker to perform cross-site scripting attacks (CVE-2007-2449).\r\n\r\nNote: it is recommended the 'examples' web application not be installed on\r\na production system.\r\n\r\nThe Manager and Host Manager web applications did not escape user provided\r\ndata. If a user is logged in to the Manager or Host Manager web\r\napplication, an attacker could perform a cross-site scripting attack\r\n(CVE-2007-2450).\r\n\r\nUsers of Tomcat should update to these erratum packages, which contain\r\nbackported patches to correct these issues.", "modified": "2017-09-08T12:12:24", "published": "2007-07-17T04:00:00", "id": "RHSA-2007:0569", "href": "https://access.redhat.com/errata/RHSA-2007:0569", "type": "redhat", "title": "(RHSA-2007:0569) Moderate: tomcat security update", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-08-13T18:45:26", "bulletinFamily": "unix", "cvelist": ["CVE-2007-1358", "CVE-2007-2449", "CVE-2007-2450", "CVE-2007-3382", "CVE-2007-3385", "CVE-2007-3386"], "description": "Tomcat is a servlet container for Java Servlet and Java Server Pages\r\ntechnologies.\r\n\r\nTomcat incorrectly handled \"Accept-Language\" headers that do not conform to\r\nRFC 2616. An attacker was able to perform cross-site scripting (XSS)\r\nattacks in certain applications (CVE-2007-1358).\r\n\r\nSome JSPs within the 'examples' web application did not escape user\r\nprovided data. If the JSP examples were accessible, this flaw could allow a\r\nremote attacker to perform cross-site scripting attacks (CVE-2007-2449).\r\n\r\nNote: it is recommended the 'examples' web application not be installed on\r\na production system.\r\n\r\nThe Manager and Host Manager web applications did not escape user provided\r\ndata. If a user is logged in to the Manager or Host Manager web\r\napplication, an attacker could perform a cross-site scripting attack\r\n(CVE-2007-2450). \r\n\r\nTomcat was found treating single quote characters -- ' -- as delimiters in\r\ncookies. This could allow remote attackers to obtain sensitive information,\r\nsuch as session IDs, for session hijacking attacks (CVE-2007-3382).\r\n\r\nIt was reported Tomcat did not properly handle the following character\r\nsequence in a cookie: \\\" (a backslash followed by a double-quote). It was\r\npossible remote attackers could use this failure to obtain sensitive\r\ninformation, such as session IDs, for session hijacking attacks\r\n(CVE-2007-3385).\r\n\r\nA cross-site scripting (XSS) vulnerability existed in the Host Manager\r\nServlet. This allowed remote attackers to inject arbitrary HTML and web\r\nscript via crafted requests (CVE-2007-3386).\r\n\r\nUsers of Tomcat should update to these erratum packages, which contain\r\nbackported patches and are not vulnerable to these issues.", "modified": "2019-03-22T23:43:59", "published": "2007-10-11T04:00:00", "id": "RHSA-2007:0876", "href": "https://access.redhat.com/errata/RHSA-2007:0876", "type": "redhat", "title": "(RHSA-2007:0876) Moderate: tomcat security update", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-08-13T18:46:58", "bulletinFamily": "unix", "cvelist": ["CVE-2005-4838", "CVE-2006-0254", "CVE-2006-0898", "CVE-2007-1349", "CVE-2007-1355", "CVE-2007-1358", "CVE-2007-2449", "CVE-2007-5461", "CVE-2007-6306", "CVE-2008-0128", "CVE-2008-2369"], "description": "During an internal security audit, it was discovered that Red Hat Network\nSatellite Server shipped with an XML-RPC script, manzier.pxt, which had a\nsingle hard-coded authentication key. A remote attacker who is able to\nconnect to the Satellite Server XML-RPC service could use this flaw to\nobtain limited information about Satellite Server users, such as login\nnames, associated email addresses, internal user IDs, and partial\ninformation about entitlements. (CVE-2008-2369)\n\nThis release also corrects several security vulnerabilities in various\ncomponents shipped as part of Red Hat Network Satellite Server 5.1. In a\ntypical operating environment, these components are not exposed to users\nof Satellite Server in a vulnerable manner. These security updates will\nreduce risk in unique Satellite Server environments.\n\nA denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349)\n\nMultiple cross-site scripting flaws were fixed in the image map feature in\nthe JFreeChart package. (CVE-2007-6306)\n\nA flaw which could result in weak encryption was fixed in the\nperl-Crypt-CBC package. (CVE-2006-0898)\n\nMultiple flaws were fixed in the Apache Tomcat package. (CVE-2005-4838,\nCVE-2006-0254, CVE-2007-1355, CVE-2007-1358, CVE-2007-2449, CVE-2007-5461,\nCVE-2008-0128)\n\nUsers of Red Hat Network Satellite Server 5.1 are advised to upgrade to\n5.1.1, which resolves these issues.", "modified": "2019-03-22T23:44:36", "published": "2008-08-13T04:00:00", "id": "RHSA-2008:0630", "href": "https://access.redhat.com/errata/RHSA-2008:0630", "type": "redhat", "title": "(RHSA-2008:0630) Low: Red Hat Network Satellite Server security update", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-08-13T18:46:36", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0687", "CVE-2004-0688", "CVE-2004-0885", "CVE-2004-0914", "CVE-2005-0605", "CVE-2005-2090", "CVE-2005-3510", "CVE-2005-3964", "CVE-2005-4838", "CVE-2006-0254", "CVE-2006-0898", "CVE-2006-1329", "CVE-2006-3835", "CVE-2006-5752", "CVE-2006-7195", "CVE-2006-7196", "CVE-2006-7197", "CVE-2007-0243", "CVE-2007-0450", "CVE-2007-1349", "CVE-2007-1355", "CVE-2007-1358", "CVE-2007-1860", "CVE-2007-2435", "CVE-2007-2449", "CVE-2007-2450", "CVE-2007-2788", "CVE-2007-2789", "CVE-2007-3304", "CVE-2007-3382", "CVE-2007-3385", "CVE-2007-4465", "CVE-2007-5000", "CVE-2007-5461", "CVE-2007-6306", "CVE-2007-6388", "CVE-2008-0128"], "description": "This release corrects several security vulnerabilities in various\ncomponents shipped as part of the Red Hat Network Satellite Server 4.2. In\na typical operating environment, these components are not exposed to users\nof Satellite Server in a vulnerable manner. These security updates will\nreduce risk in unique Satellite Server environments.\n\nMultiple flaws were fixed in the Apache HTTPD server. These flaws could\nresult in a cross-site scripting, denial-of-service, or information\ndisclosure attacks. (CVE-2004-0885, CVE-2006-5752, CVE-2006-7197,\nCVE-2007-1860, CVE-2007-3304, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388)\n\nA denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349)\n\nA denial-of-service flaw was fixed in the jabberd server. (CVE-2006-1329)\n\nMultiple cross-site scripting flaws were fixed in the image map feature in\nthe JFreeChart package. (CVE-2007-6306)\n\nMultiple flaws were fixed in the IBM Java 1.4.2 Runtime. (CVE-2007-0243,\nCVE-2007-2435, CVE-2007-2788, CVE-2007-2789)\n\nMultiple flaws were fixed in the OpenMotif package. (CVE-2004-0687,\nCVE-2004-0688, CVE-2004-0914, CVE-2005-3964, CVE-2005-0605)\n\nA flaw which could result in weak encryption was fixed in the\nperl-Crypt-CBC package. (CVE-2006-0898)\n\nMultiple flaws were fixed in the Tomcat package. (CVE-2008-0128,\nCVE-2007-5461, CVE-2007-3385, CVE-2007-3382, CVE-2007-1358, CVE-2007-1355,\nCVE-2007-2450, CVE-2007-2449, CVE-2007-0450, CVE-2006-7196, CVE-2006-7195,\nCVE-2006-3835, CVE-2006-0254, CVE-2005-2090, CVE-2005-4838, CVE-2005-3510)\n\nUsers of Red Hat Network Satellite Server 4.2 are advised to upgrade to\n4.2.3, which resolves these issues.", "modified": "2019-03-22T23:44:23", "published": "2008-06-30T04:00:00", "id": "RHSA-2008:0524", "href": "https://access.redhat.com/errata/RHSA-2008:0524", "type": "redhat", "title": "(RHSA-2008:0524) Low: Red Hat Network Satellite Server security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:52", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0885", "CVE-2005-0605", "CVE-2005-2090", "CVE-2005-3510", "CVE-2005-3964", "CVE-2005-4838", "CVE-2006-0254", "CVE-2006-0898", "CVE-2006-1329", "CVE-2006-3835", "CVE-2006-5752", "CVE-2006-7195", "CVE-2006-7196", "CVE-2006-7197", "CVE-2007-0243", "CVE-2007-0450", "CVE-2007-1349", "CVE-2007-1355", "CVE-2007-1358", "CVE-2007-1860", "CVE-2007-2435", "CVE-2007-2449", "CVE-2007-2450", "CVE-2007-2788", "CVE-2007-2789", "CVE-2007-3304", "CVE-2007-3382", "CVE-2007-3385", "CVE-2007-4465", "CVE-2007-5000", "CVE-2007-5461", "CVE-2007-5961", "CVE-2007-6306", "CVE-2007-6388", "CVE-2008-0128"], "description": "During an internal security review, a cross-site scripting flaw was found\nthat affected the Red Hat Network channel search feature. (CVE-2007-5961)\n\nThis release also corrects several security vulnerabilities in various\ncomponents shipped as part of the Red Hat Network Satellite Server. In a\ntypical operating environment, these components are not exposed to users of\nSatellite Server in a vulnerable manner. These security updates will reduce\nrisk in unique Satellite Server environments.\n\nMultiple flaws were fixed in the Apache HTTPD server. These flaws could\nresult in a cross-site scripting, denial-of-service, or information\ndisclosure attacks. (CVE-2004-0885, CVE-2006-5752, CVE-2006-7197,\nCVE-2007-1860, CVE-2007-3304, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388)\n\nA denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349)\n\nA denial-of-service flaw was fixed in the jabberd server. (CVE-2006-1329)\n\nMultiple cross-site scripting flaws were fixed in the image map feature in\nthe JFreeChart package. (CVE-2007-6306)\n\nMultiple flaws were fixed in the IBM Java 1.4.2 Runtime. (CVE-2007-0243,\nCVE-2007-2435, CVE-2007-2788, CVE-2007-2789)\n\nTwo arbitrary code execution flaws were fixed in the OpenMotif package.\n(CVE-2005-3964, CVE-2005-0605)\n\nA flaw which could result in weak encryption was fixed in the\nperl-Crypt-CBC package. (CVE-2006-0898)\n\nMultiple flaws were fixed in the Tomcat package. (CVE-2008-0128,\nCVE-2007-5461, CVE-2007-3385, CVE-2007-3382, CVE-2007-1358, CVE-2007-1355,\nCVE-2007-2450, CVE-2007-2449, CVE-2007-0450, CVE-2006-7196, CVE-2006-7195,\nCVE-2006-3835, CVE-2006-0254, CVE-2005-2090, CVE-2005-4838, CVE-2005-3510)\n\nUsers of Red Hat Network Satellite Server 5.0 are advised to upgrade to\n5.0.2, which resolves these issues.", "modified": "2019-03-22T23:44:36", "published": "2008-05-20T04:00:00", "id": "RHSA-2008:0261", "href": "https://access.redhat.com/errata/RHSA-2008:0261", "type": "redhat", "title": "(RHSA-2008:0261) Moderate: Red Hat Network Satellite Server security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:39:26", "bulletinFamily": "unix", "cvelist": ["CVE-2007-2450", "CVE-2007-2449"], "description": " [5.5.23-0jpp.1.0.4.el5]\n - Remove erroneous rebuild-gcj-db for javadoc subpackage\n - Add fixes for CVE-2007-2449 and CVE-2007-2450\n - resolves: bug 244846, bug 244816 ", "edition": 4, "modified": "2007-07-17T00:00:00", "published": "2007-07-17T00:00:00", "id": "ELSA-2007-0569", "href": "http://linux.oracle.com/errata/ELSA-2007-0569.html", "title": "Moderate: tomcat security update ", "type": "oraclelinux", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "openvas": [{"lastseen": "2020-03-14T18:59:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2450", "CVE-2007-2449"], "description": "Oracle Linux Local Security Checks ELSA-2007-0569", "modified": "2020-03-13T00:00:00", "published": "2015-10-08T00:00:00", "id": "OPENVAS:1361412562310122674", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122674", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2007-0569", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122674\");\n script_version(\"2020-03-13T10:06:41+0000\");\n script_tag(name:\"creation_date\", value:\"2015-10-08 14:50:51 +0300 (Thu, 08 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 10:06:41 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Oracle Linux Local Check: ELSA-2007-0569\");\n script_tag(name:\"insight\", value:\"ELSA-2007-0569 - Moderate: tomcat security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2007-0569\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2007-0569.html\");\n script_cve_id(\"CVE-2007-2449\", \"CVE-2007-2450\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.23~0jpp.1.0.4.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.23~0jpp.1.0.4.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.23~0jpp.1.0.4.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.23~0jpp.1.0.4.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.23~0jpp.1.0.4.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.23~0jpp.1.0.4.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.23~0jpp.1.0.4.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.23~0jpp.1.0.4.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.23~0jpp.1.0.4.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.23~0jpp.1.0.4.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.23~0jpp.1.0.4.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2017-07-26T08:55:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2449", "CVE-2007-1858"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache2-jakarta-tomcat-connectors\n jakarta-tomcat-doc\n apache-jakarta-tomcat-connectors\n jakarta-tomcat\n jakarta-tomcat-examples\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5023110 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:65285", "href": "http://plugins.openvas.org/nasl.php?oid=65285", "type": "openvas", "title": "SLES9: Security update for Tomcat", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5023110.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for Tomcat\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache2-jakarta-tomcat-connectors\n jakarta-tomcat-doc\n apache-jakarta-tomcat-connectors\n jakarta-tomcat\n jakarta-tomcat-examples\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5023110 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65285);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2007-2449\", \"CVE-2007-1858\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"SLES9: Security update for Tomcat\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"apache2-jakarta-tomcat-connectors\", rpm:\"apache2-jakarta-tomcat-connectors~5.0.19~29.13\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-26T08:56:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2449", "CVE-2007-1858"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n tomcat5\n tomcat5-admin-webapps\n tomcat5-webapps\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-13T00:00:00", "id": "OPENVAS:65993", "href": "http://plugins.openvas.org/nasl.php?oid=65993", "type": "openvas", "title": "SLES10: Security update for Tomcat 5", "sourceData": "#\n#VID slesp1-tomcat5-5070\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for Tomcat 5\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n tomcat5\n tomcat5-admin-webapps\n tomcat5-webapps\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_id(65993);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2007-2449\", \"CVE-2007-1858\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"SLES10: Security update for Tomcat 5\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.0.30~27.26\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.0.30~27.26\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.0.30~27.26\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-04-06T11:40:42", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2449", "CVE-2007-1858"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n tomcat5\n tomcat5-admin-webapps\n tomcat5-webapps\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-13T00:00:00", "id": "OPENVAS:136141256231065993", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065993", "type": "openvas", "title": "SLES10: Security update for Tomcat 5", "sourceData": "#\n#VID slesp1-tomcat5-5070\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for Tomcat 5\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n tomcat5\n tomcat5-admin-webapps\n tomcat5-webapps\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65993\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2007-2449\", \"CVE-2007-1858\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"SLES10: Security update for Tomcat 5\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.0.30~27.26\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.0.30~27.26\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.0.30~27.26\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-04-06T11:37:15", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2449", "CVE-2007-1858"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache2-jakarta-tomcat-connectors\n jakarta-tomcat-doc\n apache-jakarta-tomcat-connectors\n jakarta-tomcat\n jakarta-tomcat-examples\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5023110 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:136141256231065285", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065285", "type": "openvas", "title": "SLES9: Security update for Tomcat", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5023110.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for Tomcat\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache2-jakarta-tomcat-connectors\n jakarta-tomcat-doc\n apache-jakarta-tomcat-connectors\n jakarta-tomcat\n jakarta-tomcat-examples\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5023110 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65285\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2007-2449\", \"CVE-2007-1858\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"SLES9: Security update for Tomcat\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"apache2-jakarta-tomcat-connectors\", rpm:\"apache2-jakarta-tomcat-connectors~5.0.19~29.13\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-04-09T11:38:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3382", "CVE-2007-2450", "CVE-2007-2449", "CVE-2007-3386", "CVE-2007-5461", "CVE-2007-0450", "CVE-2007-3385"], "description": "Check for the Version of tomcat5", "modified": "2018-04-06T00:00:00", "published": "2009-04-09T00:00:00", "id": "OPENVAS:1361412562310830069", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830069", "type": "openvas", "title": "Mandriva Update for tomcat5 MDKSA-2007:241 (tomcat5)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for tomcat5 MDKSA-2007:241 (tomcat5)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A number of vulnerabilities were found in Tomcat:\n\n A directory traversal vulnerability, when using certain proxy modules,\n allows a remote attacker to read arbitrary files via a .. (dot dot)\n sequence with various slash, backslash, or url-encoded backslash\n characters (CVE-2007-0450; affects Mandriva Linux 2007.1 only).\n \n Multiple cross-site scripting vulnerabilities in certain JSP files\n allow remote attackers to inject arbitrary web script or HTML\n (CVE-2007-2449).\n \n Multiple cross-site scripting vulnerabilities in the Manager and Host\n Manager web applications allow remote authenticated users to inject\n arbitrary web script or HTML (CVE-2007-2450).\n \n Tomcat treated single quotes as delimiters in cookies, which could\n cause sensitive information such as session IDs to be leaked and allow\n remote attackers to conduct session hijacking attacks (CVE-2007-3382).\n \n Tomcat did not properly handle the &quot; character sequence in a cookie\n value, which could cause sensitive information such as session IDs\n to be leaked and allow remote attackers to conduct session hijacking\n attacks (CVE-2007-3385).\n \n A cross-site scripting vulnerability in the Host Manager servlet\n allowed remote attackers to inject arbitrary HTML and web script via\n crafted attacks (CVE-2007-3386).\n \n Finally, an absolute path traversal vulnerability, under certain\n configurations, allows remote authenticated users to read arbitrary\n files via a WebDAV write request that specifies an entity with a\n SYSTEM tag (CVE-2007-5461).\n \n The updated packages have been patched to correct these issues.\";\n\ntag_affected = \"tomcat5 on Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64,\n Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2007-12/msg00009.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830069\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:00:25 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"MDKSA\", value: \"2007:241\");\n script_cve_id(\"CVE-2007-0450\", \"CVE-2007-2449\", \"CVE-2007-2450\", \"CVE-2007-3382\", \"CVE-2007-3385\", \"CVE-2007-3386\", \"CVE-2007-5461\");\n script_name( \"Mandriva Update for tomcat5 MDKSA-2007:241 (tomcat5)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of tomcat5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.17~6.2.4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.17~6.2.4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.17~6.2.4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.17~6.2.4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.17~6.2.4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp\", rpm:\"tomcat5-jsp~2.0~api~5.5.17~6.2.4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp\", rpm:\"tomcat5-jsp~2.0~api~javadoc~5.5.17~6.2.4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.17~6.2.4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet\", rpm:\"tomcat5-servlet~2.4~api~5.5.17~6.2.4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet\", rpm:\"tomcat5-servlet~2.4~api~javadoc~5.5.17~6.2.4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.17~6.2.4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.23~9.2.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.23~9.2.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.23~9.2.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.23~9.2.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.23~9.2.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp\", rpm:\"tomcat5-jsp~2.0~api~5.5.23~9.2.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp\", rpm:\"tomcat5-jsp~2.0~api~javadoc~5.5.23~9.2.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.23~9.2.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet\", rpm:\"tomcat5-servlet~2.4~api~5.5.23~9.2.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet\", rpm:\"tomcat5-servlet~2.4~api~javadoc~5.5.23~9.2.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.23~9.2.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-24T12:56:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3382", "CVE-2007-2450", "CVE-2007-2449", "CVE-2007-3386", "CVE-2007-5461", "CVE-2007-0450", "CVE-2007-3385"], "description": "Check for the Version of tomcat5", "modified": "2017-07-06T00:00:00", "published": "2009-04-09T00:00:00", "id": "OPENVAS:830069", "href": "http://plugins.openvas.org/nasl.php?oid=830069", "type": "openvas", "title": "Mandriva Update for tomcat5 MDKSA-2007:241 (tomcat5)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for tomcat5 MDKSA-2007:241 (tomcat5)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A number of vulnerabilities were found in Tomcat:\n\n A directory traversal vulnerability, when using certain proxy modules,\n allows a remote attacker to read arbitrary files via a .. (dot dot)\n sequence with various slash, backslash, or url-encoded backslash\n characters (CVE-2007-0450; affects Mandriva Linux 2007.1 only).\n \n Multiple cross-site scripting vulnerabilities in certain JSP files\n allow remote attackers to inject arbitrary web script or HTML\n (CVE-2007-2449).\n \n Multiple cross-site scripting vulnerabilities in the Manager and Host\n Manager web applications allow remote authenticated users to inject\n arbitrary web script or HTML (CVE-2007-2450).\n \n Tomcat treated single quotes as delimiters in cookies, which could\n cause sensitive information such as session IDs to be leaked and allow\n remote attackers to conduct session hijacking attacks (CVE-2007-3382).\n \n Tomcat did not properly handle the &quot; character sequence in a cookie\n value, which could cause sensitive information such as session IDs\n to be leaked and allow remote attackers to conduct session hijacking\n attacks (CVE-2007-3385).\n \n A cross-site scripting vulnerability in the Host Manager servlet\n allowed remote attackers to inject arbitrary HTML and web script via\n crafted attacks (CVE-2007-3386).\n \n Finally, an absolute path traversal vulnerability, under certain\n configurations, allows remote authenticated users to read arbitrary\n files via a WebDAV write request that specifies an entity with a\n SYSTEM tag (CVE-2007-5461).\n \n The updated packages have been patched to correct these issues.\";\n\ntag_affected = \"tomcat5 on Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64,\n Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2007-12/msg00009.php\");\n script_id(830069);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:00:25 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"MDKSA\", value: \"2007:241\");\n script_cve_id(\"CVE-2007-0450\", \"CVE-2007-2449\", \"CVE-2007-2450\", \"CVE-2007-3382\", \"CVE-2007-3385\", \"CVE-2007-3386\", \"CVE-2007-5461\");\n script_name( \"Mandriva Update for tomcat5 MDKSA-2007:241 (tomcat5)\");\n\n script_summary(\"Check for the Version of tomcat5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.17~6.2.4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.17~6.2.4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.17~6.2.4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.17~6.2.4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.17~6.2.4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp\", rpm:\"tomcat5-jsp~2.0~api~5.5.17~6.2.4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp\", rpm:\"tomcat5-jsp~2.0~api~javadoc~5.5.17~6.2.4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.17~6.2.4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet\", rpm:\"tomcat5-servlet~2.4~api~5.5.17~6.2.4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet\", rpm:\"tomcat5-servlet~2.4~api~javadoc~5.5.17~6.2.4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.17~6.2.4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.23~9.2.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.23~9.2.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.23~9.2.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.23~9.2.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.23~9.2.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp\", rpm:\"tomcat5-jsp~2.0~api~5.5.23~9.2.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp\", rpm:\"tomcat5-jsp~2.0~api~javadoc~5.5.23~9.2.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.23~9.2.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet\", rpm:\"tomcat5-servlet~2.4~api~5.5.23~9.2.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet\", rpm:\"tomcat5-servlet~2.4~api~javadoc~5.5.23~9.2.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.23~9.2.10.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-25T10:56:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1355", "CVE-2007-3382", "CVE-2007-2450", "CVE-2007-2449", "CVE-2007-3386", "CVE-2007-5461", "CVE-2007-3385", "CVE-2007-1358"], "description": "Check for the Version of tomcat5", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "id": "OPENVAS:861582", "href": "http://plugins.openvas.org/nasl.php?oid=861582", "type": "openvas", "title": "Fedora Update for tomcat5 FEDORA-2007-3474", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tomcat5 FEDORA-2007-3474\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Tomcat is the servlet container that is used in the official Reference\n Implementation for the Java Servlet and JavaServer Pages technologies.\n The Java Servlet and JavaServer Pages specifications are developed by\n Sun under the Java Community Process.\n\n Tomcat is developed in an open and participatory environment and\n released under the Apache Software License. Tomcat is intended to be\n a collaboration of the best-of-breed developers from around the world.\n We invite you to participate in this open development project. To\n learn more about getting involved, click here.\";\n\ntag_affected = \"tomcat5 on Fedora 8\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00545.html\");\n script_id(861582);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:23:18 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2007-3474\");\n script_cve_id(\"CVE-2007-1355\", \"CVE-2007-3386\", \"CVE-2007-3385\", \"CVE-2007-3382\", \"CVE-2007-2450\", \"CVE-2007-2449\", \"CVE-2007-5461\", \"CVE-2007-1358\");\n script_name( \"Fedora Update for tomcat5 FEDORA-2007-3474\");\n\n script_summary(\"Check for the Version of tomcat5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.25~1jpp.1.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-eclipse\", rpm:\"tomcat5-jasper-eclipse~5.5.25~1jpp.1.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-debuginfo\", rpm:\"tomcat5-debuginfo~5.5.25~1jpp.1.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.25~1jpp.1.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.25~1jpp.1.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.25~1jpp.1.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.25~1jpp.1.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.25~1jpp.1.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.25~1jpp.1.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.25~1jpp.1.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.25~1jpp.1.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.25~1jpp.1.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.25~1jpp.1.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-25T10:56:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1355", "CVE-2007-3382", "CVE-2007-2450", "CVE-2007-2449", "CVE-2007-3386", "CVE-2007-5461", "CVE-2007-3385", "CVE-2007-1358"], "description": "Check for the Version of tomcat5", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "id": "OPENVAS:861516", "href": "http://plugins.openvas.org/nasl.php?oid=861516", "type": "openvas", "title": "Fedora Update for tomcat5 FEDORA-2007-3456", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tomcat5 FEDORA-2007-3456\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Tomcat is the servlet container that is used in the official Reference\n Implementation for the Java Servlet and JavaServer Pages technologies.\n The Java Servlet and JavaServer Pages specifications are developed by\n Sun under the Java Community Process.\n\n Tomcat is developed in an open and participatory environment and\n released under the Apache Software License. Tomcat is intended to be\n a collaboration of the best-of-breed developers from around the world.\n We invite you to participate in this open development project. To\n learn more about getting involved, click here.\";\n\ntag_affected = \"tomcat5 on Fedora 7\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html\");\n script_id(861516);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:23:18 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2007-3456\");\n script_cve_id(\"CVE-2007-1355\", \"CVE-2007-3386\", \"CVE-2007-3385\", \"CVE-2007-3382\", \"CVE-2007-2450\", \"CVE-2007-2449\", \"CVE-2007-5461\", \"CVE-2007-1358\");\n script_name( \"Fedora Update for tomcat5 FEDORA-2007-3456\");\n\n script_summary(\"Check for the Version of tomcat5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.25~1jpp.1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.25~1jpp.1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.25~1jpp.1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.25~1jpp.1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.25~1jpp.1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.25~1jpp.1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.25~1jpp.1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-eclipse\", rpm:\"tomcat5-jasper-eclipse~5.5.25~1jpp.1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.25~1jpp.1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.25~1jpp.1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.25~1jpp.1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-debuginfo\", rpm:\"tomcat5-debuginfo~5.5.25~1jpp.1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.25~1jpp.1.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-25T10:56:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5342", "CVE-2007-1355", "CVE-2007-5333", "CVE-2007-3382", "CVE-2007-2450", "CVE-2007-2449", "CVE-2007-3386", "CVE-2007-5461", "CVE-2007-6286", "CVE-2007-3385", "CVE-2007-1358", "CVE-2008-0002"], "description": "Check for the Version of tomcat5", "modified": "2017-07-10T00:00:00", "published": "2009-02-16T00:00:00", "id": "OPENVAS:860345", "href": "http://plugins.openvas.org/nasl.php?oid=860345", "type": "openvas", "title": "Fedora Update for tomcat5 FEDORA-2008-1603", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tomcat5 FEDORA-2008-1603\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Tomcat is the servlet container that is used in the official Reference\n Implementation for the Java Servlet and JavaServer Pages technologies.\n The Java Servlet and JavaServer Pages specifications are developed by\n Sun under the Java Community Process.\n\n Tomcat is developed in an open and participatory environment and\n released under the Apache Software License. Tomcat is intended to be\n a collaboration of the best-of-breed developers from around the world.\n We invite you to participate in this open development project. To\n learn more about getting involved, click here.\";\n\ntag_affected = \"tomcat5 on Fedora 8\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00460.html\");\n script_id(860345);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-16 14:16:57 +0100 (Mon, 16 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2008-1603\");\n script_cve_id(\"CVE-2007-5342\", \"CVE-2007-5333\", \"CVE-2007-5461\", \"CVE-2007-6286\", \"CVE-2007-1355\", \"CVE-2007-3386\", \"CVE-2007-3385\", \"CVE-2007-3382\", \"CVE-2007-2450\", \"CVE-2007-2449\", \"CVE-2007-1358\", \"CVE-2008-0002\");\n script_name( \"Fedora Update for tomcat5 FEDORA-2008-1603\");\n\n script_summary(\"Check for the Version of tomcat5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.26~1jpp.2.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "nessus": [{"lastseen": "2021-01-17T12:44:00", "description": "From Red Hat Security Advisory 2007:0569 :\n\nUpdated tomcat packages that fix two security issues and a packaging\nbug are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nTomcat is a servlet container for Java Servlet and JavaServer Pages\n(JSP) technologies.\n\nSome JSPs within the 'examples' web application did not escape user\nprovided data. If the JSP examples were accessible, this flaw could\nallow a remote attacker to perform cross-site scripting attacks\n(CVE-2007-2449).\n\nNote: it is recommended the 'examples' web application not be\ninstalled on a production system.\n\nThe Manager and Host Manager web applications did not escape user\nprovided data. If a user is logged in to the Manager or Host Manager\nweb application, an attacker could perform a cross-site scripting\nattack (CVE-2007-2450).\n\nUsers of Tomcat should update to these erratum packages, which contain\nbackported patches to correct these issues.", "edition": 25, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 5 : tomcat (ELSA-2007-0569)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2450", "CVE-2007-2449"], "modified": "2013-07-12T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:tomcat5-jasper", "p-cpe:/a:oracle:linux:tomcat5-jsp-2.0-api-javadoc", "p-cpe:/a:oracle:linux:tomcat5-servlet-2.4-api", "p-cpe:/a:oracle:linux:tomcat5", "p-cpe:/a:oracle:linux:tomcat5-jasper-javadoc", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:tomcat5-admin-webapps", "p-cpe:/a:oracle:linux:tomcat5-servlet-2.4-api-javadoc", "p-cpe:/a:oracle:linux:tomcat5-server-lib", "p-cpe:/a:oracle:linux:tomcat5-webapps", "p-cpe:/a:oracle:linux:tomcat5-common-lib", "p-cpe:/a:oracle:linux:tomcat5-jsp-2.0-api"], "id": "ORACLELINUX_ELSA-2007-0569.NASL", "href": "https://www.tenable.com/plugins/nessus/67536", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2007:0569 and \n# Oracle Linux Security Advisory ELSA-2007-0569 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67536);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-2449\", \"CVE-2007-2450\");\n script_bugtraq_id(24475, 24476);\n script_xref(name:\"RHSA\", value:\"2007:0569\");\n\n script_name(english:\"Oracle Linux 5 : tomcat (ELSA-2007-0569)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2007:0569 :\n\nUpdated tomcat packages that fix two security issues and a packaging\nbug are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nTomcat is a servlet container for Java Servlet and JavaServer Pages\n(JSP) technologies.\n\nSome JSPs within the 'examples' web application did not escape user\nprovided data. If the JSP examples were accessible, this flaw could\nallow a remote attacker to perform cross-site scripting attacks\n(CVE-2007-2449).\n\nNote: it is recommended the 'examples' web application not be\ninstalled on a production system.\n\nThe Manager and Host Manager web applications did not escape user\nprovided data. If a user is logged in to the Manager or Host Manager\nweb application, an attacker could perform a cross-site scripting\nattack (CVE-2007-2450).\n\nUsers of Tomcat should update to these erratum packages, which contain\nbackported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2007-July/000269.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-common-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-jasper-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-jsp-2.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-jsp-2.0-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-server-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-servlet-2.4-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-servlet-2.4-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/06/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-5.5.23-0jpp.1.0.4.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.1.0.4.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-common-lib-5.5.23-0jpp.1.0.4.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-jasper-5.5.23-0jpp.1.0.4.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.1.0.4.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.1.0.4.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.1.0.4.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-server-lib-5.5.23-0jpp.1.0.4.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.1.0.4.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.1.0.4.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-webapps-5.5.23-0jpp.1.0.4.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat5 / tomcat5-admin-webapps / tomcat5-common-lib / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-17T14:02:15", "description": "This update of Tomcat fixes cross-site scripting bugs (CVE-2007-2449)\nas well as it improves the list of supported SSL ciphers.\n(CVE-2007-1858)", "edition": 23, "published": "2009-09-24T00:00:00", "title": "SuSE9 Security Update : Tomcat (YOU Patch Number 12116)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2449", "CVE-2007-1858"], "modified": "2009-09-24T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE9_12116.NASL", "href": "https://www.tenable.com/plugins/nessus/41202", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41202);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-1858\", \"CVE-2007-2449\");\n\n script_name(english:\"SuSE9 Security Update : Tomcat (YOU Patch Number 12116)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of Tomcat fixes cross-site scripting bugs (CVE-2007-2449)\nas well as it improves the list of supported SSL ciphers.\n(CVE-2007-1858)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-1858.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-2449.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12116.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"apache-jakarta-tomcat-connectors-5.0.19-29.13\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"apache2-jakarta-tomcat-connectors-5.0.19-29.13\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"jakarta-tomcat-5.0.19-29.13\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"jakarta-tomcat-doc-5.0.19-29.13\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"jakarta-tomcat-examples-5.0.19-29.13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-17T14:47:12", "description": "This update of tomcat fixes cross-site scripting bugs (CVE-2007-2449)\nas well as it improves the list of supported SSL ciphers.\n(CVE-2007-1858)", "edition": 23, "published": "2008-03-26T00:00:00", "title": "SuSE 10 Security Update : Tomcat 5 (ZYPP Patch Number 5070)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2449", "CVE-2007-1858"], "modified": "2008-03-26T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_TOMCAT5-5070.NASL", "href": "https://www.tenable.com/plugins/nessus/31674", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31674);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-1858\", \"CVE-2007-2449\");\n\n script_name(english:\"SuSE 10 Security Update : Tomcat 5 (ZYPP Patch Number 5070)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of tomcat fixes cross-site scripting bugs (CVE-2007-2449)\nas well as it improves the list of supported SSL ciphers.\n(CVE-2007-1858)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-1858.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-2449.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 5070.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"tomcat5-5.0.30-27.26\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"tomcat5-admin-webapps-5.0.30-27.26\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"tomcat5-webapps-5.0.30-27.26\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-17T14:47:14", "description": "This update of tomcat fixes cross-site-scripting bugs (CVE-2007-2449)\nas well as it improves the list of supported SSL ciphers\n(CVE-2007-1858).", "edition": 23, "published": "2008-03-28T00:00:00", "title": "openSUSE 10 Security Update : tomcat55 (tomcat55-5069)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2449", "CVE-2007-1858"], "modified": "2008-03-28T00:00:00", "cpe": ["cpe:/o:novell:opensuse:10.3", "p-cpe:/a:novell:opensuse:tomcat55-jasper-javadoc", "p-cpe:/a:novell:opensuse:tomcat55-jsp-2_0-api", "p-cpe:/a:novell:opensuse:tomcat55-servlet-2_4-api", "p-cpe:/a:novell:opensuse:tomcat55-common-lib", "p-cpe:/a:novell:opensuse:tomcat55-servlet-2_4-api-javadoc", "p-cpe:/a:novell:opensuse:tomcat55", "p-cpe:/a:novell:opensuse:tomcat55-admin-webapps", "p-cpe:/a:novell:opensuse:tomcat55-webapps", "p-cpe:/a:novell:opensuse:tomcat55-server-lib", "p-cpe:/a:novell:opensuse:tomcat55-jsp-2_0-api-javadoc", "p-cpe:/a:novell:opensuse:tomcat55-jasper"], "id": "SUSE_TOMCAT55-5069.NASL", "href": "https://www.tenable.com/plugins/nessus/31698", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update tomcat55-5069.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31698);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-1858\", \"CVE-2007-2449\");\n\n script_name(english:\"openSUSE 10 Security Update : tomcat55 (tomcat55-5069)\");\n script_summary(english:\"Check for the tomcat55-5069 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of tomcat fixes cross-site-scripting bugs (CVE-2007-2449)\nas well as it improves the list of supported SSL ciphers\n(CVE-2007-1858).\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat55 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat55\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat55-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat55-common-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat55-jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat55-jasper-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat55-jsp-2_0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat55-jsp-2_0-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat55-server-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat55-servlet-2_4-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat55-servlet-2_4-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat55-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.3\", reference:\"tomcat55-5.5.23-113.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"tomcat55-admin-webapps-5.5.23-113.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"tomcat55-common-lib-5.5.23-113.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"tomcat55-jasper-5.5.23-113.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"tomcat55-jasper-javadoc-5.5.23-113.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"tomcat55-jsp-2_0-api-5.5.23-113.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"tomcat55-jsp-2_0-api-javadoc-5.5.23-113.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"tomcat55-server-lib-5.5.23-113.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"tomcat55-servlet-2_4-api-5.5.23-113.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"tomcat55-servlet-2_4-api-javadoc-5.5.23-113.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"tomcat55-webapps-5.5.23-113.5\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-06T09:25:09", "description": "Updated tomcat packages that fix two security issues and a packaging\nbug are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nTomcat is a servlet container for Java Servlet and JavaServer Pages\n(JSP) technologies.\n\nSome JSPs within the 'examples' web application did not escape user\nprovided data. If the JSP examples were accessible, this flaw could\nallow a remote attacker to perform cross-site scripting attacks\n(CVE-2007-2449).\n\nNote: it is recommended the 'examples' web application not be\ninstalled on a production system.\n\nThe Manager and Host Manager web applications did not escape user\nprovided data. If a user is logged in to the Manager or Host Manager\nweb application, an attacker could perform a cross-site scripting\nattack (CVE-2007-2450).\n\nUsers of Tomcat should update to these erratum packages, which contain\nbackported patches to correct these issues.", "edition": 27, "published": "2007-07-27T00:00:00", "title": "CentOS 5 : tomcat (CESA-2007:0569)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2450", "CVE-2007-2449"], "modified": "2007-07-27T00:00:00", "cpe": ["p-cpe:/a:centos:centos:tomcat5", "p-cpe:/a:centos:centos:tomcat5-webapps", "p-cpe:/a:centos:centos:tomcat5-jsp-2.0-api", "p-cpe:/a:centos:centos:tomcat5-server-lib", "p-cpe:/a:centos:centos:tomcat5-admin-webapps", "p-cpe:/a:centos:centos:tomcat5-servlet-2.4-api", "p-cpe:/a:centos:centos:tomcat5-jasper-javadoc", "p-cpe:/a:centos:centos:tomcat5-common-lib", "cpe:/o:centos:centos:5", "p-cpe:/a:centos:centos:tomcat5-servlet-2.4-api-javadoc", "p-cpe:/a:centos:centos:tomcat5-jasper", "p-cpe:/a:centos:centos:tomcat5-jsp-2.0-api-javadoc"], "id": "CENTOS_RHSA-2007-0569.NASL", "href": "https://www.tenable.com/plugins/nessus/25777", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:0569 and \n# CentOS Errata and Security Advisory 2007:0569 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(25777);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2007-2449\", \"CVE-2007-2450\");\n script_bugtraq_id(24475, 24476);\n script_xref(name:\"RHSA\", value:\"2007:0569\");\n\n script_name(english:\"CentOS 5 : tomcat (CESA-2007:0569)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated tomcat packages that fix two security issues and a packaging\nbug are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nTomcat is a servlet container for Java Servlet and JavaServer Pages\n(JSP) technologies.\n\nSome JSPs within the 'examples' web application did not escape user\nprovided data. If the JSP examples were accessible, this flaw could\nallow a remote attacker to perform cross-site scripting attacks\n(CVE-2007-2449).\n\nNote: it is recommended the 'examples' web application not be\ninstalled on a production system.\n\nThe Manager and Host Manager web applications did not escape user\nprovided data. If a user is logged in to the Manager or Host Manager\nweb application, an attacker could perform a cross-site scripting\nattack (CVE-2007-2450).\n\nUsers of Tomcat should update to these erratum packages, which contain\nbackported patches to correct these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-July/014067.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e099de5b\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-July/014068.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8de0b974\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-common-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-jasper-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-jsp-2.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-jsp-2.0-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-server-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-servlet-2.4-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-servlet-2.4-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/06/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/07/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-5.5.23-0jpp.1.0.4.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.1.0.4.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-common-lib-5.5.23-0jpp.1.0.4.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-jasper-5.5.23-0jpp.1.0.4.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.1.0.4.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.1.0.4.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.1.0.4.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-server-lib-5.5.23-0jpp.1.0.4.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.1.0.4.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.1.0.4.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-webapps-5.5.23-0jpp.1.0.4.el5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat5 / tomcat5-admin-webapps / tomcat5-common-lib / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-17T13:05:51", "description": "Updated tomcat packages that fix two security issues and a packaging\nbug are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nTomcat is a servlet container for Java Servlet and JavaServer Pages\n(JSP) technologies.\n\nSome JSPs within the 'examples' web application did not escape user\nprovided data. If the JSP examples were accessible, this flaw could\nallow a remote attacker to perform cross-site scripting attacks\n(CVE-2007-2449).\n\nNote: it is recommended the 'examples' web application not be\ninstalled on a production system.\n\nThe Manager and Host Manager web applications did not escape user\nprovided data. If a user is logged in to the Manager or Host Manager\nweb application, an attacker could perform a cross-site scripting\nattack (CVE-2007-2450).\n\nUsers of Tomcat should update to these erratum packages, which contain\nbackported patches to correct these issues.", "edition": 28, "published": "2007-07-18T00:00:00", "title": "RHEL 5 : tomcat (RHSA-2007:0569)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2450", "CVE-2007-2449"], "modified": "2007-07-18T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:tomcat5-jsp-2.0-api-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat5-servlet-2.4-api-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat5-server-lib", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:tomcat5-common-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat5-jasper-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat5-jsp-2.0-api", "p-cpe:/a:redhat:enterprise_linux:tomcat5", "p-cpe:/a:redhat:enterprise_linux:tomcat5-jasper", "p-cpe:/a:redhat:enterprise_linux:tomcat5-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat5-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat5-servlet-2.4-api"], "id": "REDHAT-RHSA-2007-0569.NASL", "href": "https://www.tenable.com/plugins/nessus/25724", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:0569. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(25724);\n script_version(\"1.26\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-2449\", \"CVE-2007-2450\");\n script_bugtraq_id(24475, 24476);\n script_xref(name:\"RHSA\", value:\"2007:0569\");\n\n script_name(english:\"RHEL 5 : tomcat (RHSA-2007:0569)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated tomcat packages that fix two security issues and a packaging\nbug are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nTomcat is a servlet container for Java Servlet and JavaServer Pages\n(JSP) technologies.\n\nSome JSPs within the 'examples' web application did not escape user\nprovided data. If the JSP examples were accessible, this flaw could\nallow a remote attacker to perform cross-site scripting attacks\n(CVE-2007-2449).\n\nNote: it is recommended the 'examples' web application not be\ninstalled on a production system.\n\nThe Manager and Host Manager web applications did not escape user\nprovided data. If a user is logged in to the Manager or Host Manager\nweb application, an attacker could perform a cross-site scripting\nattack (CVE-2007-2450).\n\nUsers of Tomcat should update to these erratum packages, which contain\nbackported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-2449\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-2450\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://tomcat.apache.org/security-5.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2007:0569\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-common-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-jasper-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-jsp-2.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-jsp-2.0-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-server-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-servlet-2.4-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-servlet-2.4-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/06/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/07/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2007:0569\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-5.5.23-0jpp.1.0.4.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-5.5.23-0jpp.1.0.4.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-5.5.23-0jpp.1.0.4.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.1.0.4.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.1.0.4.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.1.0.4.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-common-lib-5.5.23-0jpp.1.0.4.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-common-lib-5.5.23-0jpp.1.0.4.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-common-lib-5.5.23-0jpp.1.0.4.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-jasper-5.5.23-0jpp.1.0.4.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-jasper-5.5.23-0jpp.1.0.4.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-jasper-5.5.23-0jpp.1.0.4.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.1.0.4.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.1.0.4.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.1.0.4.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.1.0.4.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.1.0.4.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.1.0.4.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.1.0.4.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.1.0.4.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.1.0.4.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-server-lib-5.5.23-0jpp.1.0.4.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-server-lib-5.5.23-0jpp.1.0.4.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-server-lib-5.5.23-0jpp.1.0.4.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.1.0.4.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.1.0.4.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.1.0.4.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.1.0.4.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.1.0.4.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.1.0.4.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-webapps-5.5.23-0jpp.1.0.4.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-webapps-5.5.23-0jpp.1.0.4.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-webapps-5.5.23-0jpp.1.0.4.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat5 / tomcat5-admin-webapps / tomcat5-common-lib / etc\");\n }\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-17T14:47:12", "description": "This update of tomcat fixes cross-site-scripting bugs (CVE-2007-2449)\nas well as it improves the list of supported SSL ciphers\n(CVE-2007-1858).", "edition": 24, "published": "2008-03-26T00:00:00", "title": "openSUSE 10 Security Update : tomcat5 (tomcat5-5071)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2449", "CVE-2007-1858"], "modified": "2008-03-26T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:tomcat5-webapps", "cpe:/o:novell:opensuse:10.2", "p-cpe:/a:novell:opensuse:tomcat5", "p-cpe:/a:novell:opensuse:tomcat5-admin-webapps", "cpe:/o:novell:opensuse:10.1"], "id": "SUSE_TOMCAT5-5071.NASL", "href": "https://www.tenable.com/plugins/nessus/31675", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update tomcat5-5071.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31675);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-1858\", \"CVE-2007-2449\");\n\n script_name(english:\"openSUSE 10 Security Update : tomcat5 (tomcat5-5071)\");\n script_summary(english:\"Check for the tomcat5-5071 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of tomcat fixes cross-site-scripting bugs (CVE-2007-2449)\nas well as it improves the list of supported SSL ciphers\n(CVE-2007-1858).\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat5 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat5-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat5-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1|SUSE10\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1 / 10.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"tomcat5-5.0.30-27.26\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"tomcat5-admin-webapps-5.0.30-27.26\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"tomcat5-webapps-5.0.30-27.26\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"tomcat5-5.0.30-62\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"tomcat5-admin-webapps-5.0.30-62\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"tomcat5-webapps-5.0.30-62\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-17T13:43:45", "description": "Some JSPs within the 'examples' web application did not escape user\nprovided data. If the JSP examples were accessible, this flaw could\nallow a remote attacker to perform cross-site scripting attacks\n(CVE-2007-2449).\n\nNote: it is recommended the 'examples' web application not be\ninstalled on a production system.\n\nThe Manager and Host Manager web applications did not escape user\nprovided data. If a user is logged in to the Manager or Host Manager\nweb application, an attacker could perform a cross-site scripting\nattack (CVE-2007-2450).\n\nTomcat was found to accept multiple content-length headers in a\nrequest. This could allow attackers to poison a web-cache, bypass web\napplication firewall protection, or conduct cross-site scripting\nattacks. (CVE-2005-2090)\n\nTomcat permitted various characters as path delimiters. If Tomcat was\nused behind certain proxies and configured to only proxy some\ncontexts, an attacker could construct an HTTP request to work around\nthe context restriction and potentially access non-proxied content.\n(CVE-2007-0450)\n\nThe implict-objects.jsp file distributed in the examples webapp\ndisplayed a number of unfiltered header values. If the JSP examples\nwere accessible, this flaw could allow a remote attacker to perform\ncross-site scripting attacks. (CVE-2006-7195)", "edition": 26, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : tomcat on SL5.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-2090", "CVE-2007-2450", "CVE-2007-2449", "CVE-2006-7195", "CVE-2007-0450"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20070717_TOMCAT_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60227", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60227);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2005-2090\", \"CVE-2006-7195\", \"CVE-2007-0450\", \"CVE-2007-2449\", \"CVE-2007-2450\");\n\n script_name(english:\"Scientific Linux Security Update : tomcat on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Some JSPs within the 'examples' web application did not escape user\nprovided data. If the JSP examples were accessible, this flaw could\nallow a remote attacker to perform cross-site scripting attacks\n(CVE-2007-2449).\n\nNote: it is recommended the 'examples' web application not be\ninstalled on a production system.\n\nThe Manager and Host Manager web applications did not escape user\nprovided data. If a user is logged in to the Manager or Host Manager\nweb application, an attacker could perform a cross-site scripting\nattack (CVE-2007-2450).\n\nTomcat was found to accept multiple content-length headers in a\nrequest. This could allow attackers to poison a web-cache, bypass web\napplication firewall protection, or conduct cross-site scripting\nattacks. (CVE-2005-2090)\n\nTomcat permitted various characters as path delimiters. If Tomcat was\nused behind certain proxies and configured to only proxy some\ncontexts, an attacker could construct an HTTP request to work around\nthe context restriction and potentially access non-proxied content.\n(CVE-2007-0450)\n\nThe implict-objects.jsp file distributed in the examples webapp\ndisplayed a number of unfiltered header values. If the JSP examples\nwere accessible, this flaw could allow a remote attacker to perform\ncross-site scripting attacks. (CVE-2006-7195)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0709&L=scientific-linux-errata&T=0&P=1147\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fed9dabd\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_cwe_id(22, 79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"jakarta-commons-modeler-1.1-8jpp.1.0.2.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"jakarta-commons-modeler-javadoc-1.1-8jpp.1.0.2.el5\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"i386\", reference:\"tomcat5-5.5.23-0jpp.1.0.4.el5\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"x86_64\", reference:\"tomcat5-5.5.23-0jpp.1.0.4\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"i386\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.1.0.4.el5\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"x86_64\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.1.0.4\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"i386\", reference:\"tomcat5-common-lib-5.5.23-0jpp.1.0.4.el5\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"x86_64\", reference:\"tomcat5-common-lib-5.5.23-0jpp.1.0.4\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"i386\", reference:\"tomcat5-jasper-5.5.23-0jpp.1.0.4.el5\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"x86_64\", reference:\"tomcat5-jasper-5.5.23-0jpp.1.0.4\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"i386\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.1.0.4.el5\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"x86_64\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.1.0.4\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"i386\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.1.0.4.el5\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"x86_64\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.1.0.4\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"i386\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.1.0.4.el5\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"x86_64\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.1.0.4\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"i386\", reference:\"tomcat5-server-lib-5.5.23-0jpp.1.0.4.el5\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"x86_64\", reference:\"tomcat5-server-lib-5.5.23-0jpp.1.0.4\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"i386\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.1.0.4.el5\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"x86_64\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.1.0.4\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"i386\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.1.0.4.el5\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"x86_64\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.1.0.4\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"i386\", reference:\"tomcat5-webapps-5.5.23-0jpp.1.0.4.el5\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"x86_64\", reference:\"tomcat5-webapps-5.5.23-0jpp.1.0.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-09-14T19:09:28", "description": "According to its self-reported version number, the Apache Tomcat\ninstance listening on the remote host is prior to 6.0.14. It is,\ntherefore, affected by the following vulnerabilities :\n\n - Cross-site scripting (XSS) vulnerabilities exists due \n to improper validation of user-supplied input before \n returning it to users. An unauthenticated, remote attacker \n can exploit this, by convincing a user to click a specially \n crafted URL, to execute arbitrary script code in a user's \n browser session. (CVE-2007-2449, CVE-2007-2450, \n CVE-2007-3386)\n\n - Session hijacking vulnerabilities exists in Tomcat due to \n incorrect handling of specific special characters in cookie\n values. In certain cases an attacker could leverage this\n to leak sensitive information, such as the session ID.\n (CVE-2007-3382, CVE-2007-3385)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.", "edition": 11, "cvss3": {"score": 4.3, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}, "published": "2019-01-11T00:00:00", "title": "Apache Tomcat < 6.0.14 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3382", "CVE-2007-2450", "CVE-2007-2449", "CVE-2007-3386", "CVE-2007-3385"], "modified": "2019-01-11T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_6_0_14.NASL", "href": "https://www.tenable.com/plugins/nessus/121113", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121113);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/11\");\n\n script_cve_id(\n \"CVE-2007-2449\",\n \"CVE-2007-2450\",\n \"CVE-2007-3382\",\n \"CVE-2007-3385\",\n \"CVE-2007-3386\"\n );\n\n script_name(english:\"Apache Tomcat < 6.0.14 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the Apache Tomcat version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apache Tomcat server is affected by multiple \nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the Apache Tomcat\ninstance listening on the remote host is prior to 6.0.14. It is,\ntherefore, affected by the following vulnerabilities :\n\n - Cross-site scripting (XSS) vulnerabilities exists due \n to improper validation of user-supplied input before \n returning it to users. An unauthenticated, remote attacker \n can exploit this, by convincing a user to click a specially \n crafted URL, to execute arbitrary script code in a user's \n browser session. (CVE-2007-2449, CVE-2007-2450, \n CVE-2007-3386)\n\n - Session hijacking vulnerabilities exists in Tomcat due to \n incorrect handling of specific special characters in cookie\n values. In certain cases an attacker could leverage this\n to leak sensitive information, such as the session ID.\n (CVE-2007-3382, CVE-2007-3385)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.14\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Tomcat version 6.0.14 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2007-3386\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(79, 200);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/06/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n\n\n exit(0);\n}\n\ninclude(\"tomcat_version.inc\");\n\ntomcat_check_version(fixed:\"6.0.14\", min:\"6.0.0\", severity:SECURITY_WARNING, xss:TRUE, granularity_regex:\"^6(\\.0)?$\");\n\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-09-14T19:09:28", "description": "According to its self-reported version number, the instance Apache\nTomcat running on the remote host is 5.0.x equal to or prior to 5.0.30\nor 5.5.x prior to 5.5.25. It is, therefore, affected by multiple\nvulnerabilities :\n\n - An error exists in several JSP example files that allows\n script injection via URLs using the ';' character.\n (CVE-2007-2449)\n\n - The Manager and Host Manager applications do not\n properly sanitize the 'filename' parameter of the\n '/manager/html/upload' script, which can lead to cross-\n site scripting attacks. (CVE-2007-2450)\n\n - An error exists in the handling of cookie values\n containing single quotes which Tomcat treats as\n delimiters. This can allow disclosure of sensitive\n information such as session IDs. (CVE-2007-3382)\n\n - An error exists in the handling of cookie values\n containing backslashes which Tomcat treats as\n delimiters. This can allow disclosure of sensitive\n information such as session IDs. (CVE-2007-3385)\n\n - An error exists in the Host Manager application which\n allows script injection. (CVE-2007-3386)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.", "edition": 20, "cvss3": {"score": 5.3, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "published": "2010-12-07T00:00:00", "title": "Apache Tomcat 5.0.x <= 5.0.30 / 5.5.x < 5.5.25 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3382", "CVE-2007-2450", "CVE-2007-2449", "CVE-2007-3386", "CVE-2007-3385"], "modified": "2010-12-07T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_5_5_25.NASL", "href": "https://www.tenable.com/plugins/nessus/51059", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(51059);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/11\");\n\n script_cve_id(\n \"CVE-2007-2449\",\n \"CVE-2007-2450\",\n \"CVE-2007-3382\",\n \"CVE-2007-3385\",\n \"CVE-2007-3386\"\n );\n script_bugtraq_id(24475, 24476, 25314, 25316);\n script_xref(name:\"CERT\", value:\"993544\");\n script_xref(name:\"Secunia\", value:\"25678\");\n script_xref(name:\"Secunia\", value:\"26465\");\n script_xref(name:\"Secunia\", value:\"26466\");\n\n script_name(english:\"Apache Tomcat 5.0.x <= 5.0.30 / 5.5.x < 5.5.25 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the Apache Tomcat version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apache Tomcat server is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the instance Apache\nTomcat running on the remote host is 5.0.x equal to or prior to 5.0.30\nor 5.5.x prior to 5.5.25. It is, therefore, affected by multiple\nvulnerabilities :\n\n - An error exists in several JSP example files that allows\n script injection via URLs using the ';' character.\n (CVE-2007-2449)\n\n - The Manager and Host Manager applications do not\n properly sanitize the 'filename' parameter of the\n '/manager/html/upload' script, which can lead to cross-\n site scripting attacks. (CVE-2007-2450)\n\n - An error exists in the handling of cookie values\n containing single quotes which Tomcat treats as\n delimiters. This can allow disclosure of sensitive\n information such as session IDs. (CVE-2007-3382)\n\n - An error exists in the handling of cookie values\n containing backslashes which Tomcat treats as\n delimiters. This can allow disclosure of sensitive\n information such as session IDs. (CVE-2007-3385)\n\n - An error exists in the Host Manager application which\n allows script injection. (CVE-2007-3386)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # https://tomcat.apache.org/security-5.html#Fixed_in_Apache_Tomcat_5.5.25,_5.0.SVN\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1a40289c\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/bugtraq/2007/Jun/180\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/bugtraq/2007/Jun/182\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Tomcat version 5.5.25. Alternatively, use the latest\nSVN source for 5.0.x. The 5.0.x branch was fixed in SVN revision\nnumber 588821.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2007-2449\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(79, 200);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/06/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/09/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/12/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n\n exit(0);\n}\n\ninclude(\"tomcat_version.inc\");\n\n# nb: 5.0.30 was the last 5.0.x and thus all 5.0.x are vuln\ntomcat_check_version(fixed:\"5.5.25\", min:\"5.0.0\", severity:SECURITY_WARNING, xss:TRUE, granularity_regex:\"^5(\\.5)?$\");\n\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "fedora": [{"lastseen": "2020-12-21T08:17:48", "bulletinFamily": "unix", "cvelist": ["CVE-2007-1355", "CVE-2007-1358", "CVE-2007-2449", "CVE-2007-2450", "CVE-2007-3382", "CVE-2007-3385", "CVE-2007-3386", "CVE-2007-5461"], "description": "Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open development project. To learn more about getting involved, click here. ", "modified": "2007-11-17T05:37:36", "published": "2007-11-17T05:37:36", "id": "FEDORA:LAH5BMCQ011096", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: tomcat5-5.5.25-1jpp.1.fc8", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:48", "bulletinFamily": "unix", "cvelist": ["CVE-2007-1355", "CVE-2007-1358", "CVE-2007-2449", "CVE-2007-2450", "CVE-2007-3382", "CVE-2007-3385", "CVE-2007-3386", "CVE-2007-5461"], "description": "Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open development project. To learn more about getting involved, click here. ", "modified": "2007-11-17T05:34:43", "published": "2007-11-17T05:34:43", "id": "FEDORA:LAH5YH76010685", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 7 Update: tomcat5-5.5.25-1jpp.1.fc7", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2007-1355", "CVE-2007-1358", "CVE-2007-2449", "CVE-2007-2450", "CVE-2007-3382", "CVE-2007-3385", "CVE-2007-3386", "CVE-2007-5333", "CVE-2007-5342", "CVE-2007-5461", "CVE-2007-6286", "CVE-2008-0002"], "description": "Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open development project. To learn more about getting involved, click here. ", "modified": "2008-02-13T05:14:35", "published": "2008-02-13T05:14:35", "id": "FEDORA:M1D5DC2X006390", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: tomcat5-5.5.26-1jpp.2.fc8", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2007-1355", "CVE-2007-1358", "CVE-2007-2449", "CVE-2007-2450", "CVE-2007-3382", "CVE-2007-3385", "CVE-2007-3386", "CVE-2007-5333", "CVE-2007-5342", "CVE-2007-5461", "CVE-2007-6286", "CVE-2008-0002"], "description": "Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open development project. To learn more about getting involved, click here. ", "modified": "2008-02-13T04:55:03", "published": "2008-02-13T04:55:03", "id": "FEDORA:M1D4RW3M004324", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 7 Update: tomcat5-5.5.26-1jpp.2.fc7", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2007-1355", "CVE-2007-1358", "CVE-2007-2449", "CVE-2007-2450", "CVE-2007-3382", "CVE-2007-3385", "CVE-2007-3386", "CVE-2007-5333", "CVE-2007-5342", "CVE-2007-5461", "CVE-2007-6286", "CVE-2008-1232", "CVE-2008-1947", "CVE-2008-2370", "CVE-2008-2938"], "description": "Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open development project. To learn more about getting involved, click here. ", "modified": "2008-09-16T23:28:35", "published": "2008-09-16T23:28:35", "id": "FEDORA:EC5A9208DCA", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: tomcat5-5.5.27-0jpp.2.fc8", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}]}