Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-1048-1.NASL
HistoryJan 25, 2011 - 12:00 a.m.

Ubuntu 9.10 / 10.04 LTS / 10.10 : tomcat6 vulnerability (USN-1048-1)

2011-01-2500:00:00
Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13
JSON

It was discovered that Tomcat did not properly escape certain parameters in the Manager application which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-1048-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(51669);
  script_version("1.12");
  script_cvs_date("Date: 2019/09/19 12:54:26");

  script_cve_id("CVE-2010-4172");
  script_bugtraq_id(45015);
  script_xref(name:"USN", value:"1048-1");

  script_name(english:"Ubuntu 9.10 / 10.04 LTS / 10.10 : tomcat6 vulnerability (USN-1048-1)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"It was discovered that Tomcat did not properly escape certain
parameters in the Manager application which could result in browsers
becoming vulnerable to cross-site scripting attacks when processing
the output. With cross-site scripting vulnerabilities, if a user were
tricked into viewing server output during a crafted server request, a
remote attacker could exploit this to modify the contents, or steal
confidential data (such as passwords), within the same domain.

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/1048-1/"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libservlet2.5-java");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libservlet2.5-java-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libtomcat6-java");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:tomcat6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:tomcat6-admin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:tomcat6-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:tomcat6-docs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:tomcat6-examples");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:tomcat6-user");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.10");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:9.10");

  script_set_attribute(attribute:"vuln_publication_date", value:"2010/11/26");
  script_set_attribute(attribute:"patch_publication_date", value:"2011/01/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2011/01/25");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(9\.10|10\.04|10\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 9.10 / 10.04 / 10.10", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

flag = 0;

if (ubuntu_check(osver:"9.10", pkgname:"libservlet2.5-java", pkgver:"6.0.20-2ubuntu2.3")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"libservlet2.5-java-doc", pkgver:"6.0.20-2ubuntu2.3")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"libtomcat6-java", pkgver:"6.0.20-2ubuntu2.3")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"tomcat6", pkgver:"6.0.20-2ubuntu2.3")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"tomcat6-admin", pkgver:"6.0.20-2ubuntu2.3")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"tomcat6-common", pkgver:"6.0.20-2ubuntu2.3")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"tomcat6-docs", pkgver:"6.0.20-2ubuntu2.3")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"tomcat6-examples", pkgver:"6.0.20-2ubuntu2.3")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"tomcat6-user", pkgver:"6.0.20-2ubuntu2.3")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"libservlet2.5-java", pkgver:"6.0.24-2ubuntu1.6")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"libservlet2.5-java-doc", pkgver:"6.0.24-2ubuntu1.6")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"libtomcat6-java", pkgver:"6.0.24-2ubuntu1.6")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"tomcat6", pkgver:"6.0.24-2ubuntu1.6")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"tomcat6-admin", pkgver:"6.0.24-2ubuntu1.6")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"tomcat6-common", pkgver:"6.0.24-2ubuntu1.6")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"tomcat6-docs", pkgver:"6.0.24-2ubuntu1.6")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"tomcat6-examples", pkgver:"6.0.24-2ubuntu1.6")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"tomcat6-user", pkgver:"6.0.24-2ubuntu1.6")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"libservlet2.5-java", pkgver:"6.0.28-2ubuntu1.1")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"libservlet2.5-java-doc", pkgver:"6.0.28-2ubuntu1.1")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"libtomcat6-java", pkgver:"6.0.28-2ubuntu1.1")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"tomcat6", pkgver:"6.0.28-2ubuntu1.1")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"tomcat6-admin", pkgver:"6.0.28-2ubuntu1.1")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"tomcat6-common", pkgver:"6.0.28-2ubuntu1.1")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"tomcat6-docs", pkgver:"6.0.28-2ubuntu1.1")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"tomcat6-examples", pkgver:"6.0.28-2ubuntu1.1")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"tomcat6-user", pkgver:"6.0.28-2ubuntu1.1")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libservlet2.5-java / libservlet2.5-java-doc / libtomcat6-java / etc");
}
VendorProductVersionCPE
canonicalubuntu_linuxlibservlet2.5-javap-cpe:/a:canonical:ubuntu_linux:libservlet2.5-java
canonicalubuntu_linuxlibservlet2.5-java-docp-cpe:/a:canonical:ubuntu_linux:libservlet2.5-java-doc
canonicalubuntu_linuxlibtomcat6-javap-cpe:/a:canonical:ubuntu_linux:libtomcat6-java
canonicalubuntu_linuxtomcat6p-cpe:/a:canonical:ubuntu_linux:tomcat6
canonicalubuntu_linuxtomcat6-adminp-cpe:/a:canonical:ubuntu_linux:tomcat6-admin
canonicalubuntu_linuxtomcat6-commonp-cpe:/a:canonical:ubuntu_linux:tomcat6-common
canonicalubuntu_linuxtomcat6-docsp-cpe:/a:canonical:ubuntu_linux:tomcat6-docs
canonicalubuntu_linuxtomcat6-examplesp-cpe:/a:canonical:ubuntu_linux:tomcat6-examples
canonicalubuntu_linuxtomcat6-userp-cpe:/a:canonical:ubuntu_linux:tomcat6-user
canonicalubuntu_linux10.04cpe:/o:canonical:ubuntu_linux:10.04:-:lts
Rows per page:
1-10 of 121

Related

openvas 10
nessus 12
securityvulns 4
osv 1
prion 1
ubuntu 1
tomcat 2
cve 1
github 1
ubuntucve 1
redhat 2
oraclelinux 1
gentoo 1
ibm 1
openvas
openvas
Ubuntu Update for tomcat6 vulnerability USN-1048-1
2011-01-31 00:00:00
Ubuntu Update for tomcat6 vulnerability USN-1048-1
2011-01-31 00:00:00
Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
2011-01-14 00:00:00
nessus
nessus
openSUSE Security Update : tomcat6 (openSUSE-SU-2011:0082-2)
2011-05-05 00:00:00
Apache Tomcat 6.x < 6.0.30 / 7.x < 7.0.5 Multiple XSS
2011-01-14 00:00:00
openSUSE Security Update : tomcat6 (openSUSE-SU-2011:0082-1)
2011-05-05 00:00:00
securityvulns
securityvulns
Apache Tomcat crossite scripting
2010-11-24 00:00:00
[SECURITY] CVE-2010-4172: Apache Tomcat Manager application XSS vulnerability
2010-11-24 00:00:00
APPLE-SA-2011-10-12-3 OS X Lion v10.7.2 and Security Update 2011-006
2011-10-16 00:00:00
osv
osv
Improper Neutralization of Input During Web Page Generation in Apache Tomcat
2022-05-14 02:42:46
prion
prion
Cross site scripting
2010-11-26 20:00:00
ubuntu
ubuntu
Tomcat vulnerability
2011-01-24 00:00:00
tomcat
tomcat
Fixed in Apache Tomcat 7.0.5
2010-12-01 00:00:00
Fixed in Apache Tomcat 6.0.30
2011-01-13 00:00:00
cve
cve
CVE-2010-4172
2010-11-26 20:00:00
github
github
Improper Neutralization of Input During Web Page Generation in Apache Tomcat
2022-05-14 02:42:46
ubuntucve
ubuntucve
CVE-2010-4172
2010-11-26 00:00:00
redhat
redhat
(RHSA-2011:0791) Moderate: tomcat6 security and bug fix update
2011-05-19 00:00:00
(RHSA-2011:0897) Moderate: JBoss Enterprise Web Server 1.0.2 update
2011-06-22 00:00:00
oraclelinux
oraclelinux
tomcat6 security and bug fix update
2011-05-28 00:00:00
gentoo
gentoo
Apache Tomcat: Multiple vulnerabilities
2012-06-24 00:00:00
ibm
ibm
Security Bulletin: Apache Log4j Vulnerabilities Affect IBM Sterling B2B Integrator
2021-10-06 14:56:49
JSON
Related for UBUNTU_USN-1048-1.NASL
openvas10nessus12securityvulns4osv1prion1ubuntu1tomcat2cve1github1ubuntucve1redhat2oraclelinux1gentoo1ibm1