Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-1097-1.NASL
HistoryMar 30, 2011 - 12:00 a.m.

Ubuntu 9.10 / 10.04 LTS / 10.10 : tomcat6 vulnerabilities (USN-1097-1)

2011-03-3000:00:00
Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
16
JSON

It was discovered that the Tomcat SecurityManager did not properly restrict the working directory. An attacker could use this flaw to read or write files outside of the intended working directory.
(CVE-2010-3718)

It was discovered that Tomcat did not properly escape certain parameters in the Manager application which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain.
(CVE-2011-0013)

It was discovered that Tomcat incorrectly enforced the maxHttpHeaderSize limit in certain configurations. A remote attacker could use this flaw to cause Tomcat to consume all available memory, resulting in a denial of service. (CVE-2011-0534).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-1097-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(53221);
  script_version("1.10");
  script_cvs_date("Date: 2019/09/19 12:54:26");

  script_cve_id("CVE-2010-3718", "CVE-2011-0013", "CVE-2011-0534");
  script_bugtraq_id(46164, 46174, 46177);
  script_xref(name:"USN", value:"1097-1");

  script_name(english:"Ubuntu 9.10 / 10.04 LTS / 10.10 : tomcat6 vulnerabilities (USN-1097-1)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"It was discovered that the Tomcat SecurityManager did not properly
restrict the working directory. An attacker could use this flaw to
read or write files outside of the intended working directory.
(CVE-2010-3718)

It was discovered that Tomcat did not properly escape certain
parameters in the Manager application which could result in browsers
becoming vulnerable to cross-site scripting attacks when processing
the output. With cross-site scripting vulnerabilities, if a user were
tricked into viewing server output during a crafted server request, a
remote attacker could exploit this to modify the contents, or steal
confidential data (such as passwords), within the same domain.
(CVE-2011-0013)

It was discovered that Tomcat incorrectly enforced the
maxHttpHeaderSize limit in certain configurations. A remote attacker
could use this flaw to cause Tomcat to consume all available memory,
resulting in a denial of service. (CVE-2011-0534).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/1097-1/"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libservlet2.5-java");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libservlet2.5-java-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libtomcat6-java");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:tomcat6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:tomcat6-admin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:tomcat6-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:tomcat6-docs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:tomcat6-examples");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:tomcat6-user");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.10");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:9.10");

  script_set_attribute(attribute:"vuln_publication_date", value:"2011/02/10");
  script_set_attribute(attribute:"patch_publication_date", value:"2011/03/29");
  script_set_attribute(attribute:"plugin_publication_date", value:"2011/03/30");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(9\.10|10\.04|10\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 9.10 / 10.04 / 10.10", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

flag = 0;

if (ubuntu_check(osver:"9.10", pkgname:"libservlet2.5-java", pkgver:"6.0.20-2ubuntu2.4")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"libservlet2.5-java-doc", pkgver:"6.0.20-2ubuntu2.4")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"libtomcat6-java", pkgver:"6.0.20-2ubuntu2.4")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"tomcat6", pkgver:"6.0.20-2ubuntu2.4")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"tomcat6-admin", pkgver:"6.0.20-2ubuntu2.4")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"tomcat6-common", pkgver:"6.0.20-2ubuntu2.4")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"tomcat6-docs", pkgver:"6.0.20-2ubuntu2.4")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"tomcat6-examples", pkgver:"6.0.20-2ubuntu2.4")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"tomcat6-user", pkgver:"6.0.20-2ubuntu2.4")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"libservlet2.5-java", pkgver:"6.0.24-2ubuntu1.7")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"libservlet2.5-java-doc", pkgver:"6.0.24-2ubuntu1.7")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"libtomcat6-java", pkgver:"6.0.24-2ubuntu1.7")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"tomcat6", pkgver:"6.0.24-2ubuntu1.7")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"tomcat6-admin", pkgver:"6.0.24-2ubuntu1.7")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"tomcat6-common", pkgver:"6.0.24-2ubuntu1.7")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"tomcat6-docs", pkgver:"6.0.24-2ubuntu1.7")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"tomcat6-examples", pkgver:"6.0.24-2ubuntu1.7")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"tomcat6-user", pkgver:"6.0.24-2ubuntu1.7")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"libservlet2.5-java", pkgver:"6.0.28-2ubuntu1.2")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"libservlet2.5-java-doc", pkgver:"6.0.28-2ubuntu1.2")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"libtomcat6-java", pkgver:"6.0.28-2ubuntu1.2")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"tomcat6", pkgver:"6.0.28-2ubuntu1.2")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"tomcat6-admin", pkgver:"6.0.28-2ubuntu1.2")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"tomcat6-common", pkgver:"6.0.28-2ubuntu1.2")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"tomcat6-docs", pkgver:"6.0.28-2ubuntu1.2")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"tomcat6-examples", pkgver:"6.0.28-2ubuntu1.2")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"tomcat6-user", pkgver:"6.0.28-2ubuntu1.2")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libservlet2.5-java / libservlet2.5-java-doc / libtomcat6-java / etc");
}
VendorProductVersionCPE
canonicalubuntu_linuxlibservlet2.5-javap-cpe:/a:canonical:ubuntu_linux:libservlet2.5-java
canonicalubuntu_linuxlibservlet2.5-java-docp-cpe:/a:canonical:ubuntu_linux:libservlet2.5-java-doc
canonicalubuntu_linuxlibtomcat6-javap-cpe:/a:canonical:ubuntu_linux:libtomcat6-java
canonicalubuntu_linuxtomcat6p-cpe:/a:canonical:ubuntu_linux:tomcat6
canonicalubuntu_linuxtomcat6-adminp-cpe:/a:canonical:ubuntu_linux:tomcat6-admin
canonicalubuntu_linuxtomcat6-commonp-cpe:/a:canonical:ubuntu_linux:tomcat6-common
canonicalubuntu_linuxtomcat6-docsp-cpe:/a:canonical:ubuntu_linux:tomcat6-docs
canonicalubuntu_linuxtomcat6-examplesp-cpe:/a:canonical:ubuntu_linux:tomcat6-examples
canonicalubuntu_linuxtomcat6-userp-cpe:/a:canonical:ubuntu_linux:tomcat6-user
canonicalubuntu_linux10.04cpe:/o:canonical:ubuntu_linux:10.04:-:lts
Rows per page:
1-10 of 121

Related

nessus 31
openvas 34
ubuntu 1
securityvulns 6
debian 1
osv 4
oraclelinux 4
fedora 1
redhat 5
tomcat 7
ubuntucve 3
github 3
seebug 1
cve 3
prion 3
freebsd 1
packetstorm 1
centos 1
gentoo 1
ibm 1
nessus
nessus
openSUSE Security Update : tomcat6 (openSUSE-SU-2011:0146-1)
2014-06-13 00:00:00
openSUSE Security Update : tomcat6 (openSUSE-SU-2011:0146-1)
2011-05-05 00:00:00
SuSE 10 Security Update : Tomcat (ZYPP Patch Number 7337)
2011-03-03 00:00:00
openvas
openvas
Debian Security Advisory DSA 2160-1 (tomcat6)
2011-03-07 00:00:00
Ubuntu: Security Advisory (USN-1097-1)
2011-04-01 00:00:00
Debian: Security Advisory (DSA-2160-1)
2011-03-07 00:00:00
ubuntu
ubuntu
Tomcat vulnerabilities
2011-03-29 00:00:00
securityvulns
securityvulns
Apache Tomcat multiple security vulnerabilities
2011-02-08 00:00:00
[SECURITY] CVE-2011-0534 Apache Tomcat DoS vulnerability
2011-02-08 00:00:00
[SECURITY] CVE-2011-0013 Apache Tomcat Manager XSS vulnerability
2011-02-08 00:00:00
debian
debian
[SECURITY] [DSA 2160-1] tomcat6 security update
2011-02-13 18:36:11
osv
osv
tomcat6 - several
2011-02-13 00:00:00
Apache Tomcat does not enforce the maxHttpHeaderSize limit
2022-05-14 02:56:35
Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat
2022-05-14 01:17:02
oraclelinux
oraclelinux
tomcat6 security and bug fix update
2011-05-28 00:00:00
tomcat5 security update
2011-12-20 00:00:00
tomcat6 security and bug fix update
2011-03-09 00:00:00
fedora
fedora
[SECURITY] Fedora 14 Update: tomcat6-6.0.26-27.fc14
2011-10-20 09:55:07
redhat
redhat
(RHSA-2011:0791) Moderate: tomcat6 security and bug fix update
2011-05-19 00:00:00
(RHSA-2011:0335) Important: tomcat6 security and bug fix update
2011-03-09 00:00:00
(RHSA-2011:0348) Important: tomcat6 security update
2011-03-10 00:00:00
tomcat
tomcat
Fixed in Apache Tomcat 6.0.30
2011-01-13 00:00:00
Fixed in Apache Tomcat 7.0.8
2011-02-05 00:00:00
Fixed in Apache Tomcat 7.0.4
2010-10-21 00:00:00
ubuntucve
ubuntucve
CVE-2011-0534
2011-02-10 00:00:00
CVE-2010-3718
2011-02-10 00:00:00
CVE-2011-0013
2011-02-18 00:00:00
github
github
Apache Tomcat does not enforce the maxHttpHeaderSize limit
2022-05-14 02:56:35
Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat
2022-05-14 01:17:02
Improper Neutralization of Input During Web Page Generation in Apache Tomcat
2022-05-03 03:25:09
seebug
seebug
Apache Tomcat SecurityManager Security Bypass Vulnerability
2011-08-01 00:00:00
cve
cve
CVE-2010-3718
2011-02-10 18:00:00
CVE-2011-0534
2011-02-10 18:00:00
CVE-2011-0013
2011-02-19 01:00:00
prion
prion
Design/Logic Flaw
2011-02-10 18:00:00
Directory traversal
2011-02-10 18:00:00
Cross site scripting
2011-02-19 01:00:00
freebsd
freebsd
tomcat -- Cross-site scripting vulnerability
2010-11-12 00:00:00
packetstorm
packetstorm
Apache Tomcat Manager Cross Site Scripting
2011-02-05 00:00:00
centos
centos
tomcat5 security update
2011-12-20 19:18:57
gentoo
gentoo
Apache Tomcat: Multiple vulnerabilities
2012-06-24 00:00:00
ibm
ibm
Security Bulletin: Apache Log4j Vulnerabilities Affect IBM Sterling B2B Integrator
2021-10-06 14:56:49
JSON
Related for UBUNTU_USN-1097-1.NASL
nessus31openvas34ubuntu1securityvulns6debian1osv4oraclelinux4fedora1redhat5tomcat7ubuntucve3github3seebug1cve3prion3freebsd1packetstorm1centos1gentoo1ibm1