Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2020-2023 Canonical, Inc. / NASL script (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-4448-1.NASL
HistoryAug 06, 2020 - 12:00 a.m.

Ubuntu 16.04 LTS : Tomcat vulnerabilities (USN-4448-1)

2020-08-0600:00:00
Ubuntu Security Notice (C) 2020-2023 Canonical, Inc. / NASL script (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
15
JSON

It was discovered that Tomcat incorrectly validated the payload length in a WebSocket frame. A remote attacker could possibly use this issue to cause Tomcat to hang, resulting in a denial of service.
(CVE-2020-13935) It was discovered that Tomcat incorrectly handled HTTP header parsing. In certain environments where Tomcat is located behind a reverse proxy, a remote attacker could possibly use this issue to perform HTTP Reqest Smuggling. (CVE-2020-1935) It was discovered that Tomcat incorrectly handled certain uncommon PersistenceManager with FileStore configurations. A remote attacker could possibly use this issue to execute arbitrary code.
(CVE-2020-9484).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-4448-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include('compat.inc');

if (description)
{
  script_id(139368);
  script_version("1.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/20");

  script_cve_id("CVE-2020-13935", "CVE-2020-1935", "CVE-2020-9484");
  script_xref(name:"USN", value:"4448-1");
  script_xref(name:"CEA-ID", value:"CEA-2021-0004");

  script_name(english:"Ubuntu 16.04 LTS : Tomcat vulnerabilities (USN-4448-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"It was discovered that Tomcat incorrectly validated the payload length
in a WebSocket frame. A remote attacker could possibly use this issue
to cause Tomcat to hang, resulting in a denial of service.
(CVE-2020-13935) It was discovered that Tomcat incorrectly handled
HTTP header parsing. In certain environments where Tomcat is located
behind a reverse proxy, a remote attacker could possibly use this
issue to perform HTTP Reqest Smuggling. (CVE-2020-1935) It was
discovered that Tomcat incorrectly handled certain uncommon
PersistenceManager with FileStore configurations. A remote attacker
could possibly use this issue to execute arbitrary code.
(CVE-2020-9484).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-4448-1");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-1935");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2020-9484");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/02/24");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/08/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/08/06");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libtomcat8-java");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:tomcat8");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:tomcat8-admin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:tomcat8-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:tomcat8-examples");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:tomcat8-user");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libservlet3.1-java");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Ubuntu Local Security Checks");

  script_copyright(english:"Ubuntu Security Notice (C) 2020-2023 Canonical, Inc. / NASL script (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');

if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('16.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);

var pkgs = [
    {'osver': '16.04', 'pkgname': 'libservlet3.1-java', 'pkgver': '8.0.32-1ubuntu1.13'},
    {'osver': '16.04', 'pkgname': 'libtomcat8-java', 'pkgver': '8.0.32-1ubuntu1.13'},
    {'osver': '16.04', 'pkgname': 'tomcat8', 'pkgver': '8.0.32-1ubuntu1.13'},
    {'osver': '16.04', 'pkgname': 'tomcat8-admin', 'pkgver': '8.0.32-1ubuntu1.13'},
    {'osver': '16.04', 'pkgname': 'tomcat8-common', 'pkgver': '8.0.32-1ubuntu1.13'},
    {'osver': '16.04', 'pkgname': 'tomcat8-examples', 'pkgver': '8.0.32-1ubuntu1.13'},
    {'osver': '16.04', 'pkgname': 'tomcat8-user', 'pkgver': '8.0.32-1ubuntu1.13'}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var osver = NULL;
  var pkgname = NULL;
  var pkgver = NULL;
  if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];
  if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];
  if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];
  if (osver && pkgname && pkgver) {
    if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;
  }
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  var tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libservlet3.1-java / libtomcat8-java / tomcat8 / tomcat8-admin / etc');
}
VendorProductVersionCPE
canonicalubuntu_linuxlibtomcat8-javap-cpe:/a:canonical:ubuntu_linux:libtomcat8-java
canonicalubuntu_linuxtomcat8p-cpe:/a:canonical:ubuntu_linux:tomcat8
canonicalubuntu_linuxtomcat8-adminp-cpe:/a:canonical:ubuntu_linux:tomcat8-admin
canonicalubuntu_linuxtomcat8-commonp-cpe:/a:canonical:ubuntu_linux:tomcat8-common
canonicalubuntu_linuxtomcat8-examplesp-cpe:/a:canonical:ubuntu_linux:tomcat8-examples
canonicalubuntu_linuxtomcat8-userp-cpe:/a:canonical:ubuntu_linux:tomcat8-user
canonicalubuntu_linux16.04cpe:/o:canonical:ubuntu_linux:16.04:-:lts
canonicalubuntu_linuxlibservlet3.1-javap-cpe:/a:canonical:ubuntu_linux:libservlet3.1-java

Related

ubuntu 2
redhat 13
nessus 63
atlassian 7
oraclelinux 4
osv 12
debian 4
openvas 11
ibm 10
f5 3
tomcat 6
prion 4
githubexploit 13
debiancve 3
veracode 4
kaspersky 3
redhatcve 4
cve 3
github 3
ubuntucve 3
fedora 2
broadcom 1
amazon 6
mageia 1
archlinux 3
suse 2
nuclei 1
gentoo 1
centos 3
cgr 1
freebsd 1
cisa 1
photon 1
ubuntu
ubuntu
Tomcat vulnerabilities
2020-08-04 00:00:00
Tomcat vulnerabilities
2020-10-21 00:00:00
redhat
redhat
(RHSA-2020:3305) Important: Red Hat JBoss Web Server 3.1 Service Pack 10 security update
2020-08-04 11:13:36
(RHSA-2020:3303) Important: Red Hat JBoss Web Server 3.1 Service Pack 10 security update
2020-08-04 11:06:33
(RHSA-2020:3382) Important: Red Hat JBoss Enterprise Application Platform 6.4 security update
2020-08-10 11:16:43
nessus
nessus
RHEL 6 / 7 : Red Hat JBoss Web Server 3.1 Service Pack 10 (RHSA-2020:3303)
2020-08-04 00:00:00
EulerOS 2.0 SP3 : tomcat (EulerOS-SA-2020-2093)
2020-09-28 00:00:00
NewStart CGSL CORE 5.04 / MAIN 5.04 : tomcat Multiple Vulnerabilities (NS-SA-2021-0028)
2021-03-10 00:00:00
atlassian
atlassian
Upgrade Tomcat to version 9.0.37
2020-06-29 13:40:00
Upgrade Tomcat to version 9.0.37
2020-06-29 13:40:00
Upgrade the bundled version of Apache Tomcat to 8.5.57
2020-07-17 15:19:11
oraclelinux
oraclelinux
tomcat security and bug fix update
2020-10-06 00:00:00
tomcat security update
2020-06-11 00:00:00
tomcat security update
2020-11-12 00:00:00
osv
osv
tomcat9 vulnerabilities
2020-10-21 13:55:35
tomcat9 - security update
2020-07-17 00:00:00
tomcat8 - security update
2020-05-11 00:00:00
debian
debian
[SECURITY] [DSA 4627-1] tomcat9 security update
2020-07-17 18:07:40
[SECURITY] [DLA 2209-1] tomcat8 security update
2020-05-28 17:53:49
[SECURITY] [DLA 2217-1] tomcat7 security update
2020-05-23 17:27:59
openvas
openvas
Debian: Security Advisory for tomcat9 (DSA-4727-1)
2020-07-19 00:00:00
Debian LTS: Security Advisory for tomcat8 (DLA-2209-1)
2020-05-29 00:00:00
openSUSE: Security Advisory for tomcat (openSUSE-SU-2020:0711-1)
2020-05-25 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in Apache Tomcat affects IBM Platform Symphony
2020-08-17 09:36:06
Security Bulletin: Open Source Apache Tomcat vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (CVE-2020-13935)
2020-09-30 13:43:38
Security Bulletin: CVE-2020-13935 The payload length in a WebSocket frame was not correctly validated
2020-11-05 19:55:39
f5
f5
K45026834 : Apache Tomcat vulnerability CVE-2020-13935
2020-08-27 00:00:00
K43709560 : Apache Tomcat vulnerability CVE-2020-1935
2020-03-06 00:00:00
K03121171 : Apache Tomcat vulnerability CVE-2020-9484
2020-05-27 00:00:00
tomcat
tomcat
Fixed in Apache Tomcat 7.0.105
2020-07-07 00:00:00
Fixed in Apache Tomcat 7.0.104
2020-05-16 00:00:00
Fixed in Apache Tomcat 10.0.0-M5
2020-05-11 00:00:00
prion
prion
Denial of service
2020-07-14 15:15:00
Deserialization of untrusted data
2020-05-20 19:15:00
Design/Logic Flaw
2020-02-24 22:15:00
githubexploit
githubexploit
Exploit for Infinite Loop in Apache Tomcat
2020-11-02 14:48:55
Exploit for Deserialization of Untrusted Data in Apache Tomcat
2021-03-01 11:16:04
Exploit for Deserialization of Untrusted Data in Apache Tomcat
2020-06-04 14:19:12
debiancve
debiancve
CVE-2020-13935
2020-07-14 15:15:00
CVE-2020-9484
2020-05-20 19:15:00
CVE-2020-1935
2020-02-24 22:15:00
veracode
veracode
Denial Of Service (DoS)
2020-07-15 08:18:40
Remote Code Execution
2020-05-21 03:52:01
HTTP Request Smuggling
2020-02-25 05:38:50
kaspersky
kaspersky
KLA12084 DoS vulnerability in Apache Tomcat
2020-07-07 00:00:00
KLA11785 Security vulnerability in Apache Tomcat
2020-05-11 00:00:00
KLA11784 Security vulnerability in Apache Tomcat
2020-05-16 00:00:00
redhatcve
redhatcve
CVE-2020-13935
2020-07-15 06:37:38
CVE-2020-9484
2020-05-20 23:25:22
CVE-2020-1935
2020-02-25 06:40:48
cve
cve
CVE-2020-13935
2020-07-14 15:15:00
CVE-2020-1935
2020-02-24 22:15:00
CVE-2020-9484
2020-05-20 19:15:00
github
github
Infinite Loop in Apache Tomcat
2022-02-08 22:05:17
Potential remote code execution in Apache Tomcat
2020-05-21 18:52:29
Potential HTTP request smuggling in Apache Tomcat
2020-02-28 01:10:48
ubuntucve
ubuntucve
CVE-2020-13935
2020-07-14 00:00:00
CVE-2020-9484
2020-05-20 00:00:00
CVE-2020-1935
2020-02-24 00:00:00
fedora
fedora
[SECURITY] Fedora 31 Update: tomcat-9.0.36-1.fc31
2020-06-23 01:14:05
[SECURITY] Fedora 32 Update: tomcat-9.0.36-1.fc32
2020-06-23 01:22:02
broadcom
broadcom
BSA-2022-1839
2022-05-03 00:00:00
amazon
amazon
Medium: tomcat
2023-08-17 11:58:00
Important: tomcat8
2020-06-23 06:47:00
Important: tomcat7
2020-06-23 06:45:00
mageia
mageia
Updated tomcat packages fix security vulnerability
2020-07-05 14:26:44
archlinux
archlinux
[ASA-202006-6] tomcat7: arbitrary code execution
2020-06-06 00:00:00
[ASA-202006-7] tomcat9: arbitrary code execution
2020-06-06 00:00:00
[ASA-202006-5] tomcat8: arbitrary code execution
2020-06-06 00:00:00
suse
suse
Security update for tomcat (important)
2020-05-25 00:00:00
Security update for tomcat (important)
2020-07-29 00:00:00
nuclei
nuclei
Apache Tomcat Remote Command Execution
2020-07-03 05:39:02
gentoo
gentoo
Apache Tomcat: Remote code execution
2020-06-15 00:00:00
centos
centos
tomcat security update
2020-06-11 21:13:08
tomcat security update
2020-11-18 17:27:18
tomcat security update
2020-10-20 19:04:26
cgr
cgr
CVE-2020-1935 vulnerabilities
2024-04-19 03:23:19
freebsd
freebsd
Apache Tomcat Remote Code Execution via session persistence
2020-05-12 00:00:00
cisa
cisa
Apache Releases Security Advisories for Apache Tomcat
2020-07-14 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2020-0116
2020-07-20 00:00:00
JSON
Related for UBUNTU_USN-4448-1.NASL
ubuntu2redhat13nessus63atlassian7oraclelinux4osv12debian4openvas11ibm10f53tomcat6prion4githubexploit13debiancve3veracode4kaspersky3redhatcve4cve3github3ubuntucve3fedora2broadcom1amazon6mageia1archlinux3suse2nuclei1gentoo1centos3cgr1freebsd1cisa1photon1