Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
2010-04-23T00:00:00
ID OPENVAS:1361412562310100598 Type openvas Reporter This script is Copyright (C) 2010 Greenbone Networks GmbH Modified 2019-05-10T00:00:00
Description
Apache Tomcat is prone to a remote information-disclosure
vulnerability.
###############################################################################
# OpenVAS Vulnerability Test
#
# Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
#
# Authors:
# Michael Meyer <michael.meyer@greenbone.net>
#
# Copyright:
# Copyright (c) 2010 Greenbone Networks GmbH
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
CPE = "cpe:/a:apache:tomcat";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.100598");
script_version("2019-05-10T11:41:35+0000");
script_tag(name:"last_modification", value:"2019-05-10 11:41:35 +0000 (Fri, 10 May 2019)");
script_tag(name:"creation_date", value:"2010-04-23 13:12:25 +0200 (Fri, 23 Apr 2010)");
script_tag(name:"cvss_base", value:"2.6");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:H/Au:N/C:P/I:N/A:N");
script_bugtraq_id(39635);
script_cve_id("CVE-2010-1157");
script_name("Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability");
script_category(ACT_GATHER_INFO);
script_family("Web Servers");
script_copyright("This script is Copyright (C) 2010 Greenbone Networks GmbH");
script_dependencies("gb_apache_tomcat_consolidation.nasl");
script_mandatory_keys("apache/tomcat/detected");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/39635");
script_xref(name:"URL", value:"http://tomcat.apache.org/security-5.html");
script_xref(name:"URL", value:"http://tomcat.apache.org/security-6.html");
script_xref(name:"URL", value:"http://svn.apache.org/viewvc?view=revision&revision=936540");
script_xref(name:"URL", value:"http://svn.apache.org/viewvc?view=revision&revision=936541");
script_xref(name:"URL", value:"http://www.securityfocus.com/archive/1/510879");
script_tag(name:"solution", value:"Updates are available. Please see the references for more information.");
script_tag(name:"summary", value:"Apache Tomcat is prone to a remote information-disclosure
vulnerability.");
script_tag(name:"impact", value:"Remote attackers can exploit this issue to obtain the host name or IP
address of the Tomcat server. Information harvested may lead to further attacks.");
script_tag(name:"affected", value:"Tomcat 5.5.0 through 5.5.29 Tomcat 6.0.0 through 6.0.26
Tomcat 3.x, 4.0.x, and 5.0.x may also be affected.");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"remote_banner_unreliable");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if( isnull( port = get_app_port( cpe:CPE ) ) )
exit( 0 );
if( ! infos = get_app_version_and_location( cpe:CPE, port:port, exit_no_version:TRUE ) )
exit( 0 );
vers = infos["version"];
path = infos["location"];
if( version_in_range( version:vers, test_version:"5.5.0", test_version2:"5.5.29" ) ||
version_in_range( version:vers, test_version:"6.0.0", test_version2:"6.0.26" ) ) {
report = report_fixed_ver( installed_version:vers, fixed_version:"5.5.30/6.0.27", install_path:path );
security_message( port:port, data:report );
exit( 0 );
}
exit( 99 );
{"id": "OPENVAS:1361412562310100598", "type": "openvas", "bulletinFamily": "scanner", "title": "Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability", "description": "Apache Tomcat is prone to a remote information-disclosure\n vulnerability.", "published": "2010-04-23T00:00:00", "modified": "2019-05-10T00:00:00", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310100598", "reporter": "This script is Copyright (C) 2010 Greenbone Networks GmbH", "references": ["http://www.securityfocus.com/archive/1/510879", "http://svn.apache.org/viewvc?view=revision&revision=936540", "http://svn.apache.org/viewvc?view=revision&revision=936541", "http://tomcat.apache.org/security-6.html", "http://tomcat.apache.org/security-5.html", "http://www.securityfocus.com/bid/39635"], "cvelist": ["CVE-2010-1157"], "lastseen": "2019-05-29T18:40:10", "viewCount": 31, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2010-1157"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:11973", "SECURITYVULNS:VULN:10784", "SECURITYVULNS:DOC:23687", "SECURITYVULNS:DOC:27155"]}, {"type": "exploitdb", "idList": ["EDB-ID:12343"]}, {"type": "seebug", "idList": ["SSV:19510", "SSV:19493", "SSV:68397"]}, {"type": "nessus", "idList": ["SUSE_TOMCAT5-7099.NASL", "SUSE_11_2_TOMCAT6-100719.NASL", "SUSE_11_3_TOMCAT6-100719.NASL", "TOMCAT_TRANSFER_ENCODING.NASL", "SUSE9_12625.NASL", "TOMCAT_6_0_28.NASL", "FREEBSD_PKG_3383E7064FC311DF83FB0015587E2CC1.NASL", "MANDRIVA_MDVSA-2010-177.NASL", "REDHAT-RHSA-2010-0584.NASL", "SUSE_11_1_TOMCAT6-100719.NASL"]}, {"type": "freebsd", "idList": ["3383E706-4FC3-11DF-83FB-0015587E2CC1"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:B817C3837AAE1BBA6FEB9BABE212CE90"]}, {"type": "openvas", "idList": ["OPENVAS:67355", "OPENVAS:136141256231069417", "OPENVAS:835243", "OPENVAS:69417", "OPENVAS:1361412562310901114", "OPENVAS:831151", "OPENVAS:1361412562310831151", "OPENVAS:136141256231067355", "OPENVAS:831148", "OPENVAS:1361412562310835243"]}, {"type": "redhat", "idList": ["RHSA-2011:0897", "RHSA-2010:0584"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2207-1:6DF41"]}, {"type": "gentoo", "idList": ["GLSA-201206-24"]}], "modified": "2019-05-29T18:40:10", "rev": 2}, "score": {"value": 5.1, "vector": "NONE", "modified": "2019-05-29T18:40:10", "rev": 2}, "vulnersScore": 5.1}, "pluginID": "1361412562310100598", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:tomcat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.100598\");\n script_version(\"2019-05-10T11:41:35+0000\");\n script_tag(name:\"last_modification\", value:\"2019-05-10 11:41:35 +0000 (Fri, 10 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2010-04-23 13:12:25 +0200 (Fri, 23 Apr 2010)\");\n script_tag(name:\"cvss_base\", value:\"2.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:N/A:N\");\n script_bugtraq_id(39635);\n script_cve_id(\"CVE-2010-1157\");\n script_name(\"Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web Servers\");\n script_copyright(\"This script is Copyright (C) 2010 Greenbone Networks GmbH\");\n script_dependencies(\"gb_apache_tomcat_consolidation.nasl\");\n script_mandatory_keys(\"apache/tomcat/detected\");\n\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/39635\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-5.html\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-6.html\");\n\n script_xref(name:\"URL\", value:\"http://svn.apache.org/viewvc?view=revision&revision=936540\");\n script_xref(name:\"URL\", value:\"http://svn.apache.org/viewvc?view=revision&revision=936541\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/archive/1/510879\");\n\n script_tag(name:\"solution\", value:\"Updates are available. Please see the references for more information.\");\n\n script_tag(name:\"summary\", value:\"Apache Tomcat is prone to a remote information-disclosure\n vulnerability.\");\n\n script_tag(name:\"impact\", value:\"Remote attackers can exploit this issue to obtain the host name or IP\n address of the Tomcat server. Information harvested may lead to further attacks.\");\n\n script_tag(name:\"affected\", value:\"Tomcat 5.5.0 through 5.5.29 Tomcat 6.0.0 through 6.0.26\n\n Tomcat 3.x, 4.0.x, and 5.0.x may also be affected.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( isnull( port = get_app_port( cpe:CPE ) ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_location( cpe:CPE, port:port, exit_no_version:TRUE ) )\n exit( 0 );\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif( version_in_range( version:vers, test_version:\"5.5.0\", test_version2:\"5.5.29\" ) ||\n version_in_range( version:vers, test_version:\"6.0.0\", test_version2:\"6.0.26\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"5.5.30/6.0.27\", install_path:path );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n", "naslFamily": "Web Servers"}
{"cve": [{"lastseen": "2021-02-02T05:44:56", "description": "Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.", "edition": 6, "cvss3": {}, "published": "2010-04-23T14:30:00", "title": "CVE-2010-1157", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1157"], "modified": "2019-03-25T11:32:00", "cpe": ["cpe:/a:apache:tomcat:6.0.16", "cpe:/a:apache:tomcat:5.5.0", "cpe:/a:apache:tomcat:5.5.23", "cpe:/a:apache:tomcat:5.5.18", "cpe:/a:apache:tomcat:5.5.2", "cpe:/a:apache:tomcat:6.0.7", "cpe:/a:apache:tomcat:5.5.1", "cpe:/a:apache:tomcat:6.0.0", "cpe:/a:apache:tomcat:6.0.4", "cpe:/a:apache:tomcat:6.0.10", "cpe:/a:apache:tomcat:6.0.5", "cpe:/a:apache:tomcat:6.0.20", "cpe:/a:apache:tomcat:5.5.4", "cpe:/a:apache:tomcat:6.0.6", "cpe:/a:apache:tomcat:5.5.22", "cpe:/a:apache:tomcat:5.5.14", "cpe:/a:apache:tomcat:5.5.16", "cpe:/a:apache:tomcat:6.0.13", "cpe:/a:apache:tomcat:5.5.24", "cpe:/a:apache:tomcat:5.5.29", "cpe:/a:apache:tomcat:6.0.14", "cpe:/a:apache:tomcat:5.5.3", "cpe:/a:apache:tomcat:5.5.10", "cpe:/a:apache:tomcat:5.5.9", "cpe:/a:apache:tomcat:6.0.19", "cpe:/a:apache:tomcat:6.0.12", "cpe:/a:apache:tomcat:5.5.11", "cpe:/a:apache:tomcat:6.0.11", "cpe:/a:apache:tomcat:6.0.8", "cpe:/a:apache:tomcat:5.5.25", "cpe:/a:apache:tomcat:5.5.19", "cpe:/a:apache:tomcat:5.5.21", "cpe:/a:apache:tomcat:6.0.26", "cpe:/a:apache:tomcat:5.5.5", "cpe:/a:apache:tomcat:5.5.26", "cpe:/a:apache:tomcat:6.0.2", "cpe:/a:apache:tomcat:6.0.1", "cpe:/a:apache:tomcat:5.5.17", "cpe:/a:apache:tomcat:6.0.24", "cpe:/a:apache:tomcat:5.5.28", "cpe:/a:apache:tomcat:5.5.27", "cpe:/a:apache:tomcat:5.5.7", "cpe:/a:apache:tomcat:5.5.13", "cpe:/a:apache:tomcat:6.0.17", "cpe:/a:apache:tomcat:6.0.3", "cpe:/a:apache:tomcat:5.5.15", "cpe:/a:apache:tomcat:6.0.15", "cpe:/a:apache:tomcat:5.5.8", "cpe:/a:apache:tomcat:6.0.18", "cpe:/a:apache:tomcat:5.5.6", "cpe:/a:apache:tomcat:5.5.12", "cpe:/a:apache:tomcat:5.5.20", "cpe:/a:apache:tomcat:6.0.9"], "id": "CVE-2010-1157", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1157", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.26:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.27:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.29:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.25:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.28:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:*"]}], "securityvulns": [{"lastseen": "2018-08-31T11:10:34", "bulletinFamily": "software", "cvelist": ["CVE-2010-1157"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nCVE-2010-1157: Apache Tomcat information disclosure vulnerability\r\n\r\nSeverity: Low\r\n\r\nVendor: The Apache Software Foundation\r\n\r\nVersions Affected:\r\n- - Tomcat 6.0.0 to 6.0.26\r\n- - Tomcat 5.5.0 to 5.5.29\r\nNote: The unsupported Tomcat 3.x, 4.x and 5.0.x versions may also be\r\naffected.\r\n\r\nDescription:\r\nThe "WWW-Authenticate" header for BASIC and DIGEST authentication\r\nincludes a realm name. If a <realm-name> element is specified for the\r\napplication in web.xml it will be used. However, a <realm-name> is not\r\nspecified then Tomcat will generate one using the code snippet:\r\nrequest.getServerName() + ":" + request.getServerPort()\r\nIn some circumstances this can expose the local hostname or IP address\r\nof the machine running Tomcat.\r\n\r\nExample:\r\nGET /application/j_security_check HTTP/1.0\r\n\r\n\r\nHTTP/1.1 401 Unauthorized\r\nServer: Apache-Coyote/1.1\r\nWWW-Authenticate: Basic realm="tomcat01:8080"\r\nContent-Type: text/html;charset=utf-8\r\nContent-Length: 954\r\nDate: Thu, 31 Dec 2009 12:18:11 GMT\r\nConnection: close\r\n\r\nMitigation:\r\nAdministrators of web applications that use BASIC or DIGEST\r\nauthentication are recommended to set an appropriate realm name in the\r\nweb application's web.xml file.\r\nAlternatively, the following patches may be used to change the default\r\nrealm to "Authentication required" (without the quotes):\r\n- - Tomcat 6.0.x: http://svn.apache.org/viewvc?view=rev&rev=936540\r\n- - Tomcat 5.5.x: http://svn.apache.org/viewvc?view=rev&rev=936541\r\nThese patches will be included in the next releases of Tomcat 5.5.x and\r\nTomcat 6.0.x. No release date has been set for the next Tomcat 5.5.x and\r\nTomcat 6.0.x releases.\r\n\r\nCredit:\r\nThis issue was discovered by Deniz Cevik.\r\n\r\nReferences:\r\nhttp://tomcat.apache.org/security.html\r\nhttp://tomcat.apache.org/security-6.html\r\nhttp://tomcat.apache.org/security-5.html\r\n\r\nThe Apache Tomcat Security Team\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (MingW32)\r\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/\r\n\r\niQIcBAEBAgAGBQJLz3o5AAoJEBDAHFovYFnn7NgP/jyjnqK98FfruhzL0eB/b748\r\n7EYP8k//kbmq8SIYyDkHkmlGfDNE+epxLudgSLbwg8QJdNG50JHwjTzAcclPCyu6\r\njx3NuJVKxn8KloD3rmxhrIItLG/yQ50JP3tnNO3xC4pS4j8dzdrTS2lFPXxcna6e\r\no9rMUwPLTEsLvNhd93sUIpdXuLhG9TP7dOeAD737ybvmRcz612igGyyT3hVUeGsK\r\nTvJ+uzZTLJi+Wz0UMRdseqsgp1OW2DeMyao67bPaUrbX9EfLA+yUfXV6TRByT4C5\r\nS5BB3mTz8WBgWkscCmKB0mqmtiPfv7PxlRDfMyPAkFhezPAnL5UD4fSZ3Aes8rTO\r\nIF6CM/lWXm+eMECVwuIh7RdiPJtpe/1ZTQ2EtAQ/JZOIoDX2sKNF92opGeNiZPp9\r\nP78tfksI23tLNJeDcJmL1a2L1yP8pcvAnd6AhYwZPc+LoZBKOsqEMMDU9CmbT3LY\r\n2Fyn8h5yV9Fql9TR9J87aB9BDcQ5vqtdJ17qO20ur54SockI/oNi45tpDf76sJQB\r\n0iOVY1MDu9J4c3xvtmWrdsAZF8VFDhW8nXdKOATh2cVQg/P4aELW2eyGUbiL5hLZ\r\nEWgiZRQWm815MqEwikbztMON4OipensBx1wNuKvj2VKs3VK8tkSuXigViOCTYo+c\r\nmm73gFAt6VWTF5sbfTuA\r\n=mtgX\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2010-04-23T00:00:00", "published": "2010-04-23T00:00:00", "id": "SECURITYVULNS:DOC:23687", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:23687", "title": "[SECURITY] CVE-2010-1157: Apache Tomcat information disclosure vulnerability", "type": "securityvulns", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:09:36", "bulletinFamily": "software", "cvelist": ["CVE-2010-1157"], "description": "Internal computer name and port may be used as a realm name for HTTP basic authentication.", "edition": 1, "modified": "2010-04-23T00:00:00", "published": "2010-04-23T00:00:00", "id": "SECURITYVULNS:VULN:10784", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10784", "title": "Apache Tomcat information leak", "type": "securityvulns", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:42", "bulletinFamily": "software", "cvelist": ["CVE-2011-0187", "CVE-2011-0421", "CVE-2011-1467", "CVE-2011-1153", "CVE-2011-1471", "CVE-2011-3221", "CVE-2011-3227", "CVE-2011-0259", "CVE-2011-3216", "CVE-2011-3246", "CVE-2011-1466", "CVE-2011-3435", "CVE-2011-3222", "CVE-2011-0229", "CVE-2011-1521", "CVE-2010-4172", "CVE-2011-0419", "CVE-2011-1092", "CVE-2011-0252", "CVE-2011-3223", "CVE-2011-0185", "CVE-2011-1755", "CVE-2011-3220", "CVE-2011-0224", "CVE-2011-2464", "CVE-2010-4645", "CVE-2011-3214", "CVE-2010-3436", "CVE-2010-1157", "CVE-2011-0013", "CVE-2011-0708", "CVE-2011-3228", "CVE-2011-0249", "CVE-2011-0231", "CVE-2011-0534", "CVE-2011-3437", "CVE-2011-2691", "CVE-2011-1468", "CVE-2011-0420", "CVE-2010-2089", "CVE-2011-3224", "CVE-2011-0226", "CVE-2011-1470", "CVE-2011-3192", "CVE-2011-3219", "CVE-2011-3436", "CVE-2011-3225", "CVE-2011-3215", "CVE-2011-0260", "CVE-2011-2692", "CVE-2010-2227", "CVE-2011-1469", "CVE-2011-3218", "CVE-2010-3614", "CVE-2011-3213", "CVE-2010-3718", "CVE-2011-0250", "CVE-2011-3217", "CVE-2010-3613", "CVE-2010-1634", "CVE-2010-0097", "CVE-2011-0251", "CVE-2011-0707", "CVE-2011-0230", "CVE-2011-3226", "CVE-2011-2690", "CVE-2011-0411", "CVE-2011-3212", "CVE-2009-4022", "CVE-2011-1910"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2011-10-12-3 OS X Lion v10.7.2 and Security Update 2011-006\r\n\r\nOS X Lion v10.7.2 and Security Update 2011-006 is now available and\r\naddresses the following:\r\n\r\nApache\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: Multiple vulnerabilities in Apache\r\nDescription: Apache is updated to version 2.2.20 to address several\r\nvulnerabilities, the most serious of which may lead to a denial of\r\nservice. CVE-2011-0419 does not affect OS X Lion systems. Further\r\ninformation is available via the Apache web site at\r\nhttp://httpd.apache.org/\r\nCVE-ID\r\nCVE-2011-0419\r\nCVE-2011-3192\r\n\r\nApplication Firewall\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: Executing a binary with a maliciously crafted name may lead\r\nto arbitrary code execution with elevated privileges\r\nDescription: A format string vulnerability existed in Application\r\nFirewall's debug logging.\r\nCVE-ID\r\nCVE-2011-0185 : an anonymous reporter\r\n\r\nATS\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: Viewing or downloading a document containing a maliciously\r\ncrafted embedded font may lead to arbitrary code execution\r\nDescription: A signedness issue existed in ATS' handling of Type 1\r\nfonts. This issue does not affect systems prior to OS X Lion.\r\nCVE-ID\r\nCVE-2011-3437\r\n\r\nATS\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Viewing or downloading a document containing a maliciously\r\ncrafted embedded font may lead to arbitrary code execution\r\nDescription: An out of bounds memory access issue existed in ATS'\r\nhandling of Type 1 fonts. This issue does not affect OS X Lion\r\nsystems.\r\nCVE-ID\r\nCVE-2011-0229 : Will Dormann of the CERT/CC\r\n\r\nATS\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: Applications which use the ATSFontDeactivate API may be\r\nvulnerable to an unexpected application termination or arbitrary code\r\nexecution\r\nDescription: A buffer overflow issue existed in the\r\nATSFontDeactivate API.\r\nCVE-ID\r\nCVE-2011-0230 : Steven Michaud of Mozilla\r\n\r\nBIND\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: Multiple vulnerabilities in BIND 9.7.3\r\nDescription: Multiple denial of service issues existed in BIND\r\n9.7.3. These issues are addressed by updating BIND to version\r\n9.7.3-P3.\r\nCVE-ID\r\nCVE-2011-1910\r\nCVE-2011-2464\r\n\r\nBIND\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Multiple vulnerabilities in BIND\r\nDescription: Multiple denial of service issues existed in BIND.\r\nThese issues are addressed by updating BIND to version 9.6-ESV-R4-P3.\r\nCVE-ID\r\nCVE-2009-4022\r\nCVE-2010-0097\r\nCVE-2010-3613\r\nCVE-2010-3614\r\nCVE-2011-1910\r\nCVE-2011-2464\r\n\r\nCertificate Trust Policy\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1.\r\nImpact: Root certificates have been updated\r\nDescription: Several trusted certificates were added to the list of\r\nsystem roots. Several existing certificates were updated to their\r\nmost recent version. The complete list of recognized system roots may\r\nbe viewed via the Keychain Access application.\r\n\r\nCFNetwork\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Safari may store cookies it is not configured to accept\r\nDescription: A synchronization issue existed in CFNetwork's handling\r\nof cookie policies. Safari's cookie preferences may not be honored,\r\nallowing websites to set cookies that would be blocked were the\r\npreference enforced. This update addresses the issue through improved\r\nhandling of cookie storage.\r\nCVE-ID\r\nCVE-2011-0231 : Martin Tessarek, Steve Riggins of Geeks R Us, Justin\r\nC. Walker, and Stephen Creswell\r\n\r\nCFNetwork\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: Visiting a maliciously crafted website may lead to the\r\ndisclosure of sensitive information\r\nDescription: An issue existed in CFNetwork's handling of HTTP\r\ncookies. When accessing a maliciously crafted HTTP or HTTPS URL,\r\nCFNetwork could incorrectly send the cookies for a domain to a server\r\noutside that domain. This issue does not affect systems prior to OS X\r\nLion.\r\nCVE-ID\r\nCVE-2011-3246 : Erling Ellingsen of Facebook\r\n\r\nCoreFoundation\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Viewing a maliciously crafted website or e-mail message may\r\nlead to an unexpected application termination or arbitrary code\r\nexecution\r\nDescription: A memory corruption issue existed in CoreFoundation's\r\nhandling of string tokenization. This issue does not affect OS X Lion\r\nsystems. This update addresses the issue through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2011-0259 : Apple\r\n\r\nCoreMedia\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: Visiting a maliciously crafted website may lead to the\r\ndisclosure of video data from another site\r\nDescription: A cross-origin issue existed in CoreMedia's handling of\r\ncross-site redirects. This issue is addressed through improved origin\r\ntracking.\r\nCVE-ID\r\nCVE-2011-0187 : Nirankush Panchbhai and Microsoft Vulnerability\r\nResearch (MSVR)\r\n\r\nCoreMedia\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in the\r\nhandling of QuickTime movie files. These issues do not affect OS X\r\nLion systems.\r\nCVE-ID\r\nCVE-2011-0224 : Apple\r\n\r\nCoreProcesses\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: A person with physical access to a system may partially\r\nbypass the screen lock\r\nDescription: A system window, such as a VPN password prompt, that\r\nappeared while the screen was locked may have accepted keystrokes\r\nwhile the screen was locked. This issue is addressed by preventing\r\nsystem windows from requesting keystrokes while the screen is locked.\r\nThis issue does not affect systems prior to OS X Lion.\r\nCVE-ID\r\nCVE-2011-0260 : Clint Tseng of the University of Washington, Michael\r\nKobb, and Adam Kemp\r\n\r\nCoreStorage\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: Converting to FileVault does not erase all existing data\r\nDescription: After enabling FileVault, approximately 250MB at the\r\nstart of the volume was left unencrypted on the disk in an unused\r\narea. Only data which was present on the volume before FileVault was\r\nenabled was left unencrypted. This issue is addressed by erasing this\r\narea when enabling FileVault, and on the first use of an encrypted\r\nvolume affected by this issue. This issue does not affect systems\r\nprior to OS X Lion.\r\nCVE-ID\r\nCVE-2011-3212 : Judson Powers of ATC-NY\r\n\r\nFile Systems\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: An attacker in a privileged network position may manipulate\r\nHTTPS server certificates, leading to the disclosure of sensitive\r\ninformation\r\nDescription: An issue existed in the handling of WebDAV volumes on\r\nHTTPS servers. If the server presented a certificate chain that could\r\nnot be automatically verified, a warning was displayed and the\r\nconnection was closed. If the user clicked the "Continue" button in\r\nthe warning dialog, any certificate was accepted on the following\r\nconnection to that server. An attacker in a privileged network\r\nposition may have manipulated the connection to obtain sensitive\r\ninformation or take action on the server on the user's behalf. This\r\nupdate addresses the issue by validating that the certificate\r\nreceived on the second connection is the same certificate originally\r\npresented to the user.\r\nCVE-ID\r\nCVE-2011-3213 : Apple\r\n\r\nIOGraphics\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: A person with physical access may be able to bypass the\r\nscreen lock\r\nDescription: An issue existed with the screen lock when used with\r\nApple Cinema Displays. When a password is required to wake from\r\nsleep, a person with physical access may be able to access the system\r\nwithout entering a password if the system is in display sleep mode.\r\nThis update addresses the issue by ensuring that the lock screen is\r\ncorrectly activated in display sleep mode. This issue does not affect\r\nOS X Lion systems.\r\nCVE-ID\r\nCVE-2011-3214 : Apple\r\n\r\niChat Server\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: A remote attacker may cause the Jabber server to consume\r\nsystem resources disproportionately\r\nDescription: An issue existed in the handling of XML external\r\nentities in jabberd2, a server for the Extensible Messaging and\r\nPresence Protocol (XMPP). jabberd2 expands external entities in\r\nincoming requests. This allows an attacker to consume system\r\nresources very quickly, denying service to legitimate users of the\r\nserver. This update addresses the issue by disabling entity expansion\r\nin incoming requests.\r\nCVE-ID\r\nCVE-2011-1755\r\n\r\nKernel\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: A person with physical access may be able to access the\r\nuser's password\r\nDescription: A logic error in the kernel's DMA protection permitted\r\nfirewire DMA at loginwindow, boot, and shutdown, although not at\r\nscreen lock. This update addresses the issue by preventing firewire\r\nDMA at all states where the user is not logged in.\r\nCVE-ID\r\nCVE-2011-3215 : Passware, Inc.\r\n\r\nKernel\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: An unprivileged user may be able to delete another user's\r\nfiles in a shared directory\r\nDescription: A logic error existed in the kernel's handling of file\r\ndeletions in directories with the sticky bit.\r\nCVE-ID\r\nCVE-2011-3216 : Gordon Davisson of Crywolf, Linc Davis, R. Dormer,\r\nand Allan Schmid and Oliver Jeckel of brainworks Training\r\n\r\nlibsecurity\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: Viewing a maliciously crafted website or e-mail message may\r\nlead to an unexpected application termination or arbitrary code\r\nexecution\r\nDescription: An error handling issue existed when parsing a\r\nnonstandard certificate revocation list extension.\r\nCVE-ID\r\nCVE-2011-3227 : Richard Godbee of Virginia Tech\r\n\r\nMailman\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Multiple vulnerabilities in Mailman 2.1.14\r\nDescription: Multiple cross-site scripting issues existed in Mailman\r\n2.1.14. These issues are addressed by improved encoding of characters\r\nin HTML output. Further information is available via the Mailman site\r\nat http://mail.python.org/pipermail/mailman-\r\nannounce/2011-February/000158.html This issue does not affect OS X\r\nLion systems.\r\nCVE-ID\r\nCVE-2011-0707\r\n\r\nMediaKit\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Opening a maliciously crafted disk image may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in the\r\nhandling of disk images. These issues do not affect OS X Lion\r\nsystems.\r\nCVE-ID\r\nCVE-2011-3217 : Apple\r\n\r\nOpen Directory\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: Any user may read another local user's password data\r\nDescription: An access control issue existed in Open Directory. This\r\nissue does not affect systems prior to OS X Lion.\r\nCVE-ID\r\nCVE-2011-3435 : Arek Dreyer of Dreyer Network Consultants, Inc, and\r\nPatrick Dunstan at defenseindepth.net\r\n\r\nOpen Directory\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: An authenticated user may change that account's password\r\nwithout providing the current password\r\nDescription: An access control issue existed in Open Directory. This\r\nissue does not affect systems prior to OS X Lion.\r\nCVE-ID\r\nCVE-2011-3436 : Patrick Dunstan at defenceindepth.net\r\n\r\nOpen Directory\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: A user may be able to log in without a password\r\nDescription: When Open Directory is bound to an LDAPv3 server using\r\nRFC2307 or custom mappings, such that there is no\r\nAuthenticationAuthority attribute for a user, an LDAP user may be\r\nallowed to log in without a password. This issue does not affect\r\nsystems prior to OS X Lion.\r\nCVE-ID\r\nCVE-2011-3226 : Jeffry Strunk of The University of Texas at Austin,\r\nSteven Eppler of Colorado Mesa University, Hugh Cole-Baker, and\r\nFrederic Metoz of Institut de Biologie Structurale\r\n\r\nPHP\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: Viewing a maliciously crafted PDF file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A signedness issue existed in FreeType's handling of\r\nType 1 fonts. This issue is addressed by updating FreeType to version\r\n2.4.6. This issue does not affect systems prior to OS X Lion. Further\r\ninformation is available via the FreeType site at\r\nhttp://www.freetype.org/\r\nCVE-ID\r\nCVE-2011-0226\r\n\r\nPHP\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: Multiple vulnerabilities in libpng 1.4.3\r\nDescription: libpng is updated to version 1.5.4 to address multiple\r\nvulnerabilities, the most serious of which may lead to arbitrary code\r\nexecution. Further information is available via the libpng website at\r\nhttp://www.libpng.org/pub/png/libpng.html\r\nCVE-ID\r\nCVE-2011-2690\r\nCVE-2011-2691\r\nCVE-2011-2692\r\n\r\nPHP\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Multiple vulnerabilities in PHP 5.3.4\r\nDescription: PHP is updated to version 5.3.6 to address multiple\r\nvulnerabilities, the most serious of which may lead to arbitrary code\r\nexecution. This issues do not affect OS X Lion systems. Further\r\ninformation is available via the PHP website at http://www.php.net/\r\nCVE-ID\r\nCVE-2010-3436\r\nCVE-2010-4645\r\nCVE-2011-0420\r\nCVE-2011-0421\r\nCVE-2011-0708\r\nCVE-2011-1092\r\nCVE-2011-1153\r\nCVE-2011-1466\r\nCVE-2011-1467\r\nCVE-2011-1468\r\nCVE-2011-1469\r\nCVE-2011-1470\r\nCVE-2011-1471\r\n\r\npostfix\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: An attacker in a privileged network position may manipulate\r\nmail sessions, resulting in the disclosure of sensitive information\r\nDescription: A logic issue existed in Postfix in the handling of the\r\nSTARTTLS command. After receiving a STARTTLS command, Postfix may\r\nprocess other plain-text commands. An attacker in a privileged\r\nnetwork position may manipulate the mail session to obtain sensitive\r\ninformation from the encrypted traffic. This update addresses the\r\nissue by clearing the command queue after processing a STARTTLS\r\ncommand. This issue does not affect OS X Lion systems. Further\r\ninformation is available via the Postfix site at\r\nhttp://www.postfix.org/announcements/postfix-2.7.3.html\r\nCVE-ID\r\nCVE-2011-0411\r\n\r\npython\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: Multiple vulnerabilities in python\r\nDescription: Multiple vulnerabilities existed in python, the most\r\nserious of which may lead to arbitrary code execution. This update\r\naddresses the issues by applying patches from the python project.\r\nFurther information is available via the python site at\r\nhttp://www.python.org/download/releases/\r\nCVE-ID\r\nCVE-2010-1634\r\nCVE-2010-2089\r\nCVE-2011-1521\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in\r\nQuickTime's handling of movie files.\r\nCVE-ID\r\nCVE-2011-3228 : Apple\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A heap buffer overflow existed in the handling of STSC\r\natoms in QuickTime movie files. This issue does not affect OS X Lion\r\nsystems.\r\nCVE-ID\r\nCVE-2011-0249 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero\r\nDay Initiative\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A heap buffer overflow existed in the handling of STSS\r\natoms in QuickTime movie files. This issue does not affect OS X Lion\r\nsystems.\r\nCVE-ID\r\nCVE-2011-0250 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero\r\nDay Initiative\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A heap buffer overflow existed in the handling of STSZ\r\natoms in QuickTime movie files. This issue does not affect OS X Lion\r\nsystems.\r\nCVE-ID\r\nCVE-2011-0251 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero\r\nDay Initiative\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A heap buffer overflow existed in the handling of STTS\r\natoms in QuickTime movie files. This issue does not affect OS X Lion\r\nsystems.\r\nCVE-ID\r\nCVE-2011-0252 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero\r\nDay Initiative\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: An attacker in a privileged network position may inject\r\nscript in the local domain when viewing template HTML\r\nDescription: A cross-site scripting issue existed in QuickTime\r\nPlayer's "Save for Web" export. The template HTML files generated by\r\nthis feature referenced a script file from a non-encrypted origin. An\r\nattacker in a privileged network position may be able to inject\r\nmalicious scripts in the local domain if the user views a template\r\nfile locally. This issue is resolved by removing the reference to an\r\nonline script. This issue does not affect OS X Lion systems.\r\nCVE-ID\r\nCVE-2011-3218 : Aaron Sigel of vtty.com\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in QuickTime's handling of\r\nH.264 encoded movie files.\r\nCVE-ID\r\nCVE-2011-3219 : Damian Put working with TippingPoint's Zero Day\r\nInitiative\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: Viewing a maliciously crafted movie file may lead to the\r\ndisclosure of memory contents\r\nDescription: An uninitialized memory access issue existed in\r\nQuickTime's handling of URL data handlers within movie files.\r\nCVE-ID\r\nCVE-2011-3220 : Luigi Auriemma working with TippingPoint's Zero Day\r\nInitiative\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: An implementation issue existed in QuickTime's handling\r\nof the atom hierarchy within a movie file.\r\nCVE-ID\r\nCVE-2011-3221 : an anonymous researcher working with TippingPoint's\r\nZero Day Initiative\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: Viewing a maliciously crafted FlashPix file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in QuickTime's handling of\r\nFlashPix files.\r\nCVE-ID\r\nCVE-2011-3222 : Damian Put working with TippingPoint's Zero Day\r\nInitiative\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in QuickTime's handling of\r\nFLIC files.\r\nCVE-ID\r\nCVE-2011-3223 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero\r\nDay Initiative\r\n\r\nSMB File Server\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: A guest user may browse shared folders\r\nDescription: An access control issue existed in the SMB File Server.\r\nDisallowing guest access to the share point record for a folder\r\nprevented the '_unknown' user from browsing the share point but not\r\nguests (user 'nobody'). This issue is addressed by applying the\r\naccess control to the guest user. This issue does not affect systems\r\nprior to OS X Lion.\r\nCVE-ID\r\nCVE-2011-3225\r\n\r\nTomcat\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Multiple vulnerabilities in Tomcat 6.0.24\r\nDescription: Tomcat is updated to version 6.0.32 to address multiple\r\nvulnerabilities, the most serious of which may lead to a cross site\r\nscripting attack. Tomcat is only provided on Mac OS X Server systems.\r\nThis issue does not affect OS X Lion systems. Further information is\r\navailable via the Tomcat site at http://tomcat.apache.org/\r\nCVE-ID\r\nCVE-2010-1157\r\nCVE-2010-2227\r\nCVE-2010-3718\r\nCVE-2010-4172\r\nCVE-2011-0013\r\nCVE-2011-0534\r\n\r\nUser Documentation\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: An attacker in a privileged network position may manipulate\r\nApp Store help content, leading to arbitrary code execution\r\nDescription: App Store help content was updated over HTTP. This\r\nupdate addresses the issue by updating App Store help content over\r\nHTTPS. This issue does not affect OS X Lion systems.\r\nCVE-ID\r\nCVE-2011-3224 : Aaron Sigel of vtty.com\r\n\r\nWeb Server\r\nAvailable for: Mac OS X Server v10.6.8\r\nImpact: Clients may be unable to access web services that require\r\ndigest authentication\r\nDescription: An issue in the handling of HTTP Digest authentication\r\nwas addressed. Users may be denied access to the server's resources,\r\nwhen the server configuration should have allowed the access. This\r\nissue does not represent a security risk, and was addressed to\r\nfacilitate the use of stronger authentication mechanisms. Systems\r\nrunning OS X Lion Server are not affected by this issue.\r\n\r\nX11\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: Multiple vulnerabilities in libpng\r\nDescription: Multiple vulnerabilities existed in libpng, the most\r\nserious of which may lead to arbitrary code execution. These issues\r\nare addressed by updating libpng to version 1.5.4 on OS Lion systems,\r\nand to 1.2.46 on Mac OS X v10.6 systems. Further information is\r\navailable via the libpng website at\r\nhttp://www.libpng.org/pub/png/libpng.html\r\nCVE-ID\r\nCVE-2011-2690\r\nCVE-2011-2691\r\nCVE-2011-2692\r\n\r\nOS X Lion v10.7.2 also includes Safari 5.1.1. For information on\r\nthe security content of Safari 5.1.1, please visit:\r\nhttp://support.apple.com/kb/HT5000\r\n\r\nOS X Lion v10.7.2 and Security Update 2011-006 may be obtained from\r\nthe Software Update pane in System Preferences, or Apple's Software\r\nDownloads web site:\r\nhttp://www.apple.com/support/downloads/\r\n\r\nThe Software Update utility will present the update that applies\r\nto your system configuration. Only one is needed, either\r\nSecurity Update 2011-006 or OS X v10.7.2.\r\n\r\nFor OS X Lion v10.7.1\r\nThe download file is named: MacOSXUpd10.7.2.dmg\r\nIts SHA-1 digest is: 37f784e08d4461e83a891a7f8b8af24c2ceb8229\r\n\r\nFor OS X Lion v10.7\r\nThe download file is named: MacOSXUpdCombo10.7.2.dmg\r\nIts SHA-1 digest is: accd06d610af57df24f62ce7af261395944620eb\r\n\r\nFor OS X Lion Server v10.7.1\r\nThe download file is named: MacOSXServerUpd10.7.2.dmg\r\nIts SHA-1 digest is: e4084bf1dfa295a42f619224d149e515317955da\r\n\r\nFor OS X Lion Server v10.7\r\nThe download file is named: MacOSXServerUpdCombo10.7.2.dmg\r\nIts SHA-1 digest is: 25e86f5cf97b6644c7a025230431b1992962ec4a\r\n\r\nFor Mac OS X v10.6.8\r\nThe download file is named: SecUpd2011-006Snow.dmg\r\nIts SHA-1 digest is: 0f9c29610a06370d0c85a4c92dc278a48ba17a84\r\n\r\nFor Mac OS X Server v10.6.8\r\nThe download file is named: SecUpdSrvr2011-006.dmg\r\nIts SHA-1 digest is: 12de3732710bb03059f93527189d221c97ef8a06\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.16 (Darwin)\r\n\r\niQEcBAEBAgAGBQJOlc/zAAoJEGnF2JsdZQeeWFcH/RDHS+dCP8T4a92uYRIbs9T3\r\nTFbT7hnOoTB0H+2eN3oziLNime2N4mO921heHobiAKSXv/luU41ZPHxVd6rE77Md\r\n/BHDqLv65RA0XFTIPmrTcfpLhI5UgXDLfOLrsmdwTm52l5zQZkoxufYFf3mB3h7U\r\nZJUD1s081Pjy45/Cbao097+JrDwS7ahhgkvTmpmSvJK/wWRz4JtZkvIYcQ2uQFR4\r\nsTg4l6pmi3d8sJJ4wzrEaxDpclRjvjURI4DiBMYwGAXeCMRgYi0y03tYtkjXoaSG\r\n69h2yD8EXQBuJkDyouak7/M/eMwUfb2S6o1HyXTldjdvFBFvvwvl+Y3xp8YmDzU=\r\n=gsvn\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2011-10-16T00:00:00", "published": "2011-10-16T00:00:00", "id": "SECURITYVULNS:DOC:27155", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27155", "title": "APPLE-SA-2011-10-12-3 OS X Lion v10.7.2 and Security Update 2011-006", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:44", "bulletinFamily": "software", "cvelist": ["CVE-2011-0187", "CVE-2011-0421", "CVE-2011-1467", "CVE-2011-1153", "CVE-2011-1471", "CVE-2011-3221", "CVE-2011-3227", "CVE-2011-0259", "CVE-2011-3216", "CVE-2011-3246", "CVE-2011-1466", "CVE-2011-3435", "CVE-2011-3222", "CVE-2011-0229", "CVE-2011-1521", "CVE-2010-4172", "CVE-2011-0419", "CVE-2011-1092", "CVE-2011-0252", "CVE-2011-3223", "CVE-2011-0185", "CVE-2011-1755", "CVE-2011-3220", "CVE-2011-0224", "CVE-2011-2464", "CVE-2010-4645", "CVE-2011-3214", "CVE-2010-3436", "CVE-2010-1157", "CVE-2011-0013", "CVE-2011-0708", "CVE-2011-3228", "CVE-2011-0249", "CVE-2011-0231", "CVE-2011-0534", "CVE-2011-3437", "CVE-2011-2691", "CVE-2011-1468", "CVE-2011-0420", "CVE-2010-2089", "CVE-2011-3224", "CVE-2011-0226", "CVE-2011-1470", "CVE-2011-3192", "CVE-2011-3219", "CVE-2011-3436", "CVE-2011-3225", "CVE-2011-3215", "CVE-2011-0260", "CVE-2011-2692", "CVE-2010-2227", "CVE-2011-1469", "CVE-2011-3218", "CVE-2010-3614", "CVE-2011-3213", "CVE-2010-3718", "CVE-2011-0250", "CVE-2011-3217", "CVE-2010-3613", "CVE-2010-1634", "CVE-2010-0097", "CVE-2011-0251", "CVE-2011-0707", "CVE-2011-0230", "CVE-2011-3226", "CVE-2011-2690", "CVE-2011-0411", "CVE-2011-3212", "CVE-2009-4022", "CVE-2011-1910"], "description": "Multiple vulnerabilities in different system components.", "edition": 1, "modified": "2011-10-24T00:00:00", "published": "2011-10-24T00:00:00", "id": "SECURITYVULNS:VULN:11973", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11973", "title": "Apple OS X multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "exploitdb": [{"lastseen": "2016-02-01T16:15:57", "description": "Apache Tomcat v. 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 information disclosure vulnerability. CVE-2010-1157. Remote exploits for multiple platform", "published": "2010-04-22T00:00:00", "type": "exploitdb", "title": "Apache Tomcat 5.5.0 < 5.5.29 / 6.0.0 < 6.0.26 - Information Disclosure Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2010-1157"], "modified": "2010-04-22T00:00:00", "id": "EDB-ID:12343", "href": "https://www.exploit-db.com/exploits/12343/", "sourceData": "CVE-2010-1157: Apache Tomcat information disclosure vulnerability\r\n\r\nSeverity: Low\r\n\r\nVendor: The Apache Software Foundation\r\n\r\nVersions Affected:\r\n\r\n- - Tomcat 6.0.0 to 6.0.26\r\n\r\n- - Tomcat 5.5.0 to 5.5.29\r\n\r\nNote: The unsupported Tomcat 3.x, 4.x and 5.0.x versions may also be\r\naffected.\r\n\r\n\r\nDescription:\r\n\r\nThe \"WWW-Authenticate\" header for BASIC and DIGEST authentication includes a\r\nrealm name. If a <realm-name> element is specified for the application in\r\nweb.xml it will be used. However, a <realm-name> is not specified then\r\nTomcat will generate one using the code snippet:\r\n\r\nrequest.getServerName() + \":\" + request.getServerPort() In some\r\ncircumstances this can expose the local hostname or IP address of the\r\nmachine running Tomcat.\r\n\r\nExample:\r\n\r\nGET /application/j_security_check HTTP/1.0\r\n\r\n\r\nHTTP/1.1 401 Unauthorized\r\n\r\nServer: Apache-Coyote/1.1\r\n\r\nWWW-Authenticate: Basic realm=\"tomcat01:8080\"\r\n\r\nContent-Type: text/html;charset=utf-8\r\n\r\nContent-Length: 954\r\n\r\nDate: Thu, 31 Dec 2009 12:18:11 GMT\r\n\r\nConnection: close\r\n\r\n\r\nMitigation:\r\n\r\nAdministrators of web applications that use BASIC or DIGEST authentication\r\nare recommended to set an appropriate realm name in the web application's\r\nweb.xml file.\r\n\r\nAlternatively, the following patches may be used to change the default realm\r\nto \"Authentication required\" (without the quotes):\r\n\r\n- - Tomcat 6.0.x: http://svn.apache.org/viewvc?view=rev&rev=936540\r\n\r\n- - Tomcat 5.5.x: http://svn.apache.org/viewvc?view=rev&rev=936541\r\n\r\nThese patches will be included in the next releases of Tomcat 5.5.x and\r\nTomcat 6.0.x. No release date has been set for the next Tomcat 5.5.x and\r\nTomcat 6.0.x releases.\r\n\r\n\r\nCredit:\r\n\r\nThis issue was discovered by Deniz Cevik.\r\n\r\n\r\nReferences:\r\n\r\nhttp://tomcat.apache.org/security.html\r\n\r\nhttp://tomcat.apache.org/security-6.html\r\n\r\nhttp://tomcat.apache.org/security-5.html", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/12343/"}], "seebug": [{"lastseen": "2017-11-19T18:16:58", "description": "BUGTRAQ ID: 39635\r\nCVE ID: CVE-2010-1157\r\n\r\nApache Tomcat\u662f\u4e00\u4e2a\u6d41\u884c\u7684\u5f00\u653e\u6e90\u7801\u7684JSP\u5e94\u7528\u670d\u52a1\u5668\u7a0b\u5e8f\u3002\r\n\r\nBASIC\u548cDIGEST\u8ba4\u8bc1\u7684WWW-Authenticate\u5934\u5305\u542b\u6709\u533a\u57df\u540d\u3002\u5982\u679cweb.xml\u4e2d\u5bf9\u5e94\u7528\u6307\u5b9a\u4e86<realm- name>\u5143\u7d20\uff0c\u5c31\u4f1a\u4f7f\u7528\u6307\u5b9a\u7684\u533a\u57df\u540d\uff0c\u5426\u5219Tomcat\u5c31\u4f1a\u4f7f\u7528\u4ee5\u4e0b\u4ee3\u7801\u6bb5\u751f\u6210\u4e00\u4e2a\u533a\u57df\u540d\uff1a\r\n \r\nrequest.getServerName() + ":" + request.getServerPort()\r\n\r\n\u5728\u67d0\u4e9b\u73af\u5883\u4e2d\u8fd9\u53ef\u80fd\u4f1a\u66b4\u9732\u8fd0\u884cTomcat\u673a\u5668\u7684\u672c\u5730\u4e3b\u673a\u540d\u6216IP\u5730\u5740\u3002\n\nApache Group Tomcat 6.0.x\r\nApache Group Tomcat 5.5.x\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nApache Group\r\n------------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://svn.apache.org/viewvc?view=rev&rev=936540 \r\nhttp://svn.apache.org/viewvc?view=rev&rev=936541", "published": "2010-04-26T00:00:00", "title": "Apache Tomcat\u8ba4\u8bc1\u5934\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2010-1157"], "modified": "2010-04-26T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-19510", "id": "SSV:19510", "sourceData": "\n HTTP/1.1 401 Unauthorized\r\nServer: Apache-Coyote/1.1 \r\nWWW-Authenticate: Basic realm="tomcat01:8080" \r\nContent-Type: text/html;charset=utf-8 \r\nContent-Length: 954 \r\nDate: Thu, 31 Dec 2009 12:18:11 GMT \r\nConnection: close\n ", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-19510"}, {"lastseen": "2017-11-19T18:12:31", "description": "No description provided by source.", "published": "2010-04-23T00:00:00", "type": "seebug", "title": "Apache Tomcat v. 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 information disclosure vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2010-1157"], "modified": "2010-04-23T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-19493", "id": "SSV:19493", "sourceData": "\n CVE-2010-1157: Apache Tomcat information disclosure vulnerability\r\n \r\nSeverity: Low\r\n \r\nVendor: The Apache Software Foundation\r\n \r\nVersions Affected:\r\n \r\n- - Tomcat 6.0.0 to 6.0.26\r\n \r\n- - Tomcat 5.5.0 to 5.5.29\r\n \r\nNote: The unsupported Tomcat 3.x, 4.x and 5.0.x versions may also be\r\naffected.\r\n \r\n \r\nDescription:\r\n \r\nThe "WWW-Authenticate" header for BASIC and DIGEST authentication includes a\r\nrealm name. If a <realm-name> element is specified for the application in\r\nweb.xml it will be used. However, a <realm-name> is not specified then\r\nTomcat will generate one using the code snippet:\r\n \r\nrequest.getServerName() + ":" + request.getServerPort() In some\r\ncircumstances this can expose the local hostname or IP address of the\r\nmachine running Tomcat.\r\n \r\nExample:\r\n \r\nGET /application/j_security_check HTTP/1.0\r\n \r\n \r\nHTTP/1.1 401 Unauthorized\r\n \r\nServer: Apache-Coyote/1.1\r\n \r\nWWW-Authenticate: Basic realm="tomcat01:8080"\r\n \r\nContent-Type: text/html;charset=utf-8\r\n \r\nContent-Length: 954\r\n \r\nDate: Thu, 31 Dec 2009 12:18:11 GMT\r\n \r\nConnection: close\r\n \r\n \r\nMitigation:\r\n \r\nAdministrators of web applications that use BASIC or DIGEST authentication\r\nare recommended to set an appropriate realm name in the web application's\r\nweb.xml file.\r\n \r\nAlternatively, the following patches may be used to change the default realm\r\nto "Authentication required" (without the quotes):\r\n \r\n- - Tomcat 6.0.x: http://svn.apache.org/viewvc?view=rev&rev=936540\r\n \r\n- - Tomcat 5.5.x: http://svn.apache.org/viewvc?view=rev&rev=936541\r\n \r\nThese patches will be included in the next releases of Tomcat 5.5.x and\r\nTomcat 6.0.x. No release date has been set for the next Tomcat 5.5.x and\r\nTomcat 6.0.x releases.\r\n \r\nCredit:\r\n \r\nThis issue was discovered by Deniz Cevik.\r\n \r\n \r\nReferences:\r\n \r\nhttp://tomcat.apache.org/security.html\r\n \r\nhttp://tomcat.apache.org/security-6.html\r\n \r\nhttp://tomcat.apache.org/security-5.html\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-19493", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-11-19T14:00:52", "description": "No description provided by source.", "published": "2014-07-01T00:00:00", "title": "Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2010-1157"], "modified": "2014-07-01T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-68397", "id": "SSV:68397", "sourceData": "\n CVE-2010-1157: Apache Tomcat information disclosure vulnerability\r\n\r\nSeverity: Low\r\n\r\nVendor: The Apache Software Foundation\r\n\r\nVersions Affected:\r\n\r\n- - Tomcat 6.0.0 to 6.0.26\r\n\r\n- - Tomcat 5.5.0 to 5.5.29\r\n\r\nNote: The unsupported Tomcat 3.x, 4.x and 5.0.x versions may also be\r\naffected.\r\n\r\n\r\nDescription:\r\n\r\nThe "WWW-Authenticate" header for BASIC and DIGEST authentication includes a\r\nrealm name. If a <realm-name> element is specified for the application in\r\nweb.xml it will be used. However, a <realm-name> is not specified then\r\nTomcat will generate one using the code snippet:\r\n\r\nrequest.getServerName() + ":" + request.getServerPort() In some\r\ncircumstances this can expose the local hostname or IP address of the\r\nmachine running Tomcat.\r\n\r\nExample:\r\n\r\nGET /application/j_security_check HTTP/1.0\r\n\r\n\r\nHTTP/1.1 401 Unauthorized\r\n\r\nServer: Apache-Coyote/1.1\r\n\r\nWWW-Authenticate: Basic realm="tomcat01:8080"\r\n\r\nContent-Type: text/html;charset=utf-8\r\n\r\nContent-Length: 954\r\n\r\nDate: Thu, 31 Dec 2009 12:18:11 GMT\r\n\r\nConnection: close\r\n\r\n\r\nMitigation:\r\n\r\nAdministrators of web applications that use BASIC or DIGEST authentication\r\nare recommended to set an appropriate realm name in the web application's\r\nweb.xml file.\r\n\r\nAlternatively, the following patches may be used to change the default realm\r\nto "Authentication required" (without the quotes):\r\n\r\n- - Tomcat 6.0.x: http://svn.apache.org/viewvc?view=rev&rev=936540\r\n\r\n- - Tomcat 5.5.x: http://svn.apache.org/viewvc?view=rev&rev=936541\r\n\r\nThese patches will be included in the next releases of Tomcat 5.5.x and\r\nTomcat 6.0.x. No release date has been set for the next Tomcat 5.5.x and\r\nTomcat 6.0.x releases.\r\n\r\n\r\nCredit:\r\n\r\nThis issue was discovered by Deniz Cevik.\r\n\r\n\r\nReferences:\r\n\r\nhttp://tomcat.apache.org/security.html\r\n\r\nhttp://tomcat.apache.org/security-6.html\r\n\r\nhttp://tomcat.apache.org/security-5.html\n ", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-68397"}], "nessus": [{"lastseen": "2021-01-07T10:41:09", "description": "The Apache software foundation reports :\n\nThe 'WWW-Authenticate' header for BASIC and DIGEST authentication\nincludes a realm name. If a <realm-name> element is specified for the\napplication in web.xml it will be used. However, a <realm-name> is not\nspecified then Tomcat will generate one.\n\nIn some circumstances this can expose the local hostname or IP address\nof the machine running Tomcat.", "edition": 26, "published": "2010-04-26T00:00:00", "title": "FreeBSD : tomcat -- information disclosure vulnerability (3383e706-4fc3-11df-83fb-0015587e2cc1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1157"], "modified": "2010-04-26T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:tomcat"], "id": "FREEBSD_PKG_3383E7064FC311DF83FB0015587E2CC1.NASL", "href": "https://www.tenable.com/plugins/nessus/45613", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(45613);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2010-1157\");\n\n script_name(english:\"FreeBSD : tomcat -- information disclosure vulnerability (3383e706-4fc3-11df-83fb-0015587e2cc1)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Apache software foundation reports :\n\nThe 'WWW-Authenticate' header for BASIC and DIGEST authentication\nincludes a realm name. If a <realm-name> element is specified for the\napplication in web.xml it will be used. However, a <realm-name> is not\nspecified then Tomcat will generate one.\n\nIn some circumstances this can expose the local hostname or IP address\nof the machine running Tomcat.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=146022\"\n );\n # http://seclists.org/bugtraq/2010/Apr/200\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://seclists.org/bugtraq/2010/Apr/200\"\n );\n # https://vuxml.freebsd.org/freebsd/3383e706-4fc3-11df-83fb-0015587e2cc1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a444f43\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/04/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/04/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"tomcat>5.5.0<5.5.30\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"tomcat>6.0.0<6.0.27\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:pkg_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-17T14:06:42", "description": "This update of tomcat fixes denial of service and information\ndisclosure vulnerabilities which could potentially be exploited by\nremote attackers to crash tomcat or to obtain sensitive information\n(CVE-2010-2227, CVE-2010-1157).", "edition": 24, "published": "2010-09-16T00:00:00", "title": "openSUSE Security Update : tomcat6 (openSUSE-SU-2010:0616-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1157", "CVE-2010-2227"], "modified": "2010-09-16T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:tomcat6-jsp-2_1-api", "p-cpe:/a:novell:opensuse:tomcat6-javadoc", "p-cpe:/a:novell:opensuse:tomcat6", "cpe:/o:novell:opensuse:11.2", "p-cpe:/a:novell:opensuse:tomcat6-webapps", "p-cpe:/a:novell:opensuse:tomcat6-lib", "p-cpe:/a:novell:opensuse:tomcat6-admin-webapps", "p-cpe:/a:novell:opensuse:tomcat6-servlet-2_5-api", "p-cpe:/a:novell:opensuse:tomcat6-docs-webapp"], "id": "SUSE_11_2_TOMCAT6-100719.NASL", "href": "https://www.tenable.com/plugins/nessus/49259", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update tomcat6-2739.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(49259);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1157\", \"CVE-2010-2227\");\n\n script_name(english:\"openSUSE Security Update : tomcat6 (openSUSE-SU-2010:0616-1)\");\n script_summary(english:\"Check for the tomcat6-2739 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of tomcat fixes denial of service and information\ndisclosure vulnerabilities which could potentially be exploited by\nremote attackers to crash tomcat or to obtain sensitive information\n(CVE-2010-2227, CVE-2010-1157).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=622188\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-09/msg00022.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat6 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-jsp-2_1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-servlet-2_5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/09/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"tomcat6-6.0.20-24.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"tomcat6-admin-webapps-6.0.20-24.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"tomcat6-docs-webapp-6.0.20-24.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"tomcat6-javadoc-6.0.20-24.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"tomcat6-jsp-2_1-api-6.0.20-24.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"tomcat6-lib-6.0.20-24.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"tomcat6-servlet-2_5-api-6.0.20-24.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"tomcat6-webapps-6.0.20-24.7.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-01-17T14:47:13", "description": "This update of tomcat fixes denial of service and information\ndisclosure vulnerabilities which could potentially be exploited by\nremote attackers to crash tomcat or to obtain sensitive information.\n(CVE-2010-2227 / CVE-2010-1157)", "edition": 23, "published": "2010-10-11T00:00:00", "title": "SuSE 10 Security Update : tomcat5 (ZYPP Patch Number 7099)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1157", "CVE-2010-2227"], "modified": "2010-10-11T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_TOMCAT5-7099.NASL", "href": "https://www.tenable.com/plugins/nessus/49930", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(49930);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1157\", \"CVE-2010-2227\");\n\n script_name(english:\"SuSE 10 Security Update : tomcat5 (ZYPP Patch Number 7099)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of tomcat fixes denial of service and information\ndisclosure vulnerabilities which could potentially be exploited by\nremote attackers to crash tomcat or to obtain sensitive information.\n(CVE-2010-2227 / CVE-2010-1157)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1157.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2227.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7099.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"tomcat5-5.5.27-0.10.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"tomcat5-admin-webapps-5.5.27-0.10.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"tomcat5-webapps-5.5.27-0.10.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2020-09-14T19:09:28", "description": "According to its self-reported version number, the instance of Apache\nTomcat 6.0 listening on the remote host is prior to 6.0.28. It is,\ntherefore, affected by multiple vulnerabilities:\n\n - If a web app is configured to use BASIC or DIGEST\n authentication and the 'realm-name' attribute is not\n configured in that web app's 'web.xml' file, the remote\n server's hostname or IP will be included in replies.\n (CVE-2010-1157)\n\n - An error exists in the handling of invalid values in\n the 'Transfer-Encoding' header of a request. An attacker\n can exploit this to cause a denial of service or to\n disclose sensitive information. (CVE-2010-2227)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.", "edition": 18, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"}, "published": "2010-08-05T00:00:00", "title": "Apache Tomcat 6.0 < 6.0.28 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1157", "CVE-2010-2227"], "modified": "2010-08-05T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_6_0_28.NASL", "href": "https://www.tenable.com/plugins/nessus/48255", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(48255);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/11\");\n\n script_cve_id(\"CVE-2010-2227\", \"CVE-2010-1157\");\n script_bugtraq_id(41544);\n script_xref(name:\"Secunia\", value:\"39574\");\n\n script_name(english:\"Apache Tomcat 6.0 < 6.0.28 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the Apache Tomcat version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apache Tomcat server is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the instance of Apache\nTomcat 6.0 listening on the remote host is prior to 6.0.28. It is,\ntherefore, affected by multiple vulnerabilities:\n\n - If a web app is configured to use BASIC or DIGEST\n authentication and the 'realm-name' attribute is not\n configured in that web app's 'web.xml' file, the remote\n server's hostname or IP will be included in replies.\n (CVE-2010-1157)\n\n - An error exists in the handling of invalid values in\n the 'Transfer-Encoding' header of a request. An attacker\n can exploit this to cause a denial of service or to\n disclose sensitive information. (CVE-2010-2227)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://seclists.org/bugtraq/2010/Apr/200\");\n script_set_attribute(attribute:\"see_also\", value:\"http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.28\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Apache Tomcat version 6.0.28 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2010-2227\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/04/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n\n exit(0);\n}\n\ninclude(\"tomcat_version.inc\");\n\ntomcat_check_version(fixed:\"6.0.28\", min:\"6.0.0\", severity:SECURITY_WARNING, granularity_regex:\"^6(\\.0)?$\");\n\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-01-17T14:02:31", "description": "This update of tomcat fixes a denial of service vulnerability and two\ninformation disclosure flaws which could potentially be exploited by\nremote attackers to crash tomcat or to obtain sensitive information.\n(CVE-2010-2227, CVE-2010-1157)", "edition": 23, "published": "2010-09-16T00:00:00", "title": "SuSE9 Security Update : Tomcat (YOU Patch Number 12625)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1157", "CVE-2010-2227"], "modified": "2010-09-16T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE9_12625.NASL", "href": "https://www.tenable.com/plugins/nessus/49255", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(49255);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1157\", \"CVE-2010-2227\");\n\n script_name(english:\"SuSE9 Security Update : Tomcat (YOU Patch Number 12625)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of tomcat fixes a denial of service vulnerability and two\ninformation disclosure flaws which could potentially be exploited by\nremote attackers to crash tomcat or to obtain sensitive information.\n(CVE-2010-2227, CVE-2010-1157)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1157.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2227.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12625.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/09/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"apache-jakarta-tomcat-connectors-5.0.19-29.27\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"apache2-jakarta-tomcat-connectors-5.0.19-29.27\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"jakarta-tomcat-5.0.19-29.27\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"jakarta-tomcat-doc-5.0.19-29.27\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"jakarta-tomcat-examples-5.0.19-29.27\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-01-17T13:08:06", "description": "An updated jbossweb package that fixes two security issues is now\navailable for JBoss Enterprise Application Platform 4.2 and 4.3 for\nRed Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nJBoss Web is the web container, based on Apache Tomcat, in JBoss\nEnterprise Application Platform. It provides a single deployment\nplatform for the JavaServer Pages (JSP) and Java Servlet technologies,\nMicrosoft .NET, PHP, and CGI.\n\nA flaw was found in the way JBoss Web handled the Transfer-Encoding\nheader in HTTP requests. A specially crafted HTTP request could\nprevent JBoss Web from sending replies, or cause JBoss Web to return\ntruncated replies, or replies containing data related to the requests\nof other users, for all subsequent HTTP requests. (CVE-2010-2227)\n\nA possible minor information leak was found in the way JBoss Web\ngenerated HTTP BASIC and DIGEST authentication requests. For\nconfigurations where a realm name was not specified and JBoss Web was\naccessed via a proxy, the default generated realm contained the\nhostname and port used by the proxy to send requests to the JBoss Web\nserver. (CVE-2010-1157)\n\nUsers of JBoss Web should upgrade to this updated package, which\nupgrades JBoss Web to version 2.0.0.CP14, and resolves these issues.\nThe JBoss server process must be restarted for this update to take\neffect.", "edition": 27, "published": "2013-01-24T00:00:00", "title": "RHEL 4 / 5 : jbossweb (RHSA-2010:0584)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1157", "CVE-2010-2227"], "modified": "2013-01-24T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:jbossweb"], "id": "REDHAT-RHSA-2010-0584.NASL", "href": "https://www.tenable.com/plugins/nessus/63942", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0584. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63942);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1157\", \"CVE-2010-2227\");\n script_bugtraq_id(39635, 41544);\n script_xref(name:\"RHSA\", value:\"2010:0584\");\n\n script_name(english:\"RHEL 4 / 5 : jbossweb (RHSA-2010:0584)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated jbossweb package that fixes two security issues is now\navailable for JBoss Enterprise Application Platform 4.2 and 4.3 for\nRed Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nJBoss Web is the web container, based on Apache Tomcat, in JBoss\nEnterprise Application Platform. It provides a single deployment\nplatform for the JavaServer Pages (JSP) and Java Servlet technologies,\nMicrosoft .NET, PHP, and CGI.\n\nA flaw was found in the way JBoss Web handled the Transfer-Encoding\nheader in HTTP requests. A specially crafted HTTP request could\nprevent JBoss Web from sending replies, or cause JBoss Web to return\ntruncated replies, or replies containing data related to the requests\nof other users, for all subsequent HTTP requests. (CVE-2010-2227)\n\nA possible minor information leak was found in the way JBoss Web\ngenerated HTTP BASIC and DIGEST authentication requests. For\nconfigurations where a realm name was not specified and JBoss Web was\naccessed via a proxy, the default generated realm contained the\nhostname and port used by the proxy to send requests to the JBoss Web\nserver. (CVE-2010-1157)\n\nUsers of JBoss Web should upgrade to this updated package, which\nupgrades JBoss Web to version 2.0.0.CP14, and resolves these issues.\nThe JBoss server process must be restarted for this update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-1157\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2227\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://tomcat.apache.org/security-6.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0584\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected jbossweb package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/04/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0584\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"jbossweb-2.0.0-6.CP14.0jpp.ep1.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"jbossweb-2.0.0-6.CP14.0jpp.ep1.1.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"jbossweb\");\n }\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-01-17T14:05:10", "description": "This update of tomcat fixes denial of service and information\ndisclosure vulnerabilities which could potentially be exploited by\nremote attackers to crash tomcat or to obtain sensitive information\n(CVE-2010-2227, CVE-2010-1157).", "edition": 24, "published": "2010-09-16T00:00:00", "title": "openSUSE Security Update : tomcat6 (openSUSE-SU-2010:0616-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1157", "CVE-2010-2227"], "modified": "2010-09-16T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:tomcat6-jsp-2_1-api", "p-cpe:/a:novell:opensuse:tomcat6-javadoc", "cpe:/o:novell:opensuse:11.1", "p-cpe:/a:novell:opensuse:tomcat6", "p-cpe:/a:novell:opensuse:tomcat6-webapps", "p-cpe:/a:novell:opensuse:tomcat6-lib", "p-cpe:/a:novell:opensuse:tomcat6-admin-webapps", "p-cpe:/a:novell:opensuse:tomcat6-servlet-2_5-api", "p-cpe:/a:novell:opensuse:tomcat6-docs-webapp"], "id": "SUSE_11_1_TOMCAT6-100719.NASL", "href": "https://www.tenable.com/plugins/nessus/49258", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update tomcat6-2739.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(49258);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1157\", \"CVE-2010-2227\");\n\n script_name(english:\"openSUSE Security Update : tomcat6 (openSUSE-SU-2010:0616-1)\");\n script_summary(english:\"Check for the tomcat6-2739 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of tomcat fixes denial of service and information\ndisclosure vulnerabilities which could potentially be exploited by\nremote attackers to crash tomcat or to obtain sensitive information\n(CVE-2010-2227, CVE-2010-1157).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=622188\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-09/msg00022.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat6 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-jsp-2_1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-servlet-2_5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/09/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"tomcat6-6.0.18-16.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"tomcat6-admin-webapps-6.0.18-16.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"tomcat6-docs-webapp-6.0.18-16.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"tomcat6-javadoc-6.0.18-16.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"tomcat6-jsp-2_1-api-6.0.18-16.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"tomcat6-lib-6.0.18-16.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"tomcat6-servlet-2_5-api-6.0.18-16.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"tomcat6-webapps-6.0.18-16.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-01-17T14:08:20", "description": "This update of tomcat fixes denial of service and information\ndisclosure vulnerabilities which could potentially be exploited by\nremote attackers to crash tomcat or to obtain sensitive information\n(CVE-2010-2227, CVE-2010-1157).", "edition": 24, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : tomcat6 (openSUSE-SU-2010:0616-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1157", "CVE-2010-2227"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:tomcat6-jsp-2_1-api", "p-cpe:/a:novell:opensuse:tomcat6-javadoc", "p-cpe:/a:novell:opensuse:tomcat6", "p-cpe:/a:novell:opensuse:tomcat6-webapps", "p-cpe:/a:novell:opensuse:tomcat6-lib", "cpe:/o:novell:opensuse:11.3", "p-cpe:/a:novell:opensuse:tomcat6-el-1_0-api", "p-cpe:/a:novell:opensuse:tomcat6-admin-webapps", "p-cpe:/a:novell:opensuse:tomcat6-servlet-2_5-api", "p-cpe:/a:novell:opensuse:tomcat6-docs-webapp"], "id": "SUSE_11_3_TOMCAT6-100719.NASL", "href": "https://www.tenable.com/plugins/nessus/75759", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update tomcat6-2739.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75759);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1157\", \"CVE-2010-2227\");\n\n script_name(english:\"openSUSE Security Update : tomcat6 (openSUSE-SU-2010:0616-1)\");\n script_summary(english:\"Check for the tomcat6-2739 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of tomcat fixes denial of service and information\ndisclosure vulnerabilities which could potentially be exploited by\nremote attackers to crash tomcat or to obtain sensitive information\n(CVE-2010-2227, CVE-2010-1157).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=622188\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-09/msg00022.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat6 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-el-1_0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-jsp-2_1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-servlet-2_5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"tomcat6-6.0.24-5.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"tomcat6-admin-webapps-6.0.24-5.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"tomcat6-docs-webapp-6.0.24-5.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"tomcat6-el-1_0-api-6.0.24-5.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"tomcat6-javadoc-6.0.24-5.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"tomcat6-jsp-2_1-api-6.0.24-5.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"tomcat6-lib-6.0.24-5.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"tomcat6-servlet-2_5-api-6.0.24-5.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"tomcat6-webapps-6.0.24-5.1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2020-09-14T19:09:36", "description": "According to its self-reported version number, the Apache Tomcat\nserver listening on the remote host is 5.5.x prior to 5.5.30. It is,\ntherefore, affected by multiple vulnerabilities :\n\n - An error in the access restriction on a 'ServletContext'\n attribute which holds the location of the work\n directory in Tomcat's SecurityManager. A remote attacker\n may be able to modify the location of the working\n directory which then allows improper read and write\n access to arbitrary files and directories in the context\n of Tomcat.(CVE-2010-3718)\n\n - An error exists in the handling of the\n 'Transfer-Encoding' header of a client request. This\n error affects buffer recycling and may lead to the\n disclosure of sensitive information or allow a denial\n of service attack to be successful. (CVE-2010-2227)\n\n - An error exists in the handling of the '<realm-name>'\n element in a web application's web.xml file. If the\n element is missing from the web.xml file and the\n application is using BASIC or DIGEST authentication,\n Tomcat will include the server's hostname or IP address\n in the 'WWW-Authenticate' header of the response.\n (CVE-2010-1157)\n\nNote that Nessus did not actually test for the flaws but instead has\nrelied on the version in Tomcat's banner or error page so this may be\na false positive.", "edition": 23, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"}, "published": "2010-07-16T00:00:00", "title": "Apache Tomcat 5.5.x < 5.5.30", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1157", "CVE-2010-2227", "CVE-2010-3718"], "modified": "2010-07-16T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_TRANSFER_ENCODING.NASL", "href": "https://www.tenable.com/plugins/nessus/47749", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(47749);\n script_version(\"1.35\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/22\");\n\n script_cve_id(\"CVE-2010-3718\", \"CVE-2010-2227\", \"CVE-2010-1157\");\n script_bugtraq_id(39635, 41544, 46177);\n script_xref(name:\"Secunia\", value:\"39574\");\n script_xref(name:\"Secunia\", value:\"43198\");\n\n script_name(english:\"Apache Tomcat 5.5.x < 5.5.30\");\n script_summary(english:\"Checks Apache Tomcat Version\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apache Tomcat server is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the Apache Tomcat\nserver listening on the remote host is 5.5.x prior to 5.5.30. It is,\ntherefore, affected by multiple vulnerabilities :\n\n - An error in the access restriction on a 'ServletContext'\n attribute which holds the location of the work\n directory in Tomcat's SecurityManager. A remote attacker\n may be able to modify the location of the working\n directory which then allows improper read and write\n access to arbitrary files and directories in the context\n of Tomcat.(CVE-2010-3718)\n\n - An error exists in the handling of the\n 'Transfer-Encoding' header of a client request. This\n error affects buffer recycling and may lead to the\n disclosure of sensitive information or allow a denial\n of service attack to be successful. (CVE-2010-2227)\n\n - An error exists in the handling of the '<realm-name>'\n element in a web application's web.xml file. If the\n element is missing from the web.xml file and the\n application is using BASIC or DIGEST authentication,\n Tomcat will include the server's hostname or IP address\n in the 'WWW-Authenticate' header of the response.\n (CVE-2010-1157)\n\nNote that Nessus did not actually test for the flaws but instead has\nrelied on the version in Tomcat's banner or error page so this may be\na false positive.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://tomcat.apache.org/security-5.html#Fixed_in_Apache_Tomcat_5.5.30\");\n script_set_attribute(attribute:\"see_also\", value:\"http://seclists.org/bugtraq/2010/Apr/200\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?809a4670\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/fulldisclosure/2011/Feb/74\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Tomcat version 5.5.30 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2010-2227\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/07/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_end_attributes();\n\n script_category(ACT_ATTACK);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2020 Tenable Network Security, Inc.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n exit(0);\n}\n\ninclude(\"tomcat_version.inc\");\n\ntomcat_check_version(fixed:\"5.5.30\", min:\"5.5.0\", severity:SECURITY_WARNING, granularity_regex:\"^5(\\.5)?$\");\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-01-07T11:52:47", "description": "Multiple vulnerabilities has been found and corrected in tomcat5 :\n\nDirectory traversal vulnerability in Apache Tomcat 5.5.0 through\n5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or\noverwrite arbitrary files via a .. (dot dot) in an entry in a WAR\nfile, as demonstrated by a ../../bin/catalina.bat entry\n(CVE-2009-2693).\n\nThe autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and\n6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase\nfiles that remain from a failed undeploy, which might allow remote\nattackers to bypass intended authentication requirements via HTTP\nrequests (CVE-2009-2901).\n\nDirectory traversal vulnerability in Apache Tomcat 5.5.0 through\n5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete\nwork-directory files via directory traversal sequences in a WAR\nfilename, as demonstrated by the ...war filename (CVE-2009-2902).\n\nApache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might\nallow remote attackers to discover the server's hostname or IP address\nby sending a request for a resource that requires (1) BASIC or (2)\nDIGEST authentication, and then reading the realm field in the\nWWW-Authenticate header in the reply (CVE-2010-1157).\n\nApache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0\nbeta does not properly handle an invalid Transfer-Encoding header,\nwhich allows remote attackers to cause a denial of service\n(application outage) or obtain sensitive information via a crafted\nheader that interferes with recycling of a buffer. (CVE-2010-2227)\n\nPackages for 2009.0 are provided as of the Extended Maintenance\nProgram. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149&products_id=4\n90\n\nThe updated packages have been patched to correct these issues.", "edition": 26, "published": "2010-09-13T00:00:00", "title": "Mandriva Linux Security Advisory : tomcat5 (MDVSA-2010:177)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2693", "CVE-2010-1157", "CVE-2009-2901", "CVE-2010-2227", "CVE-2009-2902"], "modified": "2010-09-13T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:tomcat5-common-lib", "p-cpe:/a:mandriva:linux:tomcat5-jsp-2.0-api", "p-cpe:/a:mandriva:linux:tomcat5-admin-webapps", "p-cpe:/a:mandriva:linux:tomcat5-servlet-2.4-api-javadoc", "cpe:/o:mandriva:linux:2009.0", "p-cpe:/a:mandriva:linux:tomcat5-server-lib", "p-cpe:/a:mandriva:linux:tomcat5-jsp-2.0-api-javadoc", "p-cpe:/a:mandriva:linux:tomcat5-servlet-2.4-api", "p-cpe:/a:mandriva:linux:tomcat5-jasper-eclipse", "cpe:/o:mandriva:linux:2009.1", "cpe:/o:mandriva:linux:2010.1", "p-cpe:/a:mandriva:linux:tomcat5", "cpe:/o:mandriva:linux:2010.0", "p-cpe:/a:mandriva:linux:tomcat5-webapps", "p-cpe:/a:mandriva:linux:tomcat5-jasper-javadoc", "p-cpe:/a:mandriva:linux:tomcat5-jasper"], "id": "MANDRIVA_MDVSA-2010-177.NASL", "href": "https://www.tenable.com/plugins/nessus/49207", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2010:177. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(49207);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-2693\", \"CVE-2009-2901\", \"CVE-2009-2902\", \"CVE-2010-1157\", \"CVE-2010-2227\");\n script_bugtraq_id(37942, 37945, 39635, 41544);\n script_xref(name:\"MDVSA\", value:\"2010:177\");\n\n script_name(english:\"Mandriva Linux Security Advisory : tomcat5 (MDVSA-2010:177)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been found and corrected in tomcat5 :\n\nDirectory traversal vulnerability in Apache Tomcat 5.5.0 through\n5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or\noverwrite arbitrary files via a .. (dot dot) in an entry in a WAR\nfile, as demonstrated by a ../../bin/catalina.bat entry\n(CVE-2009-2693).\n\nThe autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and\n6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase\nfiles that remain from a failed undeploy, which might allow remote\nattackers to bypass intended authentication requirements via HTTP\nrequests (CVE-2009-2901).\n\nDirectory traversal vulnerability in Apache Tomcat 5.5.0 through\n5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete\nwork-directory files via directory traversal sequences in a WAR\nfilename, as demonstrated by the ...war filename (CVE-2009-2902).\n\nApache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might\nallow remote attackers to discover the server's hostname or IP address\nby sending a request for a resource that requires (1) BASIC or (2)\nDIGEST authentication, and then reading the realm field in the\nWWW-Authenticate header in the reply (CVE-2010-1157).\n\nApache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0\nbeta does not properly handle an invalid Transfer-Encoding header,\nwhich allows remote attackers to cause a denial of service\n(application outage) or obtain sensitive information via a crafted\nheader that interferes with recycling of a buffer. (CVE-2010-2227)\n\nPackages for 2009.0 are provided as of the Extended Maintenance\nProgram. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149&products_id=4\n90\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(22, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-common-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-jasper-eclipse\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-jasper-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-jsp-2.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-jsp-2.0-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-server-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-servlet-2.4-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-servlet-2.4-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat5-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/09/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tomcat5-5.5.27-0.3.0.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tomcat5-admin-webapps-5.5.27-0.3.0.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tomcat5-common-lib-5.5.27-0.3.0.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tomcat5-jasper-5.5.27-0.3.0.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tomcat5-jasper-eclipse-5.5.27-0.3.0.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tomcat5-jasper-javadoc-5.5.27-0.3.0.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tomcat5-jsp-2.0-api-5.5.27-0.3.0.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.27-0.3.0.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tomcat5-server-lib-5.5.27-0.3.0.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tomcat5-servlet-2.4-api-5.5.27-0.3.0.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.27-0.3.0.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tomcat5-webapps-5.5.27-0.3.0.3mdv2009.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.1\", reference:\"tomcat5-5.5.27-0.3.0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"tomcat5-admin-webapps-5.5.27-0.3.0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"tomcat5-common-lib-5.5.27-0.3.0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"tomcat5-jasper-5.5.27-0.3.0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"tomcat5-jasper-eclipse-5.5.27-0.3.0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"tomcat5-jasper-javadoc-5.5.27-0.3.0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"tomcat5-jsp-2.0-api-5.5.27-0.3.0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.27-0.3.0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"tomcat5-server-lib-5.5.27-0.3.0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"tomcat5-servlet-2.4-api-5.5.27-0.3.0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.27-0.3.0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"tomcat5-webapps-5.5.27-0.3.0.2mdv2009.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.0\", reference:\"tomcat5-5.5.27-0.5.0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tomcat5-admin-webapps-5.5.27-0.5.0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tomcat5-common-lib-5.5.27-0.5.0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tomcat5-jasper-5.5.27-0.5.0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tomcat5-jasper-eclipse-5.5.27-0.5.0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tomcat5-jasper-javadoc-5.5.27-0.5.0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tomcat5-jsp-2.0-api-5.5.27-0.5.0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.27-0.5.0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tomcat5-server-lib-5.5.27-0.5.0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tomcat5-servlet-2.4-api-5.5.27-0.5.0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.27-0.5.0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"tomcat5-webapps-5.5.27-0.5.0.1mdv2010.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-5.5.28-0.5.0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-admin-webapps-5.5.28-0.5.0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-common-lib-5.5.28-0.5.0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-jasper-5.5.28-0.5.0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-jasper-eclipse-5.5.28-0.5.0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-jasper-javadoc-5.5.28-0.5.0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-jsp-2.0-api-5.5.28-0.5.0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.28-0.5.0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-server-lib-5.5.28-0.5.0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-servlet-2.4-api-5.5.28-0.5.0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.28-0.5.0.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"tomcat5-webapps-5.5.28-0.5.0.1mdv2010.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:07", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1157"], "description": "\nThe Apache software foundation reports:\n\nThe \"WWW-Authenticate\" header for BASIC and DIGEST\n\t authentication includes a realm name. If a <realm-name>\n\t element is specified for the application in web.xml it\n\t will be used. However, a <realm-name> is not\n\t specified then Tomcat will generate one.\nIn some circumstances this can expose the local\n\t hostname or IP address of the machine running Tomcat.\n\n", "edition": 4, "modified": "2010-04-22T00:00:00", "published": "2010-04-22T00:00:00", "id": "3383E706-4FC3-11DF-83FB-0015587E2CC1", "href": "https://vuxml.freebsd.org/freebsd/3383e706-4fc3-11df-83fb-0015587e2cc1.html", "title": "tomcat -- information disclosure vulnerability", "type": "freebsd", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N"}}], "openvas": [{"lastseen": "2019-05-29T18:40:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1157"], "description": "This host is running Apache Tomcat server and is prone to security\n bypass vulnerability.", "modified": "2019-05-10T00:00:00", "published": "2010-04-29T00:00:00", "id": "OPENVAS:1361412562310901114", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310901114", "type": "openvas", "title": "Apache Tomcat Security bypass vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apache Tomcat Security bypass vulnerability\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2010 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:tomcat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.901114\");\n script_version(\"2019-05-10T11:41:35+0000\");\n script_tag(name:\"last_modification\", value:\"2019-05-10 11:41:35 +0000 (Fri, 10 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2010-04-29 10:04:32 +0200 (Thu, 29 Apr 2010)\");\n script_tag(name:\"cvss_base\", value:\"2.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:N/A:N\");\n script_cve_id(\"CVE-2010-1157\");\n script_bugtraq_id(39635);\n script_name(\"Apache Tomcat Security bypass vulnerability\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 SecPod\");\n script_family(\"Web Servers\");\n script_dependencies(\"gb_apache_tomcat_consolidation.nasl\");\n script_mandatory_keys(\"apache/tomcat/detected\");\n\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-5.html\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-6.html\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/archive/1/510879\");\n\n script_tag(name:\"impact\", value:\"Remote attackers can exploit this issue to obtain the host name or IP address\n of the Tomcat server. Information harvested may aid in further attacks.\");\n\n script_tag(name:\"affected\", value:\"Apache Tomcat version 5.5.0 to 5.5.29\n Apache Tomcat version 6.0.0 to 6.0.26.\");\n\n script_tag(name:\"insight\", value:\"The flaw is caused by 'realm name' in the 'WWW-Authenticate' HTTP header for\n 'BASIC' and 'DIGEST' authentication that might allow remote attackers to\n discover the server's hostname or IP address by sending a request for a resource.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the latest version of Apache Tomcat 5.5.30 or 6.0.27 or later.\");\n script_tag(name:\"summary\", value:\"This host is running Apache Tomcat server and is prone to security\n bypass vulnerability.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( isnull( port = get_app_port( cpe:CPE ) ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_location( cpe:CPE, port:port, exit_no_version:TRUE ) )\n exit( 0 );\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif( version_in_range( version:vers, test_version:\"5.5.0\", test_version2:\"5.5.29\" ) ||\n version_in_range( version:vers, test_version:\"6.0.0\", test_version2:\"6.0.26\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"5.5.30/6.0.27\", install_path:path );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2017-07-02T21:10:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1157"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2017-02-10T00:00:00", "published": "2010-05-04T00:00:00", "id": "OPENVAS:67355", "href": "http://plugins.openvas.org/nasl.php?oid=67355", "type": "openvas", "title": "FreeBSD Ports: tomcat", "sourceData": "#\n#VID 3383e706-4fc3-11df-83fb-0015587e2cc1\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 3383e706-4fc3-11df-83fb-0015587e2cc1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: tomcat\n\nCVE-2010-1157\nApache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might\nallow remote attackers to discover the server's hostname or IP address\nby sending a request for a resource that requires (1) BASIC or (2)\nDIGEST authentication, and then reading the realm field in the\nWWW-Authenticate header in the reply.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://seclists.org/bugtraq/2010/Apr/200\nhttp://www.vuxml.org/freebsd/3383e706-4fc3-11df-83fb-0015587e2cc1.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(67355);\n script_version(\"$Revision: 5263 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-10 14:45:51 +0100 (Fri, 10 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-04 05:52:15 +0200 (Tue, 04 May 2010)\");\n script_cve_id(\"CVE-2010-1157\");\n script_tag(name:\"cvss_base\", value:\"2.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:N/A:N\");\n script_name(\"FreeBSD Ports: tomcat\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"tomcat\");\nif(!isnull(bver) && revcomp(a:bver, b:\"5.5.0\")>0 && revcomp(a:bver, b:\"5.5.28\")<=0) {\n txt += 'Package tomcat version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"6.0.0\")>0 && revcomp(a:bver, b:\"6.0.24\")<=0) {\n txt += 'Package tomcat version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-01-17T11:05:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1157"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2018-01-16T00:00:00", "published": "2010-05-04T00:00:00", "id": "OPENVAS:136141256231067355", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231067355", "type": "openvas", "title": "FreeBSD Ports: tomcat", "sourceData": "#\n#VID 3383e706-4fc3-11df-83fb-0015587e2cc1\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 3383e706-4fc3-11df-83fb-0015587e2cc1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: tomcat\n\nCVE-2010-1157\nApache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might\nallow remote attackers to discover the server's hostname or IP address\nby sending a request for a resource that requires (1) BASIC or (2)\nDIGEST authentication, and then reading the realm field in the\nWWW-Authenticate header in the reply.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://seclists.org/bugtraq/2010/Apr/200\nhttp://www.vuxml.org/freebsd/3383e706-4fc3-11df-83fb-0015587e2cc1.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.67355\");\n script_version(\"$Revision: 8438 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-16 18:38:23 +0100 (Tue, 16 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-04 05:52:15 +0200 (Tue, 04 May 2010)\");\n script_cve_id(\"CVE-2010-1157\");\n script_tag(name:\"cvss_base\", value:\"2.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:N/A:N\");\n script_name(\"FreeBSD Ports: tomcat\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"tomcat\");\nif(!isnull(bver) && revcomp(a:bver, b:\"5.5.0\")>0 && revcomp(a:bver, b:\"5.5.28\")<=0) {\n txt += 'Package tomcat version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"6.0.0\")>0 && revcomp(a:bver, b:\"6.0.24\")<=0) {\n txt += 'Package tomcat version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-01-22T13:05:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2693", "CVE-2010-1157", "CVE-2009-2901", "CVE-2010-2227", "CVE-2009-2902"], "description": "Check for the Version of tomcat5", "modified": "2018-01-22T00:00:00", "published": "2010-09-14T00:00:00", "id": "OPENVAS:1361412562310831151", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831151", "type": "openvas", "title": "Mandriva Update for tomcat5 MDVSA-2010:177 (tomcat5)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for tomcat5 MDVSA-2010:177 (tomcat5)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been found and corrected in tomcat5:\n\n Directory traversal vulnerability in Apache Tomcat 5.5.0 through\n 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or\n overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file,\n as demonstrated by a ../../bin/catalina.bat entry (CVE-2009-2693).\n \n The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and\n 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase\n files that remain from a failed undeploy, which might allow remote\n attackers to bypass intended authentication requirements via HTTP\n requests (CVE-2009-2901).\n \n Directory traversal vulnerability in Apache Tomcat 5.5.0 through\n 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete\n work-directory files via directory traversal sequences in a WAR\n filename, as demonstrated by the ...war filename (CVE-2009-2902).\n \n Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might\n allow remote attackers to discover the server's hostname or IP\n address by sending a request for a resource that requires (1) BASIC or\n (2) DIGEST authentication, and then reading the realm field in the\n WWW-Authenticate header in the reply (CVE-2010-1157).\n \n Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0\n beta does not properly handle an invalid Transfer-Encoding header,\n which allows remote attackers to cause a denial of service (application\n outage) or obtain sensitive information via a crafted header that\n interferes with recycling of a buffer. (CVE-2010-2227)\n \n Packages for 2009.0 are provided as of the Extended Maintenance\n Program. Please visit this link to learn more:\n http://store.mandriva.com/product_info.php?cPath=149&products_id=490\n \n The updated packages have been patched to correct these issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"tomcat5 on Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Linux 2009.1,\n Mandriva Linux 2009.1/X86_64,\n Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-09/msg00011.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831151\");\n script_version(\"$Revision: 8485 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-22 08:57:57 +0100 (Mon, 22 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-09-14 15:35:55 +0200 (Tue, 14 Sep 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_xref(name: \"MDVSA\", value: \"2010:177\");\n script_cve_id(\"CVE-2009-2693\", \"CVE-2009-2901\", \"CVE-2009-2902\", \"CVE-2010-1157\", \"CVE-2010-2227\");\n script_name(\"Mandriva Update for tomcat5 MDVSA-2010:177 (tomcat5)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tomcat5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-eclipse\", rpm:\"tomcat5-jasper-eclipse~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-eclipse\", rpm:\"tomcat5-jasper-eclipse~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-eclipse\", rpm:\"tomcat5-jasper-eclipse~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-eclipse\", rpm:\"tomcat5-jasper-eclipse~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:54:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2693", "CVE-2010-1157", "CVE-2009-2901", "CVE-2010-2227", "CVE-2009-2902"], "description": "Check for the Version of tomcat5", "modified": "2017-12-22T00:00:00", "published": "2010-09-14T00:00:00", "id": "OPENVAS:831151", "href": "http://plugins.openvas.org/nasl.php?oid=831151", "type": "openvas", "title": "Mandriva Update for tomcat5 MDVSA-2010:177 (tomcat5)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for tomcat5 MDVSA-2010:177 (tomcat5)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been found and corrected in tomcat5:\n\n Directory traversal vulnerability in Apache Tomcat 5.5.0 through\n 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or\n overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file,\n as demonstrated by a ../../bin/catalina.bat entry (CVE-2009-2693).\n \n The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and\n 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase\n files that remain from a failed undeploy, which might allow remote\n attackers to bypass intended authentication requirements via HTTP\n requests (CVE-2009-2901).\n \n Directory traversal vulnerability in Apache Tomcat 5.5.0 through\n 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete\n work-directory files via directory traversal sequences in a WAR\n filename, as demonstrated by the ...war filename (CVE-2009-2902).\n \n Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might\n allow remote attackers to discover the server's hostname or IP\n address by sending a request for a resource that requires (1) BASIC or\n (2) DIGEST authentication, and then reading the realm field in the\n WWW-Authenticate header in the reply (CVE-2010-1157).\n \n Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0\n beta does not properly handle an invalid Transfer-Encoding header,\n which allows remote attackers to cause a denial of service (application\n outage) or obtain sensitive information via a crafted header that\n interferes with recycling of a buffer. (CVE-2010-2227)\n \n Packages for 2009.0 are provided as of the Extended Maintenance\n Program. Please visit this link to learn more:\n http://store.mandriva.com/product_info.php?cPath=149&products_id=490\n \n The updated packages have been patched to correct these issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"tomcat5 on Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Linux 2009.1,\n Mandriva Linux 2009.1/X86_64,\n Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-09/msg00011.php\");\n script_id(831151);\n script_version(\"$Revision: 8226 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-22 07:30:26 +0100 (Fri, 22 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-09-14 15:35:55 +0200 (Tue, 14 Sep 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_xref(name: \"MDVSA\", value: \"2010:177\");\n script_cve_id(\"CVE-2009-2693\", \"CVE-2009-2901\", \"CVE-2009-2902\", \"CVE-2010-1157\", \"CVE-2010-2227\");\n script_name(\"Mandriva Update for tomcat5 MDVSA-2010:177 (tomcat5)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tomcat5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-eclipse\", rpm:\"tomcat5-jasper-eclipse~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.27~0.3.0.3mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-eclipse\", rpm:\"tomcat5-jasper-eclipse~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.27~0.5.0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-eclipse\", rpm:\"tomcat5-jasper-eclipse~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.27~0.3.0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-eclipse\", rpm:\"tomcat5-jasper-eclipse~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.27~0.3.0.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:55:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0033", "CVE-2009-0580", "CVE-2009-0781", "CVE-2008-5515", "CVE-2010-1157", "CVE-2010-2227", "CVE-2009-0783"], "description": "Check for the Version of Apache Running Tomcat Servlet Engine", "modified": "2017-07-06T00:00:00", "published": "2011-01-04T00:00:00", "id": "OPENVAS:835243", "href": "http://plugins.openvas.org/nasl.php?oid=835243", "type": "openvas", "title": "HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Remote information disclosure\";\ntag_affected = \"Apache Running Tomcat Servlet Engine on\n HP-UX B.11.23, B.11.31 running HP-UX Apache Web Server Suite v3.12 or \n earlier\";\ntag_insight = \"Potential security vulnerabilities have been identified with HP-UX Apache \n Running Tomcat Servlet Engine. These vulnerabilities could be exploited \n remotely to disclose information, allows unauthorized modification, or \n create a Denial of Service (DoS). The Tomcat-based Servlet Engine is \n contained in the HP-UX Apache Web Server Suite.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02515878\");\n script_id(835243);\n script_version(\"$Revision: 6582 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 16:11:56 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-01-04 15:48:51 +0100 (Tue, 04 Jan 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_xref(name: \"HPSBUX\", value: \"02579\");\n script_cve_id(\"CVE-2010-2227\", \"CVE-2010-1157\", \"CVE-2009-0783\", \"CVE-2009-0781\", \"CVE-2009-0580\", \"CVE-2009-0033\", \"CVE-2008-5515\");\n script_name(\"HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579\");\n\n script_summary(\"Check for the Version of Apache Running Tomcat Servlet Engine\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.31\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxws22TOMCAT.TOMCAT\", revision:\"B.5.5.30.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxws22TOMCAT.TOMCAT\", revision:\"B.5.5.30.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:40", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0033", "CVE-2009-0580", "CVE-2009-0781", "CVE-2008-5515", "CVE-2010-1157", "CVE-2010-2227", "CVE-2009-0783"], "description": "The remote host is missing an update for the Apache Running Tomcat Servlet Engine package(s) announced via the referenced advisory.", "modified": "2018-10-04T00:00:00", "published": "2011-01-04T00:00:00", "id": "OPENVAS:1361412562310835243", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310835243", "type": "openvas", "title": "HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_hp_ux_HPSBUX02579.nasl 11739 2018-10-04 07:49:31Z cfischer $\n#\n# HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02515878\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.835243\");\n script_version(\"$Revision: 11739 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-04 09:49:31 +0200 (Thu, 04 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-01-04 15:48:51 +0100 (Tue, 04 Jan 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_xref(name:\"HPSBUX\", value:\"02579\");\n script_cve_id(\"CVE-2010-2227\", \"CVE-2010-1157\", \"CVE-2009-0783\", \"CVE-2009-0781\", \"CVE-2009-0580\", \"CVE-2009-0033\", \"CVE-2008-5515\");\n script_name(\"HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Apache Running Tomcat Servlet Engine package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/hp_pkgrev\", re:\"ssh/login/release=HPUX(11\\.31|11\\.23)\");\n\n script_tag(name:\"impact\", value:\"Remote information disclosure\");\n\n script_tag(name:\"affected\", value:\"Apache Running Tomcat Servlet Engine on HP-UX B.11.23, B.11.31 running HP-UX Apache Web Server Suite v3.12 or\n earlier\");\n\n script_tag(name:\"insight\", value:\"Potential security vulnerabilities have been identified with HP-UX Apache\n Running Tomcat Servlet Engine. These vulnerabilities could be exploited\n remotely to disclose information, allows unauthorized modification, or\n create a Denial of Service (DoS). The Tomcat-based Servlet Engine is\n contained in the HP-UX Apache Web Server Suite.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = hpux_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"HPUX11.31\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxws22TOMCAT.TOMCAT\", revision:\"B.5.5.30.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxws22TOMCAT.TOMCAT\", revision:\"B.5.5.30.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2017-07-24T12:55:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0033", "CVE-2009-2693", "CVE-2009-0580", "CVE-2009-0781", "CVE-2008-5515", "CVE-2010-1157", "CVE-2010-2227", "CVE-2009-0783", "CVE-2009-2902"], "description": "The remote host is missing an update to tomcat5.5\nannounced via advisory DSA 2207-1.", "modified": "2017-07-07T00:00:00", "published": "2011-05-12T00:00:00", "id": "OPENVAS:69417", "href": "http://plugins.openvas.org/nasl.php?oid=69417", "type": "openvas", "title": "Debian Security Advisory DSA 2207-1 (tomcat5.5)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2207_1.nasl 6613 2017-07-07 12:08:40Z cfischer $\n# Description: Auto-generated from advisory DSA 2207-1 (tomcat5.5)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Various vulnerabilities have been discovered in the Tomcat Servlet and\nJSP engine, resulting in denial of service, cross-site scripting,\ninformation disclosure and WAR file traversal. Further details on the\nindividual security issues can be found at\nhttp://tomcat.apache.org/security-5.html.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 5.5.26-5lenny2.\n\nThe stable distribution (squeeze) no longer contains tomcat5.5. tomcat6\nis already fixed.\n\nThe unstable distribution (sid) no longer contains tomcat5.5. tomcat6\nis already fixed.\n\nWe recommend that you upgrade your tomcat5.5 packages.\";\ntag_summary = \"The remote host is missing an update to tomcat5.5\nannounced via advisory DSA 2207-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202207-1\";\n\n\nif(description)\n{\n script_id(69417);\n script_version(\"$Revision: 6613 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:40 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-12 19:21:50 +0200 (Thu, 12 May 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_cve_id(\"CVE-2008-5515\", \"CVE-2009-0033\", \"CVE-2009-0580\", \"CVE-2009-0781\", \"CVE-2009-0783\", \"CVE-2009-2693\", \"CVE-2009-2902\", \"CVE-2010-1157\", \"CVE-2010-2227\");\n script_name(\"Debian Security Advisory DSA 2207-1 (tomcat5.5)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libtomcat5.5-java\", ver:\"5.5.26-5lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat5.5\", ver:\"5.5.26-5lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat5.5-admin\", ver:\"5.5.26-5lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat5.5-webapps\", ver:\"5.5.26-5lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:39", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0033", "CVE-2009-2693", "CVE-2009-0580", "CVE-2009-0781", "CVE-2008-5515", "CVE-2010-1157", "CVE-2010-2227", "CVE-2009-0783", "CVE-2009-2902"], "description": "The remote host is missing an update to tomcat5.5\nannounced via advisory DSA 2207-1.", "modified": "2019-03-18T00:00:00", "published": "2011-05-12T00:00:00", "id": "OPENVAS:136141256231069417", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231069417", "type": "openvas", "title": "Debian Security Advisory DSA 2207-1 (tomcat5.5)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2207_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2207-1 (tomcat5.5)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.69417\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-12 19:21:50 +0200 (Thu, 12 May 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_cve_id(\"CVE-2008-5515\", \"CVE-2009-0033\", \"CVE-2009-0580\", \"CVE-2009-0781\", \"CVE-2009-0783\", \"CVE-2009-2693\", \"CVE-2009-2902\", \"CVE-2010-1157\", \"CVE-2010-2227\");\n script_name(\"Debian Security Advisory DSA 2207-1 (tomcat5.5)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB5\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202207-1\");\n script_tag(name:\"insight\", value:\"Various vulnerabilities have been discovered in the Tomcat Servlet and\nJSP engine, resulting in denial of service, cross-site scripting,\ninformation disclosure and WAR file traversal.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 5.5.26-5lenny2.\n\nThe stable distribution (squeeze) no longer contains tomcat5.5. tomcat6\nis already fixed.\n\nThe unstable distribution (sid) no longer contains tomcat5.5. tomcat6\nis already fixed.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your tomcat5.5 packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to tomcat5.5\nannounced via advisory DSA 2207-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libtomcat5.5-java\", ver:\"5.5.26-5lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat5.5\", ver:\"5.5.26-5lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat5.5-admin\", ver:\"5.5.26-5lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat5.5-webapps\", ver:\"5.5.26-5lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2017-12-14T11:48:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0033", "CVE-2007-5333", "CVE-2009-2693", "CVE-2009-0580", "CVE-2008-5515", "CVE-2010-1157", "CVE-2009-2901", "CVE-2010-2227", "CVE-2009-0783", "CVE-2007-3385", "CVE-2009-2902"], "description": "Check for the Version of tomcat5", "modified": "2017-12-13T00:00:00", "published": "2010-09-14T00:00:00", "id": "OPENVAS:831148", "href": "http://plugins.openvas.org/nasl.php?oid=831148", "type": "openvas", "title": "Mandriva Update for tomcat5 MDVSA-2010:176 (tomcat5)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for tomcat5 MDVSA-2010:176 (tomcat5)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been found and corrected in tomcat5:\n\n Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0\n through 4.1.36 does not properly handle (1) double quote (") characters\n or (2) \\%5C (encoded backslash) sequences in a cookie value, which\n might cause sensitive information such as session IDs to be leaked\n to remote attackers and enable session hijacking attacks. NOTE:\n this issue exists because of an incomplete fix for CVE-2007-3385\n (CVE-2007-5333).\n \n Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through\n 6.0.18, and possibly earlier versions normalizes the target pathname\n before filtering the query string when using the RequestDispatcher\n method, which allows remote attackers to bypass intended access\n restrictions and conduct directory traversal attacks via .. (dot dot)\n sequences and the WEB-INF directory in a Request (CVE-2008-5515).\n \n Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0\n through 6.0.18, when the Java AJP connector and mod_jk load balancing\n are used, allows remote attackers to cause a denial of service\n (application outage) via a crafted request with invalid headers,\n related to temporary blocking of connectors that have encountered\n errors, as demonstrated by an error involving a malformed HTTP Host\n header (CVE-2009-0033).\n \n Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and\n 6.0.0 through 6.0.18, when FORM authentication is used, allows\n remote attackers to enumerate valid usernames via requests to\n /j_security_check with malformed URL encoding of passwords, related to\n improper error checking in the (1) MemoryRealm, (2) DataSourceRealm,\n and (3) JDBCRealm authentication realms, as demonstrated by a \\%\n (percent) value for the j_password parameter (CVE-2009-0580).\n \n Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0\n through 6.0.18 permits web applications to replace an XML parser used\n for other web applications, which allows local users to read or modify\n the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web\n applications via a crafted application that is loaded earlier than\n the target application (CVE-2009-0783).\n \n Directory traversal vulnerability in Apache Tomcat 5.5.0 through\n 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or\n overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file,\n as demonstrated by a ../../bin/catalina.bat entry (CVE-2009-2693).\n \n The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 a ... \n\n Description truncated, for more information please check the Reference URL\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"tomcat5 on Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-09/msg00010.php\");\n script_id(831148);\n script_version(\"$Revision: 8092 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-13 07:31:16 +0100 (Wed, 13 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-09-14 15:35:55 +0200 (Tue, 14 Sep 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_xref(name: \"MDVSA\", value: \"2010:176\");\n script_cve_id(\"CVE-2007-3385\", \"CVE-2007-5333\", \"CVE-2008-5515\", \"CVE-2009-0033\", \"CVE-2009-0580\", \"CVE-2009-0783\", \"CVE-2009-2693\", \"CVE-2009-2901\", \"CVE-2009-2902\", \"CVE-2010-1157\", \"CVE-2010-2227\");\n script_name(\"Mandriva Update for tomcat5 MDVSA-2010:176 (tomcat5)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tomcat5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.23~9.2.10.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.23~9.2.10.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.23~9.2.10.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.23~9.2.10.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.23~9.2.10.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.23~9.2.10.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.23~9.2.10.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.23~9.2.10.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.23~9.2.10.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.23~9.2.10.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.23~9.2.10.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}], "exploitpack": [{"lastseen": "2020-04-01T19:04:03", "description": "\nApache Tomcat 5.5.0 5.5.29 6.0.0 6.0.26 - Information Disclosure", "edition": 1, "published": "2010-04-22T00:00:00", "title": "Apache Tomcat 5.5.0 5.5.29 6.0.0 6.0.26 - Information Disclosure", "type": "exploitpack", "bulletinFamily": "exploit", "cvelist": ["CVE-2010-1157"], "modified": "2010-04-22T00:00:00", "id": "EXPLOITPACK:B817C3837AAE1BBA6FEB9BABE212CE90", "href": "", "sourceData": "CVE-2010-1157: Apache Tomcat information disclosure vulnerability\n\nSeverity: Low\n\nVendor: The Apache Software Foundation\n\nVersions Affected:\n\n- - Tomcat 6.0.0 to 6.0.26\n\n- - Tomcat 5.5.0 to 5.5.29\n\nNote: The unsupported Tomcat 3.x, 4.x and 5.0.x versions may also be\naffected.\n\n\nDescription:\n\nThe \"WWW-Authenticate\" header for BASIC and DIGEST authentication includes a\nrealm name. If a <realm-name> element is specified for the application in\nweb.xml it will be used. However, a <realm-name> is not specified then\nTomcat will generate one using the code snippet:\n\nrequest.getServerName() + \":\" + request.getServerPort() In some\ncircumstances this can expose the local hostname or IP address of the\nmachine running Tomcat.\n\nExample:\n\nGET /application/j_security_check HTTP/1.0\n\n\nHTTP/1.1 401 Unauthorized\n\nServer: Apache-Coyote/1.1\n\nWWW-Authenticate: Basic realm=\"tomcat01:8080\"\n\nContent-Type: text/html;charset=utf-8\n\nContent-Length: 954\n\nDate: Thu, 31 Dec 2009 12:18:11 GMT\n\nConnection: close\n\n\nMitigation:\n\nAdministrators of web applications that use BASIC or DIGEST authentication\nare recommended to set an appropriate realm name in the web application's\nweb.xml file.\n\nAlternatively, the following patches may be used to change the default realm\nto \"Authentication required\" (without the quotes):\n\n- - Tomcat 6.0.x: http://svn.apache.org/viewvc?view=rev&rev=936540\n\n- - Tomcat 5.5.x: http://svn.apache.org/viewvc?view=rev&rev=936541\n\nThese patches will be included in the next releases of Tomcat 5.5.x and\nTomcat 6.0.x. No release date has been set for the next Tomcat 5.5.x and\nTomcat 6.0.x releases.\n\n\nCredit:\n\nThis issue was discovered by Deniz Cevik.\n\n\nReferences:\n\nhttp://tomcat.apache.org/security.html\n\nhttp://tomcat.apache.org/security-6.html\n\nhttp://tomcat.apache.org/security-5.html", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N"}}], "redhat": [{"lastseen": "2019-08-13T18:44:34", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1157", "CVE-2010-2227"], "description": "JBoss Web is the web container, based on Apache Tomcat, in JBoss Enterprise\nApplication Platform. It provides a single deployment platform for the\nJavaServer Pages (JSP) and Java Servlet technologies, Microsoft .NET, PHP,\nand CGI.\n\nA flaw was found in the way JBoss Web handled the Transfer-Encoding header\nin HTTP requests. A specially-crafted HTTP request could prevent JBoss Web\nfrom sending replies, or cause JBoss Web to return truncated replies, or\nreplies containing data related to the requests of other users, for all\nsubsequent HTTP requests. (CVE-2010-2227)\n\nA possible minor information leak was found in the way JBoss Web generated\nHTTP BASIC and DIGEST authentication requests. For configurations where a\nrealm name was not specified and JBoss Web was accessed via a proxy, the\ndefault generated realm contained the hostname and port used by the proxy\nto send requests to the JBoss Web server. (CVE-2010-1157)\n\nUsers of JBoss Web should upgrade to this updated package, which upgrades\nJBoss Web to version 2.0.0.CP14, and resolves these issues. The JBoss\nserver process must be restarted for this update to take effect.\n", "modified": "2016-04-04T18:31:15", "published": "2010-08-02T04:00:00", "id": "RHSA-2010:0584", "href": "https://access.redhat.com/errata/RHSA-2010:0584", "type": "redhat", "title": "(RHSA-2010:0584) Important: jbossweb security update", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2019-12-11T13:31:28", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1157", "CVE-2010-1452", "CVE-2010-1623", "CVE-2010-3718", "CVE-2010-4172", "CVE-2011-0013", "CVE-2011-0419", "CVE-2012-4557"], "description": "JBoss Enterprise Web Server is a fully-integrated and certified set of\ncomponents for hosting Java web applications.\n\nThis is the first release of JBoss Enterprise Web Server for Red Hat\nEnterprise Linux 6. For Red Hat Enterprise Linux 4 and 5, this release\nserves as a replacement for JBoss Enterprise Web Server 1.0.1, and includes\na number of bug fixes. Refer to the Release Notes, linked in the\nReferences, for more information.\n\nThis update corrects security flaws in the following components:\n\ntomcat6:\n\nA cross-site scripting (XSS) flaw was found in the Manager application,\nused for managing web applications on Apache Tomcat. If a remote attacker\ncould trick a user who is logged into the Manager application into visiting\na specially-crafted URL, the attacker could perform Manager application\ntasks with the privileges of the logged in user. (CVE-2010-4172)\n\ntomcat5 and tomcat6:\n\nIt was found that web applications could modify the location of the Apache\nTomcat host's work directory. As web applications deployed on Tomcat have\nread and write access to this directory, a malicious web application could\nuse this flaw to trick Tomcat into giving it read and write access to an\narbitrary directory on the file system. (CVE-2010-3718)\n\nA second cross-site scripting (XSS) flaw was found in the Manager\napplication. A malicious web application could use this flaw to conduct an\nXSS attack, leading to arbitrary web script execution with the privileges\nof victims who are logged into and viewing Manager application web pages.\n(CVE-2011-0013)\n\nA possible minor information leak was found in the way Apache Tomcat\ngenerated HTTP BASIC and DIGEST authentication requests. For configurations\nwhere a realm name was not specified and Tomcat was accessed via a proxy,\nthe default generated realm contained the hostname and port used by the\nproxy to send requests to the Tomcat server. (CVE-2010-1157)\n\nhttpd:\n\nA flaw was found in the way the mod_dav module of the Apache HTTP Server\nhandled certain requests. If a remote attacker were to send a carefully\ncrafted request to the server, it could cause the httpd child process to\ncrash. (CVE-2010-1452)\n\napr:\n\nIt was found that the apr_fnmatch() function used an unconstrained\nrecursion when processing patterns with the '*' wildcard. An attacker could\nuse this flaw to cause an application using this function, which also\naccepted untrusted input as a pattern for matching (such as an httpd server\nusing the mod_autoindex module), to exhaust all stack memory or use an\nexcessive amount of CPU time when performing matching. (CVE-2011-0419)\n\napr-util:\n\nIt was found that certain input could cause the apr-util library to\nallocate more memory than intended in the apr_brigade_split_line()\nfunction. An attacker able to provide input in small chunks to an\napplication using the apr-util library (such as httpd) could possibly use\nthis flaw to trigger high memory consumption. Note: This issue only\naffected the JBoss Enterprise Web Server packages on Red Hat Enterprise\nLinux 4. (CVE-2010-1623)\n\nAll users of JBoss Enterprise Web Server 1.0.1 are advised to upgrade to\nJBoss Enterprise Web Server 1.0.2, which corrects these issues. After\ninstalling this update, the relevant Apache Tomcat service (\"tomcat5\" or\n\"tomcat6\") and the Apache HTTP Server (\"httpd\") must be restarted for the\nupdate to take effect.\n", "modified": "2018-06-07T02:42:41", "published": "2011-06-22T04:00:00", "id": "RHSA-2011:0897", "href": "https://access.redhat.com/errata/RHSA-2011:0897", "type": "redhat", "title": "(RHSA-2011:0897) Moderate: JBoss Enterprise Web Server 1.0.2 update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "debian": [{"lastseen": "2020-11-11T13:27:22", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0033", "CVE-2009-2693", "CVE-2009-0580", "CVE-2009-0781", "CVE-2008-5515", "CVE-2010-1157", "CVE-2010-2227", "CVE-2009-0783", "CVE-2009-2902"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2207-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nMarch 30, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : tomcat5.5\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2008-5515 CVE-2009-0033 CVE-2009-0580 CVE-2009-0781 CVE-2009-0783 CVE-2009-2693 CVE-2009-2902 CVE-2010-1157 CVE-2010-2227\n\nVarious vulnerabilities have been discovered in the Tomcat Servlet and \nJSP engine, resulting in denial of service, cross-site scripting, \ninformation disclosure and WAR file traversal. Further details on the\nindividual security issues can be found at \nhttp://tomcat.apache.org/security-5.html.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 5.5.26-5lenny2.\n\nThe stable distribution (squeeze) no longer contains tomcat5.5. tomcat6\nis already fixed.\n\nThe unstable distribution (sid) no longer contains tomcat5.5. tomcat6\nis already fixed.\n\nWe recommend that you upgrade your tomcat5.5 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2011-03-29T22:51:08", "published": "2011-03-29T22:51:08", "id": "DEBIAN:DSA-2207-1:6DF41", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2011/msg00075.html", "title": "[SECURITY] [DSA 2207-1] tomcat5.5 security update", "type": "debian", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:13", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4312", "CVE-2009-0033", "CVE-2011-1088", "CVE-2010-4172", "CVE-2011-1183", "CVE-2012-0022", "CVE-2009-2693", "CVE-2009-0580", "CVE-2009-0781", "CVE-2008-5515", "CVE-2011-2204", "CVE-2011-1419", "CVE-2011-2526", "CVE-2011-2729", "CVE-2011-1582", "CVE-2010-1157", "CVE-2011-0013", "CVE-2011-4858", "CVE-2011-0534", "CVE-2011-5063", "CVE-2009-2901", "CVE-2011-5062", "CVE-2011-1184", "CVE-2010-2227", "CVE-2009-0783", "CVE-2010-3718", "CVE-2011-3375", "CVE-2011-5064", "CVE-2011-1475", "CVE-2009-2902", "CVE-2011-3190", "CVE-2011-2481"], "description": "### Background\n\nApache Tomcat is a Servlet-3.0/JSP-2.2 Container.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Apache Tomcat. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nThe vulnerabilities allow an attacker to cause a Denial of Service, to hijack a session, to bypass authentication, to inject webscript, to enumerate valid usernames, to read, modify and overwrite arbitrary files, to bypass intended access restrictions, to delete work-directory files, to discover the server\u2019s hostname or IP, to bypass read permissions for files or HTTP headers, to read or write files outside of the intended working directory, and to obtain sensitive information by reading a log file. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Apache Tomcat 6.0.x users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-servers/tomcat-6.0.35\"\n \n\nAll Apache Tomcat 7.0.x users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-servers/tomcat-7.0.23\"", "edition": 1, "modified": "2016-03-20T00:00:00", "published": "2012-06-24T00:00:00", "id": "GLSA-201206-24", "href": "https://security.gentoo.org/glsa/201206-24", "type": "gentoo", "title": "Apache Tomcat: Multiple vulnerabilities", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
