Lucene search
Copyright (C) 2015 Greenbone Networks GmbHOPENVAS:1361412562310120055HistorySep 08, 2015 - 12:00 a.m.
Amazon Linux: Security Advisory (ALAS-2015-525)
2015-09-0800:00:00
Copyright (C) 2015 Greenbone Networks GmbH
plugins.openvas.org
14
6.8 Medium
AI Score
Confidence
Low
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
0.944 High
EPSS
Percentile
99.2%
The remote host is missing an update for the
# Copyright (C) 2015 Greenbone Networks GmbH
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-or-later
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.120055");
script_cve_id("CVE-2014-0227");
script_tag(name:"creation_date", value:"2015-09-08 11:16:24 +0000 (Tue, 08 Sep 2015)");
script_version("2022-01-07T14:04:51+0000");
script_tag(name:"last_modification", value:"2022-01-07 14:04:51 +0000 (Fri, 07 Jan 2022)");
script_tag(name:"cvss_base", value:"6.4");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:P/A:P");
script_name("Amazon Linux: Security Advisory (ALAS-2015-525)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2015 Greenbone Networks GmbH");
script_family("Amazon Linux Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/amazon_linux", "ssh/login/release");
script_xref(name:"Advisory-ID", value:"ALAS-2015-525");
script_xref(name:"URL", value:"https://alas.aws.amazon.com/ALAS-2015-525.html");
script_tag(name:"summary", value:"The remote host is missing an update for the 'tomcat6' package(s) announced via the ALAS-2015-525 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"It was discovered that the ChunkedInputFilter in Tomcat did not fail subsequent attempts to read input after malformed chunked encoding was detected. A remote attacker could possibly use this flaw to make Tomcat process part of the request body as new request, or cause a denial of service.");
script_tag(name:"affected", value:"'tomcat6' package(s) on Amazon Linux.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "AMAZON") {
if(!isnull(res = isrpmvuln(pkg:"tomcat6", rpm:"tomcat6~6.0.43~1.2.amzn1", rls:"AMAZON"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"tomcat6-admin-webapps", rpm:"tomcat6-admin-webapps~6.0.43~1.2.amzn1", rls:"AMAZON"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"tomcat6-docs-webapp", rpm:"tomcat6-docs-webapp~6.0.43~1.2.amzn1", rls:"AMAZON"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"tomcat6-el-2.1-api", rpm:"tomcat6-el-2.1-api~6.0.43~1.2.amzn1", rls:"AMAZON"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"tomcat6-javadoc", rpm:"tomcat6-javadoc~6.0.43~1.2.amzn1", rls:"AMAZON"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"tomcat6-jsp-2.1-api", rpm:"tomcat6-jsp-2.1-api~6.0.43~1.2.amzn1", rls:"AMAZON"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"tomcat6-lib", rpm:"tomcat6-lib~6.0.43~1.2.amzn1", rls:"AMAZON"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"tomcat6-servlet-2.5-api", rpm:"tomcat6-servlet-2.5-api~6.0.43~1.2.amzn1", rls:"AMAZON"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"tomcat6-webapps", rpm:"tomcat6-webapps~6.0.43~1.2.amzn1", rls:"AMAZON"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
ibm
ibm
nessus
nessus
RHEL 6 : tomcat6 (RHSA-2015:0991)
2015-05-13 00:00:00
CentOS 7 : tomcat (CESA-2015:0983)
2015-05-13 00:00:00
Apache Tomcat 6.0.x < 6.0.42 Handling Request Smuggling DoS
2015-03-01 00:00:00
prion
prion
Design/Logic Flaw
2015-02-16 00:59:00
osv
osv
Improper Input Validation in Apache Tomcat
2022-05-14 01:10:18
tomcat6 - security update
2015-05-28 00:00:00
tomcat7 - security update
2016-01-17 00:00:00
ubuntucve
ubuntucve
CVE-2014-0227
2015-02-15 00:00:00
cve
cve
CVE-2014-0227
2015-02-16 00:59:00
openvas
openvas
Oracle: Security Advisory (ELSA-2015-0991)
2015-10-06 00:00:00
Apache Tomcat DoS Vulnerability (Mar 2015) - Linux
2021-10-13 00:00:00
Apache Tomcat DoS Vulnerability (Mar 2015) - Windows
2015-03-06 00:00:00
securityvulns
securityvulns
Apache Tomcar request spoofing
2015-02-23 00:00:00
[SECURITY] CVE-2014-0227 Apache Tomcat Request Smuggling
2015-02-23 00:00:00
Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities
2015-07-20 00:00:00
mageia
mageia
Updated tomcat packages fix CVE-2014-0227
2015-02-19 19:37:50
debiancve
debiancve
CVE-2014-0227
2015-02-16 00:59:00
oraclelinux
oraclelinux
tomcat security update
2015-05-12 00:00:00
tomcat6 security and bug fix update
2015-05-12 00:00:00
tomcat6 security update
2014-08-11 00:00:00
f5
f5
K16344 : Apache Tomcat vulnerability CVE-2014-0227
2015-09-16 00:00:00
SOL16344 - Apache Tomcat vulnerability CVE-2014-0227
2015-04-09 00:00:00
redhat
redhat
(RHSA-2015:0991) Moderate: tomcat6 security and bug fix update
2015-05-12 00:00:00
(RHSA-2015:0983) Moderate: tomcat security update
2015-05-12 00:00:00
(RHSA-2015:0091) Important: Red Hat JBoss Data Grid 6.4.0 update
2015-01-27 16:16:17
veracode
veracode
Denial Of Service (DoS) In ChunkedInputFilter
2019-01-15 09:06:04
tomcat
tomcat
Fixed in Apache Tomcat 6.0.43
2014-11-22 00:00:00
Fixed in Apache Tomcat 8.0.9
2014-06-24 00:00:00
Fixed in Apache Tomcat 7.0.55
2014-07-27 00:00:00
checkpoint_advisories
checkpoint_advisories
Apache Tomcat ChunkedInputFilter Denial of Service (CVE-2014-0227)
2015-03-03 00:00:00
cloudfoundry
cloudfoundry
CVE-2014-0227 Apache Tomcat Request Smuggling | Cloud Foundry
2015-02-09 00:00:00
github
github
Improper Input Validation in Apache Tomcat
2022-05-14 01:10:18
amazon
amazon
Medium: tomcat6
2015-05-14 14:33:00
Medium: tomcat8
2015-05-14 14:40:00
Medium: tomcat7
2015-05-14 14:38:00
centos
centos
tomcat6 security update
2015-05-12 20:44:59
tomcat security update
2015-05-13 00:54:05
debian
debian
[SECURITY] [DLA 232-1] tomcat6 security update
2015-05-28 19:26:14
[SECURITY] [DSA 3447-1] tomcat7 security update
2016-01-17 15:47:11
[SECURITY] [DSA 3447-1] tomcat7 security update
2016-01-17 15:47:29
ubuntu
ubuntu
Tomcat vulnerabilities
2015-06-25 00:00:00
Tomcat vulnerabilities
2015-06-25 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: tomcat-7.0.59-1.fc21
2015-02-23 08:03:06
symantec
symantec
SA100 : Apache Tomcat Vulnerabilities
2015-07-23 08:00:00
kaspersky
kaspersky
KLA10630 Multiple vulnerabilities in Oracle VM VirtualBox
2015-07-14 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - July 2015
2015-07-14 00:00:00
Oracle Critical Patch Update - October 2016
2016-10-18 00:00:00
6.8 Medium
AI Score
Confidence
Low
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
0.944 High
EPSS
Percentile
99.2%
Related for OPENVAS:1361412562310120055