Lucene search
+L

Apache Tomcat XSS Vulnerability (Jun 2022) - Linux

🗓️ 24 Jun 2022 00:00:00Reported by Copyright (C) 2022 Greenbone Networks GmbHType 
openvas
 openvas
🔗 plugins.openvas.org👁 24 Views

Apache Tomcat XSS Vulnerability on Linux (Jun 2022

Related
Refs
Code
ReporterTitlePublishedViews
Family
IBM Security Bulletins
Security Bulletin: IBM Rational Build Forge 8.0.0.24 addresses multiple vulnerabilities by updating Apache Tomcat Server
31 Oct 202315:09
ibm
IBM Security Bulletins
Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities
8 Jun 202321:56
ibm
IBM Security Bulletins
Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to cross-site scripting due to Apache Tomcat (CVE-2022-34305)
10 Jan 202310:31
ibm
IBM Security Bulletins
Security Bulletin: The CVE-2022-34305 vulnerability in Apache Tomcat affects App Connect Professional.
15 Jul 202205:52
ibm
IBM Security Bulletins
Security Bulletin: IBM Sterling Control Center is affected by vulnerability in Apache Tomcat
7 Nov 202407:43
ibm
IBM Security Bulletins
Security Bulletin: Netcool Operations Insights 1.6.9 addresses multiple security vulnerabilities.
18 Jul 202313:09
ibm
IBM Security Bulletins
Security Bulletin: IBM UrbanCode Build is affected by CVE-2022-34305
20 Dec 202207:05
ibm
IBM Security Bulletins
Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities including remote code execution in Apache Log4j 1.x
3 Aug 202216:43
ibm
IBM Security Bulletins
Security Bulletin: IBM UrbanCode Release is affected by CVE-2022-34305
20 Jan 202316:08
ibm
IBM Security Bulletins
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to cross-site scripting in Apache Tomcat (CVE-2022-34305)
12 Jan 202321:59
ibm
Rows per page
# Copyright (C) 2022 Greenbone Networks GmbH
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-or-later
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

CPE = "cpe:/a:apache:tomcat";

if (description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.148321");
  script_version("2022-07-01T10:11:09+0000");
  script_tag(name:"last_modification", value:"2022-07-01 10:11:09 +0000 (Fri, 01 Jul 2022)");
  script_tag(name:"creation_date", value:"2022-06-24 04:53:04 +0000 (Fri, 24 Jun 2022)");
  script_tag(name:"cvss_base", value:"4.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2022-06-29 16:42:00 +0000 (Wed, 29 Jun 2022)");

  script_cve_id("CVE-2022-34305");

  script_tag(name:"qod_type", value:"remote_banner_unreliable");

  script_tag(name:"solution_type", value:"VendorFix");

  script_name("Apache Tomcat XSS Vulnerability (Jun 2022) - Linux");

  script_category(ACT_GATHER_INFO);

  script_copyright("Copyright (C) 2022 Greenbone Networks GmbH");
  script_family("Web Servers");
  script_dependencies("gb_apache_tomcat_consolidation.nasl", "os_detection.nasl");
  script_mandatory_keys("apache/tomcat/detected", "Host/runs_unixoide");

  script_tag(name:"summary", value:"Apache Tomcat is prone to a cross-site scripting (XSS)
  vulnerability.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"The Form authentication example in the examples web application
  displayed user provided data without filtering, exposing a XSS vulnerability.");

  script_tag(name:"affected", value:"Apache Tomcat version 8.5.50 through 8.5.81, 9.0.30 through
  9.0.64, 10.0.0-M1 through 10.0.22 and 10.1.0-M1 through 10.1.0-M16.");

  script_tag(name:"solution", value:"Update to version 8.5.82, 9.0.65, 10.0.23, 10.1.0-M17 or
  later.");

  script_xref(name:"URL", value:"https://lists.apache.org/thread/k04zk0nq6w57m72w5gb0r6z9ryhmvr4k");

  exit(0);
}

include("host_details.inc");
include("revisions-lib.inc");
include("version_func.inc");

if (isnull(port = get_app_port(cpe: CPE)))
  exit(0);

if (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))
  exit(0);

version = infos["version"];
location = infos["location"];

if (version_in_range(version: version, test_version: "8.5.50", test_version2: "8.5.81")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "8.5.82", install_path: location);
  security_message(port: port, data: report);
  exit(0);
}

if (version_in_range(version: version, test_version: "9.0.30", test_version2: "9.0.64")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "9.0.65", install_path: location);
  security_message(port: port, data: report);
  exit(0);
}

if ((revcomp(a: version, b: "10.0.0-M1") >= 0) && (revcomp(a: version, b: "10.0.22") <= 0)) {
  report = report_fixed_ver(installed_version: version, fixed_version: "10.0.23", install_path: location);
  security_message(port: port, data: report);
  exit(0);
}

if ((revcomp(a: version, b: "10.1.0-M1") >= 0) && (revcomp(a: version, b: "10.1.0-M16") <= 0)) {
  report = report_fixed_ver(installed_version: version, fixed_version: "10.1.0-M17", install_path: location);
  security_message(port: port, data: report);
  exit(0);
}

exit(99);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

01 Jul 2022 00:00Current
6.2Medium risk
Vulners AI Score6.2
CVSS 24.3
CVSS 3.16.1
EPSS0.06156
24