Lucene search
Copyright (C) 2020 Greenbone AGOPENVAS:1361412562310704673HistoryMay 05, 2020 - 12:00 a.m.
Debian: Security Advisory (DSA-4673-1)
2020-05-0500:00:00
Copyright (C) 2020 Greenbone AG
plugins.openvas.org
36
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.3 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.974 High
EPSS
Percentile
99.9%
The remote host is missing an update for the Debian
# SPDX-FileCopyrightText: 2020 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.704673");
script_cve_id("CVE-2019-17569", "CVE-2020-1935", "CVE-2020-1938");
script_tag(name:"creation_date", value:"2020-05-05 03:00:07 +0000 (Tue, 05 May 2020)");
script_version("2024-02-02T05:06:07+0000");
script_tag(name:"last_modification", value:"2024-02-02 05:06:07 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2020-02-27 15:39:45 +0000 (Thu, 27 Feb 2020)");
script_name("Debian: Security Advisory (DSA-4673-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2020 Greenbone AG");
script_family("Debian Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages", re:"ssh/login/release=DEB9");
script_xref(name:"Advisory-ID", value:"DSA-4673-1");
script_xref(name:"URL", value:"https://www.debian.org/security/2020/DSA-4673-1");
script_xref(name:"URL", value:"https://security-tracker.debian.org/tracker/DSA-4673");
script_xref(name:"URL", value:"https://security-tracker.debian.org/tracker/tomcat8");
script_tag(name:"summary", value:"The remote host is missing an update for the Debian 'tomcat8' package(s) announced via the DSA-4673-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"Several vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in HTTP request smuggling and code execution in the AJP connector (disabled by default in Debian).
For the oldstable distribution (stretch), these problems have been fixed in version 8.5.54-0+deb9u1.
We recommend that you upgrade your tomcat8 packages.
For the detailed security status of tomcat8 please refer to its security tracker page at: [link moved to references]");
script_tag(name:"affected", value:"'tomcat8' package(s) on Debian 9.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
release = dpkg_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "DEB9") {
if(!isnull(res = isdpkgvuln(pkg:"libservlet3.1-java", ver:"8.5.54-0+deb9u1", rls:"DEB9"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libservlet3.1-java-doc", ver:"8.5.54-0+deb9u1", rls:"DEB9"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libtomcat8-embed-java", ver:"8.5.54-0+deb9u1", rls:"DEB9"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libtomcat8-java", ver:"8.5.54-0+deb9u1", rls:"DEB9"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"tomcat8", ver:"8.5.54-0+deb9u1", rls:"DEB9"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"tomcat8-admin", ver:"8.5.54-0+deb9u1", rls:"DEB9"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"tomcat8-common", ver:"8.5.54-0+deb9u1", rls:"DEB9"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"tomcat8-docs", ver:"8.5.54-0+deb9u1", rls:"DEB9"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"tomcat8-examples", ver:"8.5.54-0+deb9u1", rls:"DEB9"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"tomcat8-user", ver:"8.5.54-0+deb9u1", rls:"DEB9"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
ibm
ibm
photon
photon
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2020-1.0-0285
2020-03-20 00:00:00
Critical Photon OS Security Update - PHSA-2020-0218
2020-03-09 00:00:00
Critical Photon OS Security Update - PHSA-2020-0285
2020-03-09 00:00:00
nessus
nessus
openSUSE Security Update : tomcat (openSUSE-2020-345)
2020-03-16 00:00:00
Amazon Linux AMI : tomcat8 (ALAS-2020-1353)
2020-03-16 00:00:00
Photon OS 3.0: Apache PHSA-2020-3.0-0069
2020-03-24 00:00:00
amazon
amazon
Important: tomcat8
2020-03-09 19:21:00
Important: tomcat7
2020-03-09 19:20:00
Low: tomcat7
2020-12-16 20:51:00
openvas
openvas
openSUSE: Security Advisory for tomcat (openSUSE-SU-2020:0345-1)
2020-03-16 00:00:00
SUSE: Security Advisory (SUSE-SU-2020:0598-1)
2021-04-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2020:0631-1)
2021-06-09 00:00:00
debian
debian
[SECURITY] [DLA 2133-1] tomcat7 security update
2020-03-04 18:14:50
[SECURITY] [DSA 4673-1] tomcat8 security update
2020-05-03 18:29:38
[SECURITY] [DSA 4680-1] tomcat9 security update
2020-05-06 20:58:40
tomcat
tomcat
Fixed in Apache Tomcat 7.0.100
2020-02-14 00:00:00
Fixed in Apache Tomcat 8.5.51
2020-02-11 00:00:00
Fixed in Apache Tomcat 9.0.31
2020-02-11 00:00:00
osv
osv
tomcat7 - security update
2020-03-04 00:00:00
tomcat8 - security update
2020-05-03 00:00:00
tomcat9 - security update
2020-05-06 00:00:00
suse
suse
Security update for tomcat (important)
2020-03-15 00:00:00
thn
thn
GhostCat: New High-Risk Vulnerability Affects Servers Running Apache Tomcat
2020-02-28 13:00:00
kaspersky
kaspersky
KLA11679 Multiple vulnerabilities in Apache Tomcat
2020-02-24 00:00:00
mageia
mageia
Updated tomcat packages fix security vulnerabilities
2020-03-10 22:04:50
atlassian
atlassian
redhat
redhat
(RHSA-2020:1521) Important: Red Hat JBoss Web Server 5.3 release
2020-04-21 10:36:39
(RHSA-2020:1520) Important: Red Hat JBoss Web Server 5.3 release
2020-04-21 10:36:37
veracode
veracode
HTTP Request Smuggling
2020-02-25 07:52:44
HTTP Request Smuggling
2020-02-25 05:38:50
Authentication Bypass
2020-02-25 05:53:16
redhatcve
redhatcve
github
github
Potential HTTP request smuggling in Apache Tomcat
2020-02-28 01:10:58
Potential HTTP request smuggling in Apache Tomcat
2020-02-28 01:10:48
Improper Privilege Management in Tomcat
2020-06-15 18:51:21
prion
prion
Input validation
2020-02-24 22:15:00
Design/Logic Flaw
2020-02-24 22:15:00
Default configuration
2020-02-24 22:15:00
cve
cve
f5
f5
K66289873 : Apache Tomcat vulnerability CVE-2019-17569
2020-03-04 00:00:00
K43709560 : Apache Tomcat vulnerability CVE-2020-1935
2020-03-06 00:00:00
K53254186 : Apache Tomcat vulnerability CVE-2020-1938
2020-03-04 00:00:00
debiancve
debiancve
ubuntucve
ubuntucve
cgr
cgr
CVE-2020-1935 vulnerabilities
2024-04-23 21:06:13
CVE-2020-1938 vulnerabilities
2024-04-23 21:06:13
oraclelinux
oraclelinux
tomcat security update
2020-11-12 00:00:00
tomcat security update
2020-03-22 00:00:00
tomcat6 security update
2020-03-23 00:00:00
centos
centos
tomcat security update
2020-11-18 17:27:18
tomcat6 security update
2020-03-25 19:21:34
tomcat security update
2020-03-25 19:05:03
symantec
symantec
Apache Tomcat Vulnerabilities Oct 2018 – Feb 2020
2020-05-12 19:02:01
fedora
fedora
[SECURITY] Fedora 31 Update: tomcat-9.0.31-2.fc31
2020-04-02 09:56:06
[SECURITY] Fedora 32 Update: tomcat-9.0.31-2.fc32
2020-03-31 00:18:31
[SECURITY] Fedora 30 Update: tomcat-9.0.31-2.fc30
2020-04-02 09:19:40
githubexploit
githubexploit
Exploit for CVE-2020-1938
2021-07-11 14:38:21
Exploit for CVE-2020-1938
2021-03-28 03:30:44
Exploit for CVE-2020-1938
2021-10-08 04:20:43
rapid7blog
rapid7blog
Metasploit Wrap-Up
2020-12-04 19:27:53
myhack58
myhack58
threatpost
threatpost
Wordpress Yellow Pencil Plugin Flaws Actively Exploited
2019-04-12 14:13:06
Apache Tomcat Exploit Poised to Pounce, Stealing Files
2020-03-23 20:56:37
Users Urged to Uninstall WordPress Yuzo Plugin After Flaw Exploited
2019-04-11 17:19:40
qualysblog
qualysblog
cisa_kev
cisa_kev
Apache Tomcat Improper Privilege Management Vulnerability
2022-03-03 00:00:00
huawei
huawei
Security Advisory - Apache Tomcat File Inclusion Vulnerability
2020-07-15 00:00:00
checkpoint_advisories
checkpoint_advisories
Apache Tomcat AJP File Inclusion (CVE-2020-1938; CVE-2022-26377)
2020-02-25 00:00:00
attackerkb
attackerkb
CVE-2020-10569
2020-04-21 00:00:00
trendmicroblog
trendmicroblog
ubuntu
ubuntu
Tomcat vulnerabilities
2020-08-04 00:00:00
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.3 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.974 High
EPSS
Percentile
99.9%
Related for OPENVAS:1361412562310704673