Search...

Apache Tomcat RemoteFilterValve Security Bypass Vulnerability

2008-10-16T00:00:00

ID OPENVAS:1361412562310800024
Type openvas
Reporter Copyright (C) 2008 Greenbone Networks GmbH
Modified 2019-05-10T00:00:00

Description

Apache Tomcat Server is running on this host and that is prone to security bypass vulnerability.

                                        
                                            ###############################################################################
# OpenVAS Vulnerability Test
#
# Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
#
# Authors: Chandan S &lt;schandan@secpod.com&gt;
#
# Copyright:
# Copyright (c) 2008 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

CPE = "cpe:/a:apache:tomcat";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.800024");
  script_version("2019-05-10T11:41:35+0000");
  script_tag(name:"last_modification", value:"2019-05-10 11:41:35 +0000 (Fri, 10 May 2019)");
  script_tag(name:"creation_date", value:"2008-10-16 18:25:33 +0200 (Thu, 16 Oct 2008)");
  script_tag(name:"cvss_base", value:"4.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:N/A:N");
  script_cve_id("CVE-2008-3271");
  script_bugtraq_id(31698);
  script_name("Apache Tomcat RemoteFilterValve Security Bypass Vulnerability");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2008 Greenbone Networks GmbH");
  script_family("Web application abuses");
  script_dependencies("gb_apache_tomcat_consolidation.nasl");
  script_mandatory_keys("apache/tomcat/detected");

  script_xref(name:"URL", value:"http://tomcat.apache.org/security-4.html");
  script_xref(name:"URL", value:"http://tomcat.apache.org/security-5.html");
  script_xref(name:"URL", value:"https://issues.apache.org/bugzilla/show_bug.cgi?id=25835");

  script_tag(name:"impact", value:"Successful attempt could lead to remote code execution and attacker
  can gain access to context of the filtered value.");

  script_tag(name:"affected", value:"Apache Tomcat version 4.1.x - 4.1.31, and 5.5.0.");

  script_tag(name:"insight", value:"Flaw in the application is due to the synchronisation problem when checking
  IP addresses. This could allow user from a non permitted IP address to gain access to a context that is protected
  with a valve that extends RemoteFilterValve including the standard RemoteAddrValve and RemoteHostValve
  implementations.");

  script_tag(name:"solution", value:"Upgrade to Apache Tomcat version 4.1.32, or 5.5.1, or later.");

  script_tag(name:"summary", value:"Apache Tomcat Server is running on this host and that is prone to
  security bypass vulnerability.");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"remote_banner_unreliable");

  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if( isnull( port = get_app_port( cpe:CPE ) ) )
  exit( 0 );

if( ! infos = get_app_version_and_location( cpe:CPE, port:port, exit_no_version:TRUE ) )
  exit( 0 );

vers = infos["version"];
path = infos["location"];

if( version_in_range( version:vers, test_version:"4.1.0", test_version2:"4.1.31" ) ||
    version_is_equal( version:vers, test_version:"5.5.0" ) ) {
  report = report_fixed_ver( installed_version:vers, fixed_version:"4.1.32/5.5.1", install_path:path );
  security_message( port:port, data:report );
  exit( 0 );
}

exit( 99 );

JSON Vulners Source

Initial Source

{"id": "OPENVAS:1361412562310800024", "type": "openvas", "bulletinFamily": "scanner", "title": "Apache Tomcat RemoteFilterValve Security Bypass Vulnerability", "description": "Apache Tomcat Server is running on this host and that is prone to\n security bypass vulnerability.", "published": "2008-10-16T00:00:00", "modified": "2019-05-10T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800024", "reporter": "Copyright (C) 2008 Greenbone Networks GmbH", "references": ["http://tomcat.apache.org/security-4.html", "https://issues.apache.org/bugzilla/show_bug.cgi?id=25835", "http://tomcat.apache.org/security-5.html"], "cvelist": ["CVE-2008-3271"], "lastseen": "2019-05-29T18:40:28", "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-3271"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:20689", "SECURITYVULNS:VULN:9350"]}, {"type": "openvas", "idList": ["OPENVAS:65324", "OPENVAS:65813", "OPENVAS:136141256231065324", "OPENVAS:136141256231065813"]}, {"type": "nessus", "idList": ["SUSE_TOMCAT5-5684.NASL", "SUSE9_12271.NASL", "SUSE_TOMCAT5-5689.NASL", "TOMCAT_5_5_1.NASL", "TOMCAT_4_1_32.NASL", "REDHAT-RHSA-2008-1007.NASL"]}, {"type": "jvn", "idList": ["JVN:30732239"]}, {"type": "seebug", "idList": ["SSV:4238", "SSV:4199"]}, {"type": "redhat", "idList": ["RHSA-2008:1007"]}], "modified": "2019-05-29T18:40:28", "rev": 2}, "score": {"value": 5.6, "vector": "NONE", "modified": "2019-05-29T18:40:28", "rev": 2}, "vulnersScore": 5.6}, "pluginID": "1361412562310800024", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apache Tomcat RemoteFilterValve Security Bypass Vulnerability\n#\n# Authors: Chandan S <schandan@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2008 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:tomcat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800024\");\n script_version(\"2019-05-10T11:41:35+0000\");\n script_tag(name:\"last_modification\", value:\"2019-05-10 11:41:35 +0000 (Fri, 10 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2008-10-16 18:25:33 +0200 (Thu, 16 Oct 2008)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_cve_id(\"CVE-2008-3271\");\n script_bugtraq_id(31698);\n script_name(\"Apache Tomcat RemoteFilterValve Security Bypass Vulnerability\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2008 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_apache_tomcat_consolidation.nasl\");\n script_mandatory_keys(\"apache/tomcat/detected\");\n\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-4.html\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-5.html\");\n script_xref(name:\"URL\", value:\"https://issues.apache.org/bugzilla/show_bug.cgi?id=25835\");\n\n script_tag(name:\"impact\", value:\"Successful attempt could lead to remote code execution and attacker\n can gain access to context of the filtered value.\");\n\n script_tag(name:\"affected\", value:\"Apache Tomcat version 4.1.x - 4.1.31, and 5.5.0.\");\n\n script_tag(name:\"insight\", value:\"Flaw in the application is due to the synchronisation problem when checking\n IP addresses. This could allow user from a non permitted IP address to gain access to a context that is protected\n with a valve that extends RemoteFilterValve including the standard RemoteAddrValve and RemoteHostValve\n implementations.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apache Tomcat version 4.1.32, or 5.5.1, or later.\");\n\n script_tag(name:\"summary\", value:\"Apache Tomcat Server is running on this host and that is prone to\n security bypass vulnerability.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( isnull( port = get_app_port( cpe:CPE ) ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_location( cpe:CPE, port:port, exit_no_version:TRUE ) )\n exit( 0 );\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif( version_in_range( version:vers, test_version:\"4.1.0\", test_version2:\"4.1.31\" ) ||\n version_is_equal( version:vers, test_version:\"5.5.0\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"4.1.32/5.5.1\", install_path:path );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n", "naslFamily": "Web application abuses"}

{"cve": [{"lastseen": "2020-10-03T11:51:00", "description": "Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a \"synchronization problem\" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.", "edition": 4, "cvss3": {}, "published": "2008-10-13T20:00:00", "title": "CVE-2008-3271", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-3271"], "modified": "2019-03-25T11:30:00", "cpe": ["cpe:/a:apache:tomcat:4.1.13", "cpe:/a:apache:tomcat:5.5.0", "cpe:/a:apache:tomcat:4.1.18", "cpe:/a:apache:tomcat:4.1.9", "cpe:/a:apache:tomcat:4.1.1", "cpe:/a:apache:tomcat:4.1.20", "cpe:/a:apache:tomcat:4.1.27", "cpe:/a:apache:tomcat:4.1.28", "cpe:/a:apache:tomcat:4.1.0", "cpe:/a:apache:tomcat:4.1.29", "cpe:/a:apache:tomcat:4.1.22", "cpe:/a:apache:tomcat:4.1.30", "cpe:/a:apache:tomcat:4.1.2", "cpe:/a:apache:tomcat:4.1.15", "cpe:/a:apache:tomcat:4.1.7", "cpe:/a:apache:tomcat:4.1.26", "cpe:/a:apache:tomcat:4.1.25", "cpe:/a:apache:tomcat:4.1.16", "cpe:/a:apache:tomcat:4.1.3", "cpe:/a:apache:tomcat:4.1.5", "cpe:/a:apache:tomcat:4.1.17", "cpe:/a:apache:tomcat:4.1.19", "cpe:/a:apache:tomcat:4.1.23", "cpe:/a:apache:tomcat:4.1.11", "cpe:/a:apache:tomcat:4.1.6", "cpe:/a:apache:tomcat:4.1.14", "cpe:/a:apache:tomcat:4.1.10", "cpe:/a:apache:tomcat:4.1.8", "cpe:/a:apache:tomcat:4.1.4", "cpe:/a:apache:tomcat:4.1.31", "cpe:/a:apache:tomcat:4.1.12", "cpe:/a:apache:tomcat:4.1.21", "cpe:/a:apache:tomcat:4.1.24"], "id": "CVE-2008-3271", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3271", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:apache:tomcat:4.1.22:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:4.1.3:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:4.1.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:4.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:4.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:4.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:4.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:4.1.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:4.1.28:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:4.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:4.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:4.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:4.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:4.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:4.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:4.1.29:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:4.1.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:4.1.23:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:4.1.25:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:4.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:4.1.27:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:4.1.30:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:4.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:4.1.31:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:4.1.21:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:4.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:4.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:4.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:4.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:4.1.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:4.1.26:*:*:*:*:*:*:*"]}], "securityvulns": [{"lastseen": "2018-08-31T11:10:28", "bulletinFamily": "software", "cvelist": ["CVE-2008-3271"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nCVE-2008-3271: Tomcat information disclosure vulnerability\r\n\r\nSeverity: Low\r\n\r\nVendor:\r\nThe Apache Software Foundation\r\n\r\nVersions Affected:\r\nTomcat 4.1.0 to 4.1.31\r\nTomcat 5.5.0\r\nTomcat 6.0.x is not affected\r\nThe unsupported Tomcat 3.x, 4.0.x and 5.0.x versions may be also affected\r\n\r\nDescription:\r\nBug 25835 (https://issues.apache.org/bugzilla/show_bug.cgi?id=25835) can,\r\nin very rare circumstances, permit a user from a non-permitted IP address\r\nto gain access to a context protected with a valve that extends\r\nRemoteFilterValve.\r\n\r\nMitigation:\r\nUpgrade to:\r\n4.1.32 or later\r\n5.5.1 or later\r\n6.0.0 or later\r\n\r\nExample:\r\nThis has only been reproduced using a debugger to force a particular\r\nprocessing sequence across two threads.\r\n\r\n 1. Set a breakpoint right after the place where a value\r\n is to be entered in the instance variable of regexp\r\n (search:org.apache.regexp.CharacterIterator).\r\n\r\n 2. Send a request from the IP address* which is not permitted.\r\n (stopped at the breakpoint)\r\n\r\n *About the IP address which is not permitted.\r\n The character strings length of the IP address which is set\r\n in RemoteAddrValve must be same.\r\n\r\n 3. Send a request from the IP address which was set in\r\n RemoteAddrValve.\r\n (stopped at the breakpoint)\r\n In this way, the instance variable is to be overwritten here.\r\n\r\n 4. Resume the thread which is processing the step 2 above.\r\n\r\n 5. The request from the not permitted IP address will succeed.\r\n\r\nCredit:\r\nThis issue was discovered by Kenichi Tsukamoto (Development Dept. II,\r\nApplication Management Middleware Div., FUJITSU LIMITED) and reported to\r\nthe Tomcat security team via JPCERT.\r\n\r\nReferences:\r\nhttp://tomcat.apache.org/security.html\r\n\r\nMark Thomas\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (MingW32)\r\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org\r\n\r\niEYEARECAAYFAkjuibsACgkQb7IeiTPGAkO33wCgiBY0nBdTaXBC8oPoHqMWH4mt\r\nOtgAmQHjgnxg0vKKSp43vez8XaBIZpOj\r\n=9Z/F\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2008-10-12T00:00:00", "published": "2008-10-12T00:00:00", "id": "SECURITYVULNS:DOC:20689", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20689", "title": "[SECURITY] CVE-2008-3271 - Apache Tomcat information disclosure", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:09:31", "bulletinFamily": "software", "cvelist": ["CVE-2008-3271"], "description": "Race conditions allow to bypass IP address check.", "edition": 1, "modified": "2008-10-12T00:00:00", "published": "2008-10-12T00:00:00", "id": "SECURITYVULNS:VULN:9350", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9350", "title": "Apache Tomcat information leak", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "openvas": [{"lastseen": "2018-04-06T11:38:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3271"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n tomcat5\n tomcat5-admin-webapps\n tomcat5-webapps\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-13T00:00:00", "id": "OPENVAS:136141256231065813", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065813", "type": "openvas", "title": "SLES10: Security update for Tomcat 5", "sourceData": "#\n#VID slesp2-tomcat5-5689\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for Tomcat 5\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n tomcat5\n tomcat5-admin-webapps\n tomcat5-webapps\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65813\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2008-3271\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_name(\"SLES10: Security update for Tomcat 5\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.0.30~27.32\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.0.30~27.32\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.0.30~27.32\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-04-06T11:38:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3271"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache-jakarta-tomcat-connectors\n apache2-jakarta-tomcat-connectors\n jakarta-tomcat\n jakarta-tomcat-doc\n jakarta-tomcat-examples\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5037300 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:136141256231065324", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065324", "type": "openvas", "title": "SLES9: Security update for Tomcat", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5037300.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for Tomcat\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache-jakarta-tomcat-connectors\n apache2-jakarta-tomcat-connectors\n jakarta-tomcat\n jakarta-tomcat-doc\n jakarta-tomcat-examples\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5037300 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65324\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2008-3271\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_name(\"SLES9: Security update for Tomcat\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"apache-jakarta-tomcat-connectors\", rpm:\"apache-jakarta-tomcat-connectors~5.0.19~29.18\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-26T08:55:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3271"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n tomcat5\n tomcat5-admin-webapps\n tomcat5-webapps\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-13T00:00:00", "id": "OPENVAS:65813", "href": "http://plugins.openvas.org/nasl.php?oid=65813", "type": "openvas", "title": "SLES10: Security update for Tomcat 5", "sourceData": "#\n#VID slesp2-tomcat5-5689\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for Tomcat 5\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n tomcat5\n tomcat5-admin-webapps\n tomcat5-webapps\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_id(65813);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2008-3271\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_name(\"SLES10: Security update for Tomcat 5\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.0.30~27.32\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.0.30~27.32\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.0.30~27.32\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-26T08:55:45", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3271"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache-jakarta-tomcat-connectors\n apache2-jakarta-tomcat-connectors\n jakarta-tomcat\n jakarta-tomcat-doc\n jakarta-tomcat-examples\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5037300 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:65324", "href": "http://plugins.openvas.org/nasl.php?oid=65324", "type": "openvas", "title": "SLES9: Security update for Tomcat", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5037300.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for Tomcat\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache-jakarta-tomcat-connectors\n apache2-jakarta-tomcat-connectors\n jakarta-tomcat\n jakarta-tomcat-doc\n jakarta-tomcat-examples\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5037300 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65324);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2008-3271\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_name(\"SLES9: Security update for Tomcat\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"apache-jakarta-tomcat-connectors\", rpm:\"apache-jakarta-tomcat-connectors~5.0.19~29.18\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "jvn": [{"lastseen": "2019-05-29T17:21:26", "bulletinFamily": "info", "cvelist": ["CVE-2008-3271"], "description": "\n ## Description\n\nApache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page (JSP) technologies. \nApache Tomcat contains a vulnerability which may allow a user from a non-permitted IP address to gain access to a protected context.\n\n ## Impact\n\nImpact varies depending on the accessed context by the non-permitted IP address. For example information disclosure may be possible as a result.\n\n ## Solution\n\n**Update the Software** \nApply the latest updates provided by the developer. \nThe following versions contain a fix of this vulnerability. \n\n\n * Apache Tomcat 4.1.32 and later\n * Apache Tomcat 5.5.1 and later\nFor more information, refer to the developer's website. \n\n ## Products Affected\n\n * Apache Tomcat 4.1.0 to 4.1.31\n * Apache Tomcat 5.5.0\nAccording to the developer, unsupported Apache Tomcat 3.x, 4.0.x, and 5.0.x may also be affected. \nIt is confirmed that Apache Tomcat 6.0.x is not affected. \n", "edition": 4, "modified": "2015-10-21T00:00:00", "published": "2008-10-10T00:00:00", "id": "JVN:30732239", "href": "http://jvn.jp/en/jp/JVN30732239/index.html", "title": "JVN#30732239: Apache Tomcat allows access from a non-permitted IP address", "type": "jvn", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "seebug": [{"lastseen": "2017-11-19T21:23:51", "description": "BUGTRAQ ID: 31698 \r\nCVE(CAN) ID: CVE-2008-3271 \r\n \r\nApache Tomcat\u662f\u4e00\u4e2a\u6d41\u884c\u7684\u5f00\u653e\u6e90\u7801\u7684JSP\u5e94\u7528\u670d\u52a1\u5668\u7a0b\u5e8f\u3002 \r\n \r\nApache Tomcat\u5728\u68c0\u67e5IP\u5730\u5740\u65f6\u5b58\u5728\u540c\u6b65\u95ee\u9898\uff0c\u5728\u6781\u5c11\u7684\u73af\u5883\u4e0b\uff0c\u8fd9\u53ef\u80fd\u5141\u8bb8\u975e\u5141\u8bb8\u7684IP\u5730\u5740\u7ed5\u8fc7RemoteFilterValve\u8fc7\u6ee4\u5668\u503c\u5e76\u8bbf\u95ee\u53d7\u4fdd\u62a4\u7684\u5185\u5bb9\u3002\u4ec5\u5728\u4f7f\u7528\u8c03\u8bd5\u5668\u5728\u4e24\u4e2a\u7ebf\u7a0b\u4e4b\u95f4\u5f3a\u5236\u7279\u5b9a\u7684\u5904\u7406\u5e8f\u5217\u7684\u60c5\u51b5\u4e0b\u624d\u53ef\u4ee5\u5229\u7528\u8fd9\u4e2a\u6f0f\u6d1e\u3002 \r\n\n\nApache Tomcat 5.5.0\r\nApache Tomcat 4.1.0 - 4.1.31\n Apache\r\n------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\n<a href=http://jakarta.apache.org/tomcat/index.html target=_blank>http://jakarta.apache.org/tomcat/index.html</a>", "published": "2008-10-15T00:00:00", "type": "seebug", "title": "Apache Tomcat RemoteFilterValve\u7ed5\u8fc7\u5b89\u5168\u9650\u5236\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-3271"], "modified": "2008-10-15T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-4238", "id": "SSV:4238", "sourceData": "", "sourceHref": "", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-11-19T21:24:20", "description": "BUGTRAQ ID: 31698\r\nCVE ID\uff1aCVE-2008-3271\r\nCNCVE ID\uff1aCNCVE-20083271\r\n\r\nApache Tomcat\u662f\u4e00\u6b3e\u6d41\u884c\u7684\u5f00\u653e\u6e90\u7801\u7684JSP\u5e94\u7528\u670d\u52a1\u5668\u7a0b\u5e8f\u3002\r\nApache Tomcat\u5904\u7406'RemoteFilterValve'\u6269\u5c55\u5b58\u5728\u5b89\u5168\u7ed5\u8fc7\u95ee\u9898\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6f0f\u6d1e\u7ed5\u8fc7\u8bbf\u95ee\u9650\u5236\uff0c\u83b7\u5f97\u654f\u611f\u4fe1\u606f\u3002\r\n\u5728\u4f7f\u7528RemoteAddrValve\u5141\u8bb8\u90e8\u5206\u5730\u5740\u8bbf\u95ee\u5f15\u64ce\u65f6\uff1a\r\n<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="a.b.c.d"/>\r\n\u7531\u4e8e\u5728\u68c0\u67e5IP\u5730\u5740\u65f6\u5b58\u5728\u540c\u6b65\u95ee\u9898\uff0c\u5141\u8bb8\u6765\u81ea\u975e\u5141\u8bb8IP\u5730\u5740\u7684\u7528\u6237\u5bf9RemoteFilterValve\u5ef6\u4f38\u7684\u4fdd\u62a4\u5185\u5bb9\u8fdb\u884c\u8bbf\u95ee\u3002\r\nFUJITSU Interstage\u4ea7\u54c1\u76ee\u524d\u53d7\u6b64\u6f0f\u6d1e\u5f71\u54cd\u3002\r\n\r\n\n\nFujitsu INTERSTAGE Studio Standard-J Edition 9.0 \r\nFujitsu INTERSTAGE Studio Standard-J Edition 8.0.1 \r\nFujitsu INTERSTAGE Studio Enterprise Edition 9.0 \r\nFujitsu INTERSTAGE Studio Enterprise Edition 8.0.1 \r\nFujitsu INTERSTAGE Job Workload Server 8.1 \r\nFujitsu INTERSTAGE Business Application Server Enterprise 8.0.0\r\nFujitsu INTERSTAGE Apworks Modelers-J Edition 7.0\r\nFujitsu INTERSTAGE Apworks Modelers-J Edition 6.0A\r\nFujitsu INTERSTAGE Apworks Modelers-J Edition 6.0\r\nFujitsu INTERSTAGE Application Server Standard-J Edition 9.1 \r\nFujitsu INTERSTAGE Application Server Standard-J Edition 9.0 A\r\nFujitsu INTERSTAGE Application Server Standard-J Edition 9.0 \r\nFujitsu INTERSTAGE Application Server Standard-J Edition 8.0.2 \r\nFujitsu INTERSTAGE Application Server Standard-J Edition 8.0 \r\nFujitsu iNTERSTAGE Application Server Standard Edition 7.0\r\nFujitsu INTERSTAGE Application Server Plus Developer 7.0\r\nFujitsu INTERSTAGE Application Server Plus Developer 6.0\r\nFujitsu Interstage Application Server Plus 7.0.1 \r\nFujitsu Interstage Application Server Plus 7.0\r\nFujitsu Interstage Application Server Plus 6.0\r\nFujitsu INTERSTAGE Application Server Enterprise Edition 9.1 \r\nFujitsu INTERSTAGE Application Server Enterprise Edition 9.0 A\r\nFujitsu INTERSTAGE Application Server Enterprise Edition 9.0 \r\nFujitsu INTERSTAGE Application Server Enterprise Edition 8.0.3 \r\nFujitsu INTERSTAGE Application Server Enterprise Edition 8.0.2 \r\nFujitsu INTERSTAGE Application Server Enterprise Edition 8.0.1 \r\nFujitsu INTERSTAGE Application Server Enterprise Edition 8.0 \r\nFujitsu INTERSTAGE Application Server Enterprise Edition 7.0.1 \r\nFujitsu INTERSTAGE Application Server Enterprise Edition 7.0\r\nFujitsu INTERSTAGE Application Server Enterprise Edition 6.0\r\nApache Software Foundation Tomcat 5.0 \r\nApache Software Foundation Tomcat 4.1.31 \r\nApache Software Foundation Tomcat 4.1.30 \r\nApache Software Foundation Tomcat 4.1.29 \r\nApache Software Foundation Tomcat 4.1.28 \r\nApache Software Foundation Tomcat 4.1.24 \r\n+ Gentoo Linux 1.4 _rc3\r\n+ Gentoo Linux 1.4 _rc2\r\n+ Gentoo Linux 1.4 _rc1\r\n+ Gentoo Linux 1.2 \r\nApache Software Foundation Tomcat 4.1.12 \r\nApache Software Foundation Tomcat 4.1.10 \r\nApache Software Foundation Tomcat 4.1.3 beta\r\nApache Software Foundation Tomcat 4.1.3 \r\nApache Software Foundation Tomcat 4.1 \r\nApache Software Foundation Tomcat 4.1 \r\n- BSDI BSD/OS 4.0 \r\n- Caldera OpenLinux 2.4 \r\n- Conectiva Linux 5.1 \r\n- Debian Linux 2.3 \r\n- Debian Linux 2.2 \r\n- Debian Linux 2.1 \r\n- Digital UNIX 4.0 \r\n- FreeBSD FreeBSD 5.0 \r\n- FreeBSD FreeBSD 4.5 \r\n- MandrakeSoft Linux Mandrake 7.1 \r\n- MandrakeSoft Linux Mandrake 7.0 \r\n- NetBSD NetBSD 1.4.2 x86\r\n- NetBSD NetBSD 1.4.1 x86\r\n- RedHat Linux 6.2 i386\r\n- RedHat Linux 6.1 i386\r\n- SGI IRIX 6.5 \r\n- SGI IRIX 6.4 \r\n- SGI IRIX 3.3 \r\n- Sun Solaris 8\r\n- Sun Solaris 7.0\r\nApache Software Foundation Tomcat 5.0\n \u5347\u7ea7\u5230\u6700\u65b0\u7248\u672c\uff1a\r\nApache Software Foundation Tomcat 6.0 \r\nApache Software Foundation Tomcat 5.0.1 \r\nApache Software Foundation Tomcat 4.1.32\r\n<a href=http://tomcat.apache.org/ target=_blank>http://tomcat.apache.org/</a>", "published": "2008-10-14T00:00:00", "type": "seebug", "title": "Apache Tomcat 'RemoteFilterValve'\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-3271"], "modified": "2008-10-14T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-4199", "id": "SSV:4199", "sourceData": "", "sourceHref": "", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "nessus": [{"lastseen": "2020-09-14T19:09:27", "description": "According to its self-reported version number, the instance of Apache\nTomcat 5.x listening on the remote host is prior to 5.5.1. It is,\ntherefore, affected by an information disclosure vulnerability.\n\nSpecifically, it may allow requests from a non-permitted IP address to\ngain access to a context that is protected with a valve that extends\nRequestFilterValve.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.", "edition": 18, "cvss3": {"score": 5.3, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "published": "2010-06-16T00:00:00", "title": "Apache Tomcat 5.x < 5.5.1 Information Disclosure", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3271"], "modified": "2010-06-16T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_5_5_1.NASL", "href": "https://www.tenable.com/plugins/nessus/47028", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(47028);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/11\");\n\n script_cve_id(\"CVE-2008-3271\");\n script_bugtraq_id(31698);\n script_xref(name:\"Secunia\", value:\"32213\");\n\n script_name(english:\"Apache Tomcat 5.x < 5.5.1 Information Disclosure\");\n script_summary(english:\"Checks the Apache Tomcat version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apache Tomcat server is affected by an information\ndisclosure vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the instance of Apache\nTomcat 5.x listening on the remote host is prior to 5.5.1. It is,\ntherefore, affected by an information disclosure vulnerability.\n\nSpecifically, it may allow requests from a non-permitted IP address to\ngain access to a context that is protected with a valve that extends\nRequestFilterValve.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bz.apache.org/bugzilla/show_bug.cgi?id=25835\");\n script_set_attribute(attribute:\"see_also\", value:\"http://tomcat.apache.org/security-5.html#Fixed_in_Apache_Tomcat_5.5.1\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/bugtraq/2008/Oct/81\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Apache Tomcat version 5.5.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2008-3271\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/10/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/06/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n\n exit(0);\n}\n\ninclude(\"tomcat_version.inc\");\n\ntomcat_check_version(fixed:\"5.5.1\", min:\"5.0.0\", severity:SECURITY_WARNING, granularity_regex:\"^5(\\.5)?$\");\n\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-17T14:02:17", "description": "This update of tomcat fixes an information leak due to incorrect IP\naddress filtering. (CVE-2008-3271)", "edition": 23, "published": "2009-09-24T00:00:00", "title": "SuSE9 Security Update : Tomcat (YOU Patch Number 12271)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3271"], "modified": "2009-09-24T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE9_12271.NASL", "href": "https://www.tenable.com/plugins/nessus/41249", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41249);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-3271\");\n\n script_name(english:\"SuSE9 Security Update : Tomcat (YOU Patch Number 12271)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of tomcat fixes an information leak due to incorrect IP\naddress filtering. (CVE-2008-3271)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-3271.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12271.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"apache-jakarta-tomcat-connectors-5.0.19-29.18\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"apache2-jakarta-tomcat-connectors-5.0.19-29.18\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"jakarta-tomcat-5.0.19-29.18\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"jakarta-tomcat-doc-5.0.19-29.18\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"jakarta-tomcat-examples-5.0.19-29.18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-17T14:47:13", "description": "This update of tomcat fixes an information leak due to incorrect IP\naddress filtering. (CVE-2008-3271)", "edition": 23, "published": "2008-10-27T00:00:00", "title": "SuSE 10 Security Update : Tomcat 5 (ZYPP Patch Number 5689)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3271"], "modified": "2008-10-27T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_TOMCAT5-5689.NASL", "href": "https://www.tenable.com/plugins/nessus/34499", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(34499);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-3271\");\n\n script_name(english:\"SuSE 10 Security Update : Tomcat 5 (ZYPP Patch Number 5689)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of tomcat fixes an information leak due to incorrect IP\naddress filtering. (CVE-2008-3271)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-3271.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 5689.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/10/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/10/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"tomcat5-5.0.30-27.32\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"tomcat5-admin-webapps-5.0.30-27.32\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"tomcat5-webapps-5.0.30-27.32\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"tomcat5-5.0.30-27.32\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"tomcat5-admin-webapps-5.0.30-27.32\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"tomcat5-webapps-5.0.30-27.32\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-17T14:47:13", "description": "This update of tomcat fixes an information leak due to incorrect IP\naddress filtering. (CVE-2008-3271)", "edition": 24, "published": "2008-10-17T00:00:00", "title": "openSUSE 10 Security Update : tomcat5 (tomcat5-5684)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3271"], "modified": "2008-10-17T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:tomcat5-webapps", "cpe:/o:novell:opensuse:10.2", "p-cpe:/a:novell:opensuse:tomcat5", "p-cpe:/a:novell:opensuse:tomcat5-admin-webapps"], "id": "SUSE_TOMCAT5-5684.NASL", "href": "https://www.tenable.com/plugins/nessus/34442", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update tomcat5-5684.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(34442);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-3271\");\n\n script_name(english:\"openSUSE 10 Security Update : tomcat5 (tomcat5-5684)\");\n script_summary(english:\"Check for the tomcat5-5684 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of tomcat fixes an information leak due to incorrect IP\naddress filtering. (CVE-2008-3271)\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat5 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat5-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat5-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/10/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.2\", reference:\"tomcat5-5.0.30-67\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"tomcat5-admin-webapps-5.0.30-67\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"tomcat5-webapps-5.0.30-67\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat5\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-17T13:06:22", "description": "Updated tomcat packages that fix multiple security issues are now\navailable for Red Hat Network Satellite Server.\n\nThis update has been rated as having low security impact by the Red\nHat Security Response Team.\n\nThis update corrects several security vulnerabilities in the Tomcat\ncomponent shipped as part of Red Hat Network Satellite Server. In a\ntypical operating environment, Tomcat is not exposed to users of\nSatellite Server in a vulnerable manner. These security updates will\nreduce risk in unique Satellite Server environments.\n\nMultiple flaws were fixed in the Apache Tomcat package.\n(CVE-2008-1232, CVE-2008-1947, CVE-2008-2370, CVE-2008-2938,\nCVE-2008-3271)\n\nUsers of Red Hat Network Satellite Server 5.0 or 5.1 are advised to\nupdate to these Tomcat packages which resolve these issues.", "edition": 32, "published": "2010-01-10T00:00:00", "title": "RHEL 4 : tomcat in Satellite Server (RHSA-2008:1007)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3271", "CVE-2008-1947", "CVE-2008-2938", "CVE-2008-2370", "CVE-2008-1232"], "modified": "2010-01-10T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:4", "p-cpe:/a:redhat:enterprise_linux:tomcat5"], "id": "REDHAT-RHSA-2008-1007.NASL", "href": "https://www.tenable.com/plugins/nessus/43842", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:1007. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43842);\n script_version(\"1.33\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-1232\", \"CVE-2008-1947\", \"CVE-2008-2370\", \"CVE-2008-2938\", \"CVE-2008-3271\");\n script_bugtraq_id(29502, 30494, 30496, 30633);\n script_xref(name:\"RHSA\", value:\"2008:1007\");\n\n script_name(english:\"RHEL 4 : tomcat in Satellite Server (RHSA-2008:1007)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated tomcat packages that fix multiple security issues are now\navailable for Red Hat Network Satellite Server.\n\nThis update has been rated as having low security impact by the Red\nHat Security Response Team.\n\nThis update corrects several security vulnerabilities in the Tomcat\ncomponent shipped as part of Red Hat Network Satellite Server. In a\ntypical operating environment, Tomcat is not exposed to users of\nSatellite Server in a vulnerable manner. These security updates will\nreduce risk in unique Satellite Server environments.\n\nMultiple flaws were fixed in the Apache Tomcat package.\n(CVE-2008-1232, CVE-2008-1947, CVE-2008-2370, CVE-2008-2938,\nCVE-2008-3271)\n\nUsers of Red Hat Network Satellite Server 5.0 or 5.1 are advised to\nupdate to these Tomcat packages which resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-1232\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-1947\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2370\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2938\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-3271\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://tomcat.apache.org/security-5.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2008:1007\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat5 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Apache Tomcat File Disclosure\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(22, 79, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/06/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:1007\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL4\", rpm:\"rhns-app-\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Satellite Server\");\n\n if (rpm_check(release:\"RHEL4\", reference:\"tomcat5-5.0.30-0jpp_12rh\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat5\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-09-14T19:09:27", "description": "According to its self-reported version number, the instance of Apache\nTomcat 4.x listening on the remote host is prior to 4.1.32. It is,\ntherefore, affected by the following vulnerabilities :\n\n - The remote Apache Tomcat install is vulnerable to a\n denial of service attack. If directory listing is\n enabled, function calls to retrieve the contents of\n large directories can degrade performance.\n (CVE-2005-3510)\n\n - The remote Apache Tomcat install may be vulnerable to\n a cross-site scripting attack if the JSP examples are\n enabled. Several of these JSP examples do not properly\n validate user input. (CVE-2005-4838)\n\n - The remote Apache Tomcat install allows remote users\n to list the contents of a directory by placing a\n semicolon before a filename with a mapped extension.\n (CVE-2006-3835)\n\n - If enabled, the JSP calendar example application is\n vulnerable to a cross-site scripting attack because\n user input is not properly validated. (CVE-2006-7196)\n\n - The remote Apache Tomcat install, in its default\n configuration, permits the use of insecure ciphers when\n using SSL. (CVE-2007-1858)\n\n - The remote Apache Tomcat install may be vulnerable to an\n information disclosure attack by allowing requests from\n a non-permitted IP address to gain access to a context\n that is protected with a valve that extends\n RequestFilterValve. (CVE-2008-3271)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.", "edition": 19, "cvss3": {"score": 5.3, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "published": "2010-06-16T00:00:00", "title": "Apache Tomcat 4.x < 4.1.32 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3271", "CVE-2005-4838", "CVE-2006-7196", "CVE-2005-3510", "CVE-2007-1858", "CVE-2006-3835"], "modified": "2010-06-16T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_4_1_32.NASL", "href": "https://www.tenable.com/plugins/nessus/47029", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(47029);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/11\");\n\n script_cve_id(\n \"CVE-2005-3510\",\n \"CVE-2005-4838\",\n \"CVE-2006-3835\",\n \"CVE-2006-7196\",\n \"CVE-2007-1858\",\n \"CVE-2008-3271\"\n );\n script_bugtraq_id(15325, 19106, 25531, 28482, 31698);\n script_xref(name:\"Secunia\", value:\"13737\");\n script_xref(name:\"Secunia\", value:\"17416\");\n script_xref(name:\"Secunia\", value:\"32213\");\n\n script_name(english:\"Apache Tomcat 4.x < 4.1.32 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the Apache Tomcat version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apache Tomcat server is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the instance of Apache\nTomcat 4.x listening on the remote host is prior to 4.1.32. It is,\ntherefore, affected by the following vulnerabilities :\n\n - The remote Apache Tomcat install is vulnerable to a\n denial of service attack. If directory listing is\n enabled, function calls to retrieve the contents of\n large directories can degrade performance.\n (CVE-2005-3510)\n\n - The remote Apache Tomcat install may be vulnerable to\n a cross-site scripting attack if the JSP examples are\n enabled. Several of these JSP examples do not properly\n validate user input. (CVE-2005-4838)\n\n - The remote Apache Tomcat install allows remote users\n to list the contents of a directory by placing a\n semicolon before a filename with a mapped extension.\n (CVE-2006-3835)\n\n - If enabled, the JSP calendar example application is\n vulnerable to a cross-site scripting attack because\n user input is not properly validated. (CVE-2006-7196)\n\n - The remote Apache Tomcat install, in its default\n configuration, permits the use of insecure ciphers when\n using SSL. (CVE-2007-1858)\n\n - The remote Apache Tomcat install may be vulnerable to an\n information disclosure attack by allowing requests from\n a non-permitted IP address to gain access to a context\n that is protected with a valve that extends\n RequestFilterValve. (CVE-2008-3271)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://tomcat.apache.org/security-4.html#Fixed_in_Apache_Tomcat_4.1.32\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bz.apache.org/bugzilla/show_bug.cgi?id=25835\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Apache Tomcat version 4.1.32 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2005-3510\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(79, 264);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/01/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/06/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/06/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n\n exit(0);\n}\n\n\ninclude(\"tomcat_version.inc\");\n\ntomcat_check_version(fixed:\"4.1.32\", min:\"4.0.0\", severity:SECURITY_WARNING, xss:TRUE, granularity_regex:\"^4(\\.1)?$\");\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "redhat": [{"lastseen": "2019-05-29T14:34:45", "bulletinFamily": "unix", "cvelist": ["CVE-2008-1232", "CVE-2008-1947", "CVE-2008-2370", "CVE-2008-2938", "CVE-2008-3271"], "description": "This update corrects several security vulnerabilities in the Tomcat\ncomponent shipped as part of Red Hat Network Satellite Server. In a\ntypical operating environment, Tomcat is not exposed to users\nof Satellite Server in a vulnerable manner. These security updates will\nreduce risk in unique Satellite Server environments.\n\nMultiple flaws were fixed in the Apache Tomcat package. (CVE-2008-1232,\nCVE-2008-1947, CVE-2008-2370, CVE-2008-2938, CVE-2008-3271)\n\nUsers of Red Hat Network Satellite Server 5.0 or 5.1 are advised to update\nto these Tomcat packages which resolve these issues.", "modified": "2019-03-22T23:44:40", "published": "2008-12-08T05:00:00", "id": "RHSA-2008:1007", "href": "https://access.redhat.com/errata/RHSA-2008:1007", "type": "redhat", "title": "(RHSA-2008:1007) Low: tomcat security update for Red Hat Network Satellite Server", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}]}