Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2009 Greenbone AGOPENVAS:1361412562310861582
HistoryFeb 27, 2009 - 12:00 a.m.

Fedora Update for tomcat5 FEDORA-2007-3474

2009-02-2700:00:00
Copyright (C) 2009 Greenbone AG
plugins.openvas.org
1

7.7 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.968 High

EPSS

Percentile

99.7%

JSON

The remote host is missing an update for the

# SPDX-FileCopyrightText: 2009 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_xref(name:"URL", value:"https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00545.html");
  script_oid("1.3.6.1.4.1.25623.1.0.861582");
  script_version("2023-07-05T05:06:18+0000");
  script_tag(name:"last_modification", value:"2023-07-05 05:06:18 +0000 (Wed, 05 Jul 2023)");
  script_tag(name:"creation_date", value:"2009-02-27 16:23:18 +0100 (Fri, 27 Feb 2009)");
  script_tag(name:"cvss_base", value:"4.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_xref(name:"FEDORA", value:"2007-3474");
  script_cve_id("CVE-2007-1355", "CVE-2007-3386", "CVE-2007-3385", "CVE-2007-3382", "CVE-2007-2450", "CVE-2007-2449", "CVE-2007-5461", "CVE-2007-1358");
  script_name("Fedora Update for tomcat5 FEDORA-2007-3474");
  script_tag(name:"summary", value:"The remote host is missing an update for the 'tomcat5'
  package(s) announced via the referenced advisory.");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2009 Greenbone AG");
  script_family("Fedora Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/fedora", "ssh/login/rpms", re:"ssh/login/release=FC8");
  script_tag(name:"affected", value:"tomcat5 on Fedora 8");
  script_tag(name:"solution", value:"Please install the updated package(s).");
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";

if(release == "FC8")
{
  if ((res = isrpmvuln(pkg:"tomcat5", rpm:"tomcat5~5.5.25~1jpp.1.fc8", rls:"FC8")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"tomcat5-jasper-eclipse", rpm:"tomcat5-jasper-eclipse~5.5.25~1jpp.1.fc8", rls:"FC8")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"tomcat5-debuginfo", rpm:"tomcat5-debuginfo~5.5.25~1jpp.1.fc8", rls:"FC8")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"tomcat5-webapps", rpm:"tomcat5-webapps~5.5.25~1jpp.1.fc8", rls:"FC8")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"tomcat5-jasper", rpm:"tomcat5-jasper~5.5.25~1jpp.1.fc8", rls:"FC8")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"tomcat5-jasper-javadoc", rpm:"tomcat5-jasper-javadoc~5.5.25~1jpp.1.fc8", rls:"FC8")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"tomcat5-servlet-2.4-api", rpm:"tomcat5-servlet-2.4-api~5.5.25~1jpp.1.fc8", rls:"FC8")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"tomcat5-common-lib", rpm:"tomcat5-common-lib~5.5.25~1jpp.1.fc8", rls:"FC8")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"tomcat5-jsp-2.0-api-javadoc", rpm:"tomcat5-jsp-2.0-api-javadoc~5.5.25~1jpp.1.fc8", rls:"FC8")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"tomcat5-servlet-2.4-api-javadoc", rpm:"tomcat5-servlet-2.4-api-javadoc~5.5.25~1jpp.1.fc8", rls:"FC8")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"tomcat5-jsp-2.0-api", rpm:"tomcat5-jsp-2.0-api~5.5.25~1jpp.1.fc8", rls:"FC8")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"tomcat5-server-lib", rpm:"tomcat5-server-lib~5.5.25~1jpp.1.fc8", rls:"FC8")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"tomcat5-admin-webapps", rpm:"tomcat5-admin-webapps~5.5.25~1jpp.1.fc8", rls:"FC8")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99);
  exit(0);
}

Related

altlinux 1
nessus 43
fedora 5
openvas 36
redhat 8
tomcat 9
debian 3
osv 10
oraclelinux 3
centos 3
securityvulns 12
seebug 4
veracode 9
atlassian 2
cve 10
exploitpack 1
github 7
prion 10
jvn 5
ubuntucve 10
packetstorm 3
freebsd 1
cert 1
checkpoint_advisories 1
exploitdb 1
redhatcve 1
altlinux
altlinux
Security fix for the ALT Linux 5 package tomcat5 version 0:5.5.25-alt1_1.1jpp5.0
2007-11-30 00:00:00
nessus
nessus
Fedora 7 : tomcat5-5.5.25-1jpp.1.fc7 (2007-3456)
2007-11-20 00:00:00
Fedora 8 : tomcat5-5.5.25-1jpp.1.fc8 (2007-3474)
2007-11-20 00:00:00
Apache Tomcat 5.0.x <= 5.0.30 / 5.5.x < 5.5.25 Multiple Vulnerabilities
2010-12-07 00:00:00
fedora
fedora
[SECURITY] Fedora 7 Update: tomcat5-5.5.25-1jpp.1.fc7
2007-11-17 05:34:43
[SECURITY] Fedora 8 Update: tomcat5-5.5.25-1jpp.1.fc8
2007-11-17 05:37:36
[SECURITY] Fedora 8 Update: tomcat5-5.5.26-1jpp.2.fc8
2008-02-13 05:14:35
openvas
openvas
Fedora Update for tomcat5 FEDORA-2007-3456
2009-02-27 00:00:00
Fedora Update for tomcat5 FEDORA-2007-3456
2009-02-27 00:00:00
Fedora Update for tomcat5 FEDORA-2007-3474
2009-02-27 00:00:00
redhat
redhat
(RHSA-2007:0876) Moderate: tomcat security update
2007-10-11 00:00:00
(RHSA-2007:0871) Moderate: tomcat security update
2007-09-26 00:00:00
(RHSA-2008:0195) Moderate: tomcat security update
2008-04-28 00:00:00
tomcat
tomcat
Fixed in Apache Tomcat 6.0.14
2007-08-13 00:00:00
Fixed in Apache Tomcat 5.5.25, 5.0.SVN
2007-09-08 00:00:00
Fixed in Apache Tomcat 4.1.37
2005-10-06 00:00:00
debian
debian
[SECURITY] [DSA 1447-1] New tomcat5.5 packages fix several vulnerabilities
2008-01-03 21:54:49
[SECURITY] [DSA 1453-1] New tomcat5 packages fix several vulnerabilities
2008-01-07 18:41:20
[SECURITY] [DSA 1468-1] New tomcat5.5 packages fix several vulnerabilities
2008-01-20 15:17:40
osv
osv
tomcat5.5 several vulnerabilities
2008-01-03 00:00:00
tomcat5 - several vulnerabilities
2008-01-07 00:00:00
Apache Tomcat XSS In Accept-Language Headers
2022-05-01 17:52:51
oraclelinux
oraclelinux
Moderate: tomcat security update
2007-09-26 00:00:00
Moderate: tomcat security update
2007-07-17 00:00:00
Moderate: tomcat security update
2008-03-11 00:00:00
centos
centos
tomcat5 security update
2007-09-28 08:11:50
tomcat5 security update
2007-07-22 15:57:46
tomcat5 security update
2008-03-19 00:04:06
securityvulns
securityvulns
CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities &#40;Updated - v1.1&#41;
2009-01-28 00:00:00
Apache Tomcat multiple security vulnerabilities
2007-08-14 00:00:00
Apache Tomcat crossite scripting
2007-06-14 00:00:00
seebug
seebug
Apache Tomcat多个远程信息泄露漏洞
2007-08-23 00:00:00
Apache Tomcat Host Manager Servlet跨站脚本执行漏洞
2007-08-23 00:00:00
Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
2014-07-01 00:00:00
veracode
veracode
Session Hijacking
2018-11-13 05:10:16
Cross-site Scripting (XSS)
2018-11-13 06:36:00
Cross-Site Scripting (XSS)
2018-11-12 09:08:34
atlassian
atlassian
Upgrade standalone Tomcat to 5.5.25
2008-01-15 04:23:59
Upgrade standalone Tomcat to 5.5.25
2008-01-15 04:23:59
cve
cve
CVE-2007-1358
2007-05-10 00:19:00
CVE-2007-3386
2007-08-14 22:17:00
CVE-2007-5461
2007-10-15 18:17:00
exploitpack
exploitpack
Apache Tomcat 6.0.15 - Cookie Quote Handling Remote Information Disclosure
2008-02-09 00:00:00
github
github
Apache Tomcat Mishandles Character Sequence in Cookies
2022-05-01 18:13:14
Apache Tomcat XSS In Accept-Language Headers
2022-05-01 17:52:51
Apache Tomcat treats single quotes as delimiters in cookies
2022-05-01 18:13:14
prion
prion
Cross site scripting
2007-08-14 22:17:00
Design/Logic Flaw
2007-08-14 22:17:00
Cross site scripting
2007-05-10 00:19:00
jvn
jvn
JVN#59851336 Apache Tomcat Host Manager cross-site scripting vulnerability
2007-08-15 00:00:00
JVN#16535199: Apache Tomcat Accept-Language Header Cross-Site Scripting Vulnerability
2007-06-19 00:00:00
JVN#64851600 Apache Tomcat sample web application cross-site scripting vulnerability
2007-06-15 00:00:00
ubuntucve
ubuntucve
CVE-2007-3386
2007-08-14 00:00:00
CVE-2007-1358
2007-05-10 00:00:00
CVE-2007-1355
2007-05-21 00:00:00
packetstorm
packetstorm
CVE-2007-3386.txt
2007-08-14 00:00:00
CVE-2007-1355.txt
2007-05-22 00:00:00
CVE-2007-2449.txt
2007-06-15 00:00:00
freebsd
freebsd
tomcat -- XSS vulnerability in sample applications
2007-05-19 00:00:00
cert
cert
Apache Tomcat fails to properly handle cookies containing single quotes
2007-08-14 00:00:00
checkpoint_advisories
checkpoint_advisories
Apache Tomcat WebDav Remote Information Disclosure (CVE-2007-5461)
2013-11-18 00:00:00
exploitdb
exploitdb
Apache Tomcat 6.0.15 - Cookie Quote Handling Remote Information Disclosure
2008-02-09 00:00:00
redhatcve
redhatcve
CVE-2007-5731
2019-10-04 21:11:49

7.7 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.968 High

EPSS

Percentile

99.7%

JSON
Related for OPENVAS:1361412562310861582
altlinux1nessus43fedora5openvas36redhat8tomcat9debian3osv10oraclelinux3centos3securityvulns12seebug4veracode9atlassian2cve10exploitpack1github7prion10jvn5ubuntucve10packetstorm3freebsd1cert1checkpoint_advisories1exploitdb1redhatcve1