RedHat Update for tomcat RHSA-2008:0042-01. Update patches for vulnerabilities in Tomcat
Reporter | Title | Published | Views | Family All 136 |
---|---|---|---|---|
![]() | (RHSA-2008:0042) Moderate: tomcat security update | 11 Mar 200800:00 | – | redhat |
![]() | (RHSA-2008:0195) Moderate: tomcat security update | 28 Apr 200800:00 | – | redhat |
![]() | (RHSA-2008:0862) Important: tomcat security update | 2 Oct 200800:00 | – | redhat |
![]() | (RHSA-2008:0832) Low: JBoss Enterprise Application Platform 4.3.0CP02 security update | 22 Sep 200800:00 | – | redhat |
![]() | (RHSA-2008:0158) Moderate: JBoss Enterprise Application Platform security update | 24 Mar 200800:00 | – | redhat |
![]() | (RHSA-2008:0630) Low: Red Hat Network Satellite Server security update | 13 Aug 200800:00 | – | redhat |
![]() | (RHSA-2008:0524) Low: Red Hat Network Satellite Server security update | 30 Jun 200800:00 | – | redhat |
![]() | (RHSA-2008:0261) Moderate: Red Hat Network Satellite Server security update | 20 May 200800:00 | – | redhat |
![]() | Oracle: Security Advisory (ELSA-2008-0042) | 8 Oct 201500:00 | – | openvas |
![]() | RedHat Update for tomcat RHSA-2008:0042-01 | 6 Mar 200900:00 | – | openvas |
Source | Link |
---|---|
redhat | www.redhat.com/archives/rhsa-announce/2008-March/msg00005.html |
###############################################################################
# OpenVAS Vulnerability Test
#
# RedHat Update for tomcat RHSA-2008:0042-01
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
include("revisions-lib.inc");
tag_insight = "Tomcat is a servlet container for Java Servlet and JavaServer Pages
technologies.
A directory traversal vulnerability existed in the Apache Tomcat webdav
servlet. In some configurations it allowed remote authenticated users to
read files accessible to the local tomcat process. (CVE-2007-5461)
The default security policy in the JULI logging component did not restrict
access permissions to files. This could be misused by untrusted web
applications to access and write arbitrary files in the context of the
tomcat process. (CVE-2007-5342)
Users of Tomcat should update to these errata packages, which contain
backported patches and are not vulnerable to these issues.";
tag_affected = "tomcat on Red Hat Enterprise Linux (v. 5 server)";
tag_solution = "Please Install the Updated Packages.";
if(description)
{
script_xref(name : "URL" , value : "https://www.redhat.com/archives/rhsa-announce/2008-March/msg00005.html");
script_oid("1.3.6.1.4.1.25623.1.0.870029");
script_version("$Revision: 9370 $");
script_tag(name:"last_modification", value:"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $");
script_tag(name:"creation_date", value:"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)");
script_tag(name:"cvss_base", value:"6.4");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:N");
script_xref(name: "RHSA", value: "2008:0042-01");
script_cve_id("CVE-2007-5461", "CVE-2007-5342");
script_name( "RedHat Update for tomcat RHSA-2008:0042-01");
script_tag(name:"summary", value:"Check for the Version of tomcat");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
script_family("Red Hat Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/rhel", "ssh/login/rpms");
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "insight" , value : tag_insight);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("pkg-lib-rpm.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "RHENT_5")
{
if ((res = isrpmvuln(pkg:"tomcat5", rpm:"tomcat5~5.5.23~0jpp.3.0.3.el5_1", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"tomcat5-admin-webapps", rpm:"tomcat5-admin-webapps~5.5.23~0jpp.3.0.3.el5_1", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"tomcat5-common-lib", rpm:"tomcat5-common-lib~5.5.23~0jpp.3.0.3.el5_1", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"tomcat5-debuginfo", rpm:"tomcat5-debuginfo~5.5.23~0jpp.3.0.3.el5_1", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"tomcat5-jasper", rpm:"tomcat5-jasper~5.5.23~0jpp.3.0.3.el5_1", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"tomcat5-jasper-javadoc", rpm:"tomcat5-jasper-javadoc~5.5.23~0jpp.3.0.3.el5_1", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"tomcat5-jsp-2.0-api", rpm:"tomcat5-jsp-2.0-api~5.5.23~0jpp.3.0.3.el5_1", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"tomcat5-jsp-2.0-api-javadoc", rpm:"tomcat5-jsp-2.0-api-javadoc~5.5.23~0jpp.3.0.3.el5_1", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"tomcat5-server-lib", rpm:"tomcat5-server-lib~5.5.23~0jpp.3.0.3.el5_1", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"tomcat5-servlet-2.4-api", rpm:"tomcat5-servlet-2.4-api~5.5.23~0jpp.3.0.3.el5_1", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"tomcat5-servlet-2.4-api-javadoc", rpm:"tomcat5-servlet-2.4-api-javadoc~5.5.23~0jpp.3.0.3.el5_1", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"tomcat5-webapps", rpm:"tomcat5-webapps~5.5.23~0jpp.3.0.3.el5_1", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo