Lucene search

K

Mageia: Security Advisory (MGASA-2017-0196)

🗓️ 28 Jan 2022 00:00:00Reported by Copyright (C) 2022 Greenbone AGType 
openvas
 openvas
🔗 plugins.openvas.org👁 9 Views

Mageia: Security Advisory (MGASA-2017-0196) - The remote host is missing an update for the 'tomcat' package(s) announced via the MGASA-2017-0196 advisory

Show more
Related
Refs
Code
ReporterTitlePublishedViews
Family
IBM Security Bulletins
Security Bulletin: IBM Integration Bus is affected by a Open Source Apache Tomcat Vulnerability (CVE-2017-5664 )
23 Mar 202020:41
ibm
IBM Security Bulletins
Security Bulletin: Vulnerability in Apache Tomcat affects IBM Algo One - Algo Risk Application (CVE-2017-5664)
15 Jun 201823:48
ibm
IBM Security Bulletins
Security Bulletin: WebSphere Message Broker is affected by a Open Source Apache Tomcat Vulnerability (CVE-2017-5664 )
15 Jun 201807:08
ibm
IBM Security Bulletins
Security Bulletin: Rational Test Control Panel in Rational Test Workbench and Rational Test Virtualization Server affected by Apache Tomcat vulnerability (CVE-2017-5664)
17 Jun 201805:24
ibm
IBM Security Bulletins
Security Bulletin: Open Source Apache Tomcat Vulnerabilities affect Algo One - Core
15 Jun 201823:48
ibm
IBM Security Bulletins
Security Bulletin: Security vulnerabilities have been identified in Jazz Reporting Service shipped with Rational Reporting for Development Intelligence
17 Jun 201805:22
ibm
IBM Security Bulletins
Security Bulletin: Security vulnerabilities have been identified in Jazz Reporting Service shipped with Rational Insight
17 Jun 201805:22
ibm
IBM Security Bulletins
Security Bulletin: Security vulnerabilities have been identified in Jazz Team Server shipped with Jazz Reporting Service
17 Jun 201805:22
ibm
IBM Security Bulletins
Security Bulletin: Security vulnerabilities in Apache Tomcat affect multiple IBM Rational products based on IBM's Jazz technology
28 Apr 202118:35
ibm
IBM Security Bulletins
Security Bulletin: Open Source Apache Tomcat Vulnerabilities affect Algo One - Counterparty Credit Risk
15 Jun 201823:48
ibm
Rows per page
# SPDX-FileCopyrightText: 2022 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.1.10.2017.0196");
  script_cve_id("CVE-2017-5664");
  script_tag(name:"creation_date", value:"2022-01-28 10:58:44 +0000 (Fri, 28 Jan 2022)");
  script_version("2024-10-23T05:05:59+0000");
  script_tag(name:"last_modification", value:"2024-10-23 05:05:59 +0000 (Wed, 23 Oct 2024)");
  script_tag(name:"cvss_base", value:"5.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:P/A:N");
  script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2017-06-14 19:41:44 +0000 (Wed, 14 Jun 2017)");

  script_name("Mageia: Security Advisory (MGASA-2017-0196)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2022 Greenbone AG");
  script_family("Mageia Linux Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/mageia_linux", "ssh/login/release", re:"ssh/login/release=MAGEIA5");

  script_xref(name:"Advisory-ID", value:"MGASA-2017-0196");
  script_xref(name:"URL", value:"https://advisories.mageia.org/MGASA-2017-0196.html");
  script_xref(name:"URL", value:"http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.78");
  script_xref(name:"URL", value:"https://bugs.mageia.org/show_bug.cgi?id=21131");
  script_xref(name:"URL", value:"https://www.debian.org/security/2017/dsa-3892");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'tomcat' package(s) announced via the MGASA-2017-0196 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"Aniket Nandkishor Kulkarni discovered that in tomcat7, static error
pages used the original request's HTTP method to serve content, instead
of systematically using the GET method. This could under certain
conditions result in undesirable results, including the replacement or
removal of the custom error page (CVE-2017-5664).");

  script_tag(name:"affected", value:"'tomcat' package(s) on Mageia 5.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "MAGEIA5") {

  if(!isnull(res = isrpmvuln(pkg:"tomcat", rpm:"tomcat~7.0.78~1.mga5", rls:"MAGEIA5"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"tomcat-admin-webapps", rpm:"tomcat-admin-webapps~7.0.78~1.mga5", rls:"MAGEIA5"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"tomcat-docs-webapp", rpm:"tomcat-docs-webapp~7.0.78~1.mga5", rls:"MAGEIA5"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"tomcat-el-2.2-api", rpm:"tomcat-el-2.2-api~7.0.78~1.mga5", rls:"MAGEIA5"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"tomcat-javadoc", rpm:"tomcat-javadoc~7.0.78~1.mga5", rls:"MAGEIA5"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"tomcat-jsp-2.2-api", rpm:"tomcat-jsp-2.2-api~7.0.78~1.mga5", rls:"MAGEIA5"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"tomcat-jsvc", rpm:"tomcat-jsvc~7.0.78~1.mga5", rls:"MAGEIA5"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"tomcat-lib", rpm:"tomcat-lib~7.0.78~1.mga5", rls:"MAGEIA5"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"tomcat-servlet-3.0-api", rpm:"tomcat-servlet-3.0-api~7.0.78~1.mga5", rls:"MAGEIA5"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"tomcat-webapps", rpm:"tomcat-webapps~7.0.78~1.mga5", rls:"MAGEIA5"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
28 Jan 2022 00:00Current
8.0High risk
Vulners AI Score8.0
EPSS0.009
9
.json
Report