ID OPENVAS:53322 Type openvas Reporter Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com Modified 2017-07-07T00:00:00
Description
The remote host is missing an update to tomcat
announced via advisory DSA 246-1.
# OpenVAS Vulnerability Test
# $Id: deb_246_1.nasl 6616 2017-07-07 12:10:49Z cfischer $
# Description: Auto-generated from advisory DSA 246-1
#
# Authors:
# Thomas Reinke <reinke@securityspace.com>
#
# Copyright:
# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com
# Text descriptions are largerly excerpted from the referenced
# advisory, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
include("revisions-lib.inc");
tag_insight = "The developers of tomcat discovered several problems in tomcat version
3.x. The Common Vulnerabilities and Exposures project identifies the
following problems:
. CVE-2003-0042: A maliciously crafted request could return a
directory listing even when an index.html, index.jsp, or other
welcome file is present. File contents can be returned as well.
. CVE-2003-0043: A malicious web application could read the contents
of some files outside the web application via its web.xml file in
spite of the presence of a security manager. The content of files
that can be read as part of an XML document would be accessible.
. CVE-2003-0044: A cross-site scripting vulnerability was discovered
in the included sample web application that allows remote attackers
to execute arbitrary script code.
For the stable distribution (woody) this problem has been fixed in
version 3.3a-4.1.
The old stable distribution (potato) does not contain tomcat packages.
For the unstable distribution (sid) this problem has been fixed in
version 3.3.1a-1.
We recommend that you upgrade your tomcat package.";
tag_summary = "The remote host is missing an update to tomcat
announced via advisory DSA 246-1.";
tag_solution = "https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20246-1";
if(description)
{
script_id(53322);
script_version("$Revision: 6616 $");
script_tag(name:"last_modification", value:"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $");
script_tag(name:"creation_date", value:"2008-01-17 22:28:10 +0100 (Thu, 17 Jan 2008)");
script_cve_id("CVE-2003-0042", "CVE-2003-0043", "CVE-2003-0044");
script_tag(name:"cvss_base", value:"6.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_name("Debian Security Advisory DSA 246-1 (tomcat)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com");
script_family("Debian Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages");
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "insight" , value : tag_insight);
script_tag(name : "summary" , value : tag_summary);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
#
# The script code starts here
#
include("pkg-lib-deb.inc");
res = "";
report = "";
if ((res = isdpkgvuln(pkg:"tomcat", ver:"3.3a-4woody1", rls:"DEB3.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"libapache-mod-jk", ver:"3.3a-4woody1", rls:"DEB3.0")) != NULL) {
report += res;
}
if (report != "") {
security_message(data:report);
} else if (__pkg_match) {
exit(99); # Not vulnerable.
}
{"href": "http://plugins.openvas.org/nasl.php?oid=53322", "history": [{"lastseen": "2017-07-02T21:10:19", "differentElements": ["modified", "sourceData"], "edition": 1, "bulletin": {"href": "http://plugins.openvas.org/nasl.php?oid=53322", "history": [], "naslFamily": "Debian Local Security Checks", "id": "OPENVAS:53322", "title": "Debian Security Advisory DSA 246-1 (tomcat)", "description": "The remote host is missing an update to tomcat\nannounced via advisory DSA 246-1.", "published": "2008-01-17T00:00:00", "type": "openvas", "bulletinFamily": "scanner", "hashmap": [{"key": "reporter", "hash": "bd0c646e06156cd71a2e5bbae48ef94c"}, {"key": "cvelist", "hash": "3ba44a2baa851eae001c8c3383c3a7c0"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "ba9cdd8965e544a8a430d3215490927d"}, {"key": "href", "hash": "495d923f899277fce9311d9ed190a35e"}, {"key": "description", "hash": "07d0d04276d56ffd66d6600d0148a4b2"}, {"key": "pluginID", "hash": "b63637a51d60e52ec1672de2e275ccb5"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}, {"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "sourceData", "hash": "d15535104b788e4d05146a109bbf781c"}, {"key": "cvss", "hash": "737e2591b537c46d1ca7ce6f0cea5cb9"}, {"key": "title", "hash": "fa93d54d9cf2fd3435e90f89ed900deb"}, {"key": "naslFamily", "hash": "74562d71b087df9eabd0c21f99b132cc"}, {"key": "published", "hash": "d50ef4187c812efcd7df8d6f70c1cb0e"}], "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_246_1.nasl 3939 2016-09-02 05:15:43Z teissa $\n# Description: Auto-generated from advisory DSA 246-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The developers of tomcat discovered several problems in tomcat version\n3.x. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n\n. CVE-2003-0042: A maliciously crafted request could return a\ndirectory listing even when an index.html, index.jsp, or other\nwelcome file is present. File contents can be returned as well.\n\n. CVE-2003-0043: A malicious web application could read the contents\nof some files outside the web application via its web.xml file in\nspite of the presence of a security manager. The content of files\nthat can be read as part of an XML document would be accessible.\n\n. CVE-2003-0044: A cross-site scripting vulnerability was discovered\nin the included sample web application that allows remote attackers\nto execute arbitrary script code.\n\nFor the stable distribution (woody) this problem has been fixed in\nversion 3.3a-4.1.\n\nThe old stable distribution (potato) does not contain tomcat packages.\n\nFor the unstable distribution (sid) this problem has been fixed in\nversion 3.3.1a-1.\n\nWe recommend that you upgrade your tomcat package.\";\ntag_summary = \"The remote host is missing an update to tomcat\nannounced via advisory DSA 246-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20246-1\";\n\nif(description)\n{\n script_id(53322);\n script_version(\"$Revision: 3939 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-02 07:15:43 +0200 (Fri, 02 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 22:28:10 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2003-0042\", \"CVE-2003-0043\", \"CVE-2003-0044\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 246-1 (tomcat)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"HostDetails/OS/cpe:/o:debian:debian_linux\", \"login/SSH/success\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"tomcat\", ver:\"3.3a-4woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapache-mod-jk\", ver:\"3.3a-4woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "pluginID": "53322", "hash": "483bc9a5cb90183cc26ce1050db42275507203477cd475ed15a6abfb9178fdbb", "modified": "2016-09-02T00:00:00", "edition": 1, "cvelist": ["CVE-2003-0042", "CVE-2003-0043", "CVE-2003-0044"], "lastseen": "2017-07-02T21:10:19", "viewCount": 0, "enchantments": {}, "reporter": "Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com", "objectVersion": "1.3", "references": []}}], "naslFamily": "Debian Local Security Checks", "id": "OPENVAS:53322", "reporter": "Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com", "published": "2008-01-17T00:00:00", "description": "The remote host is missing an update to tomcat\nannounced via advisory DSA 246-1.", "title": "Debian Security Advisory DSA 246-1 (tomcat)", "bulletinFamily": "scanner", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_246_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 246-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The developers of tomcat discovered several problems in tomcat version\n3.x. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n\n. CVE-2003-0042: A maliciously crafted request could return a\ndirectory listing even when an index.html, index.jsp, or other\nwelcome file is present. File contents can be returned as well.\n\n. CVE-2003-0043: A malicious web application could read the contents\nof some files outside the web application via its web.xml file in\nspite of the presence of a security manager. The content of files\nthat can be read as part of an XML document would be accessible.\n\n. CVE-2003-0044: A cross-site scripting vulnerability was discovered\nin the included sample web application that allows remote attackers\nto execute arbitrary script code.\n\nFor the stable distribution (woody) this problem has been fixed in\nversion 3.3a-4.1.\n\nThe old stable distribution (potato) does not contain tomcat packages.\n\nFor the unstable distribution (sid) this problem has been fixed in\nversion 3.3.1a-1.\n\nWe recommend that you upgrade your tomcat package.\";\ntag_summary = \"The remote host is missing an update to tomcat\nannounced via advisory DSA 246-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20246-1\";\n\nif(description)\n{\n script_id(53322);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 22:28:10 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2003-0042\", \"CVE-2003-0043\", \"CVE-2003-0044\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 246-1 (tomcat)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"tomcat\", ver:\"3.3a-4woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapache-mod-jk\", ver:\"3.3a-4woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "pluginID": "53322", "hash": "fd8f9c0e0744f86c24f22c3120e9399a5a4e53afdda4fed9d28007e640e1cf11", "references": [], "edition": 2, "cvelist": ["CVE-2003-0042", "CVE-2003-0043", "CVE-2003-0044"], "lastseen": "2017-07-24T12:50:07", "viewCount": 2, "enchantments": {"score": {"value": 4.3, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2003-0042", "CVE-2003-0043", "CVE-2003-0044"]}, {"type": "debian", "idList": ["DEBIAN:DSA-246-1:468CA"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310835152", "OPENVAS:835152", "OPENVAS:136141256231011438"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-246.NASL", "TOMCAT_DIRECTORY_LISTING_AND_FILE_DISCLOSURE.NASL", "TOMCAT_3_3_2.NASL"]}, {"type": "osvdb", "idList": ["OSVDB:12231", "OSVDB:9204", "OSVDB:9203", "OSVDB:12232"]}, {"type": "exploitdb", "idList": ["EDB-ID:22205"]}], "modified": "2017-07-24T12:50:07"}, "vulnersScore": 4.3}, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "3ba44a2baa851eae001c8c3383c3a7c0"}, {"key": "cvss", "hash": "737e2591b537c46d1ca7ce6f0cea5cb9"}, {"key": "description", "hash": "07d0d04276d56ffd66d6600d0148a4b2"}, {"key": "href", "hash": "495d923f899277fce9311d9ed190a35e"}, {"key": "modified", "hash": "d89cc672a6266551218ef8145d1f22e2"}, {"key": "naslFamily", "hash": "74562d71b087df9eabd0c21f99b132cc"}, {"key": "pluginID", "hash": "b63637a51d60e52ec1672de2e275ccb5"}, {"key": "published", "hash": "d50ef4187c812efcd7df8d6f70c1cb0e"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "bd0c646e06156cd71a2e5bbae48ef94c"}, {"key": "sourceData", "hash": "8faacf141cae18d9608da2187b48ab0a"}, {"key": "title", "hash": "fa93d54d9cf2fd3435e90f89ed900deb"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "objectVersion": "1.3", "modified": "2017-07-07T00:00:00"}
{"cve": [{"lastseen": "2017-10-10T10:34:54", "bulletinFamily": "NVD", "description": "Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, uses trusted privileges when processing the web.xml file, which could allow remote attackers to read portions of some files through the web.xml file.", "modified": "2017-10-09T21:30:13", "published": "2003-02-07T00:00:00", "id": "CVE-2003-0043", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0043", "title": "CVE-2003-0043", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-11T11:14:15", "bulletinFamily": "NVD", "description": "Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character.", "modified": "2017-07-10T21:29:27", "published": "2003-02-07T00:00:00", "id": "CVE-2003-0042", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0042", "title": "CVE-2003-0042", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-11T11:14:15", "bulletinFamily": "NVD", "description": "Multiple cross-site scripting (XSS) vulnerabilities in the (1) examples and (2) ROOT web applications for Jakarta Tomcat 3.x through 3.3.1a allow remote attackers to insert arbitrary web script or HTML.", "modified": "2017-07-10T21:29:27", "published": "2003-02-07T00:00:00", "id": "CVE-2003-0044", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0044", "title": "CVE-2003-0044", "type": "cve", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2017-07-24T12:56:29", "bulletinFamily": "scanner", "description": "Check for the Version of Tomcat", "modified": "2017-07-06T00:00:00", "published": "2009-05-05T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=835152", "id": "OPENVAS:835152", "title": "HP-UX Update for Tomcat HPSBUX00249", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for Tomcat HPSBUX00249\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Remote unauthorized access or execution of arbitrary code.\";\ntag_affected = \"Tomcat on\n HP-UX B.11.00, B.11.11, B.11.22 and B.11.23 running HP Tomcat version 3.3.1 \n or prior versions.\";\ntag_insight = \"A potential security vulnerability has been identifiedwith HP-UX running HP \n Tomcat v 3.3.1. This vulnerability may allow a remote user to gain \n unauthorized access or execution of arbitrary code.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00943079-1\");\n script_id(835152);\n script_version(\"$Revision: 6584 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 16:13:23 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 12:14:23 +0200 (Tue, 05 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"HPSBUX\", value: \"00249\");\n script_cve_id(\"CVE-2003-0042\", \"CVE-2003-0043\", \"CVE-2003-0044\");\n script_name( \"HP-UX Update for Tomcat HPSBUX00249\");\n\n script_summary(\"Check for the Version of Tomcat\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.00\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"ApacheStrong.TOMCAT\", revision:\"3.3.1a\", rls:\"HPUX11.00\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"HPApache.TOMCAT\", revision:\"A.1.0.10.01\", rls:\"HPUX11.00\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"HPApache.TOMCAT2\", revision:\"A.1.0.10.01\", rls:\"HPUX11.00\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsTOMCAT.TOMCAT\", revision:\"A.1.0.10.01\", rls:\"HPUX11.00\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsTOMCAT.TOMCAT2\", revision:\"A.1.0.10.01\", rls:\"HPUX11.00\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.22\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"ApacheStrong.TOMCAT\", revision:\"3.3.1a\", rls:\"HPUX11.22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"HPApache.TOMCAT\", revision:\"A.1.0.10.01\", rls:\"HPUX11.22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"HPApache.TOMCAT2\", revision:\"A.1.0.10.01\", rls:\"HPUX11.22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsTOMCAT.TOMCAT\", revision:\"A.1.0.10.01\", rls:\"HPUX11.22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsTOMCAT.TOMCAT2\", revision:\"A.1.0.10.01\", rls:\"HPUX11.22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.20\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"ApacheStrong.TOMCAT\", revision:\"3.3.1a\", rls:\"HPUX11.20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"ApacheStrong.TOMCAT\", revision:\"3.3.1a\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"HPApache.TOMCAT\", revision:\"A.1.0.10.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"HPApache.TOMCAT2\", revision:\"A.1.0.10.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsTOMCAT.TOMCAT\", revision:\"A.1.0.10.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsTOMCAT.TOMCAT2\", revision:\"A.1.0.10.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:39:43", "bulletinFamily": "scanner", "description": "Check for the Version of Tomcat", "modified": "2018-04-06T00:00:00", "published": "2009-05-05T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310835152", "id": "OPENVAS:1361412562310835152", "title": "HP-UX Update for Tomcat HPSBUX00249", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for Tomcat HPSBUX00249\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Remote unauthorized access or execution of arbitrary code.\";\ntag_affected = \"Tomcat on\n HP-UX B.11.00, B.11.11, B.11.22 and B.11.23 running HP Tomcat version 3.3.1 \n or prior versions.\";\ntag_insight = \"A potential security vulnerability has been identifiedwith HP-UX running HP \n Tomcat v 3.3.1. This vulnerability may allow a remote user to gain \n unauthorized access or execution of arbitrary code.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00943079-1\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.835152\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 12:14:23 +0200 (Tue, 05 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"HPSBUX\", value: \"00249\");\n script_cve_id(\"CVE-2003-0042\", \"CVE-2003-0043\", \"CVE-2003-0044\");\n script_name( \"HP-UX Update for Tomcat HPSBUX00249\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of Tomcat\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.00\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"ApacheStrong.TOMCAT\", revision:\"3.3.1a\", rls:\"HPUX11.00\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"HPApache.TOMCAT\", revision:\"A.1.0.10.01\", rls:\"HPUX11.00\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"HPApache.TOMCAT2\", revision:\"A.1.0.10.01\", rls:\"HPUX11.00\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsTOMCAT.TOMCAT\", revision:\"A.1.0.10.01\", rls:\"HPUX11.00\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsTOMCAT.TOMCAT2\", revision:\"A.1.0.10.01\", rls:\"HPUX11.00\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.22\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"ApacheStrong.TOMCAT\", revision:\"3.3.1a\", rls:\"HPUX11.22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"HPApache.TOMCAT\", revision:\"A.1.0.10.01\", rls:\"HPUX11.22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"HPApache.TOMCAT2\", revision:\"A.1.0.10.01\", rls:\"HPUX11.22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsTOMCAT.TOMCAT\", revision:\"A.1.0.10.01\", rls:\"HPUX11.22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsTOMCAT.TOMCAT2\", revision:\"A.1.0.10.01\", rls:\"HPUX11.22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.20\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"ApacheStrong.TOMCAT\", revision:\"3.3.1a\", rls:\"HPUX11.20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"ApacheStrong.TOMCAT\", revision:\"3.3.1a\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"HPApache.TOMCAT\", revision:\"A.1.0.10.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"HPApache.TOMCAT2\", revision:\"A.1.0.10.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsTOMCAT.TOMCAT\", revision:\"A.1.0.10.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsTOMCAT.TOMCAT2\", revision:\"A.1.0.10.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-13T12:20:48", "bulletinFamily": "scanner", "description": "Apache Tomcat (prior to 3.3.1a) is prone to a directory listing and file\n disclosure vulnerability, it allows remote attackers to potentially list\n directories even with an index.html or other file present, or obtain\n unprocessed source code for a JSP file.", "modified": "2019-05-10T00:00:00", "published": "2005-11-03T00:00:00", "id": "OPENVAS:136141256231011438", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231011438", "title": "Apache Tomcat Directory Listing and File disclosure", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apache Tomcat Directory Listing and File disclosure\n#\n# Authors:\n# Bekrar Chaouki - A.D.Consulting <bekrar@adconsulting.fr>\n#\n# Copyright:\n# Copyright (C) 2003 A.D.Consulting\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:tomcat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.11438\");\n script_version(\"2019-05-10T11:41:35+0000\");\n script_tag(name:\"last_modification\", value:\"2019-05-10 11:41:35 +0000 (Fri, 10 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_bugtraq_id(6721);\n script_cve_id(\"CVE-2003-0042\");\n script_name(\"Apache Tomcat Directory Listing and File disclosure\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"This script is Copyright (C) 2003 A.D.Consulting\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_apache_tomcat_consolidation.nasl\");\n script_require_ports(\"Services/www\", 8080);\n script_mandatory_keys(\"apache/tomcat/http/detected\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Tomcat 4.1.18 or newer version.\");\n\n script_tag(name:\"summary\", value:\"Apache Tomcat (prior to 3.3.1a) is prone to a directory listing and file\n disclosure vulnerability, it allows remote attackers to potentially list\n directories even with an index.html or other file present, or obtain\n unprocessed source code for a JSP file.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\ninclude(\"host_details.inc\");\n\nif( ! port = get_app_port( cpe:CPE, service:\"www\" ) ) exit( 0 );\nif( ! dir = get_app_location( cpe:CPE, port:port ) ) exit( 0 );\n\nres = http_get_cache( item:\"/\", port:port );\nif( ! res ) exit( 0 );\n\nif( ( \"Index of /\" >< res ) || ( \"Directory Listing\" >< res ) ) exit( 0 );\n\nreq = http_get( item:\"/<REPLACEME>.jsp\", port:port );\nreq = str_replace( string:req, find:\"<REPLACEME>\", replace:raw_string( 0 ) );\nres = http_keepalive_send_recv( port:port, data:req );\n\nif( isnull( res ) ) exit( 0 );\n\nif( ( \"Index of /\" >< res ) || ( \"Directory Listing\" >< res ) ) {\n security_message( port:port );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "debian": [{"lastseen": "2018-10-16T22:13:41", "bulletinFamily": "unix", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 246-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nJanuary 29th, 2003 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : tomcat\nVulnerability : information exposure, cross site scripting\nProblem-Type : remote\nDebian-specific: no\nCVE Id : CAN-2003-0042 CAN-2003-0043 CAN-2003-0044\n\nThe developers of tomcat discovered several problems in tomcat version\n3.x. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n\n . CAN-2003-0042: A maliciously crafted request could return a\n directory listing even when an index.html, index.jsp, or other\n welcome file is present. File contents can be returned as well.\n\n . CAN-2003-0043: A malicious web application could read the contents\n of some files outside the web application via its web.xml file in\n spite of the presence of a security manager. The content of files\n that can be read as part of an XML document would be accessible.\n\n . CAN-2003-0044: A cross-site scripting vulnerability was discovered\n in the included sample web application that allows remote attackers\n to execute arbitrary script code.\n\nFor the stable distribution (woody) this problem has been fixed in\nversion 3.3a-4.1.\n\nThe old stable distribution (potato) does not contain tomcat packages.\n\nFor the unstable distribution (sid) this problem has been fixed in\nversion 3.3.1a-1.\n\nWe recommend that you upgrade your tomcat package.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/contrib/t/tomcat/tomcat_3.3a-4woody1.dsc\n Size/MD5 checksum: 714 1c34b1fdedf90ea10531ed12a8c6ae0b\n http://security.debian.org/pool/updates/contrib/t/tomcat/tomcat_3.3a-4woody1.diff.gz\n Size/MD5 checksum: 15146 c58c7edd2df1a806b510068ab7a9a04f\n http://security.debian.org/pool/updates/contrib/t/tomcat/tomcat_3.3a.orig.tar.gz\n Size/MD5 checksum: 2087545 2df39325c7293ee11ae5547281ca1077\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/contrib/t/tomcat/tomcat_3.3a-4woody1_all.deb\n Size/MD5 checksum: 1196810 1ed6efa36586a8a3d3b527aeebbc4531\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/contrib/t/tomcat/libapache-mod-jk_3.3a-4woody1_i386.deb\n Size/MD5 checksum: 51522 1e11d6a43654fc6d921c8bc90ad15b4b\n\n\n These files will probably be moved into the stable distribution on\n its next revision.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n\n", "modified": "2003-01-29T00:00:00", "published": "2003-01-29T00:00:00", "id": "DEBIAN:DSA-246-1:468CA", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2003/msg00027.html", "title": "[SECURITY] [DSA 246-1] New tomcat packages fix information exposure and cross site scripting", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-02-21T01:08:09", "bulletinFamily": "scanner", "description": "The developers of tomcat discovered several problems in tomcat version 3.x. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CAN-2003-0042: A maliciously crafted request could return a directory listing even when an index.html, index.jsp, or other welcome file is present. File contents can be returned as well.\n - CAN-2003-0043: A malicious web application could read the contents of some files outside the web application via its web.xml file in spite of the presence of a security manager. The content of files that can be read as part of an XML document would be accessible.\n\n - CAN-2003-0044: A cross-site scripting vulnerability was discovered in the included sample web application that allows remote attackers to execute arbitrary script code.", "modified": "2018-08-09T00:00:00", "id": "DEBIAN_DSA-246.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=15083", "published": "2004-09-29T00:00:00", "title": "Debian DSA-246-1 : tomcat - information exposure, XSS", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-246. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(15083);\n script_version(\"1.23\");\n script_cvs_date(\"Date: 2018/08/09 17:06:36\");\n\n script_cve_id(\"CVE-2003-0042\", \"CVE-2003-0043\", \"CVE-2003-0044\");\n script_xref(name:\"DSA\", value:\"246\");\n\n script_name(english:\"Debian DSA-246-1 : tomcat - information exposure, XSS\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The developers of tomcat discovered several problems in tomcat version\n3.x. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems :\n\n - CAN-2003-0042: A maliciously crafted request could\n return a directory listing even when an index.html,\n index.jsp, or other welcome file is present. File\n contents can be returned as well.\n - CAN-2003-0043: A malicious web application could read\n the contents of some files outside the web application\n via its web.xml file in spite of the presence of a\n security manager. The content of files that can be read\n as part of an XML document would be accessible.\n\n - CAN-2003-0044: A cross-site scripting vulnerability was\n discovered in the included sample web application that\n allows remote attackers to execute arbitrary script\n code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2003/dsa-246\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the tomcat package.\n\nFor the stable distribution (woody) this problem has been fixed in\nversion 3.3a-4woody.1.\n\n\nThe old stable distribution (potato) does not contain tomcat packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2003/01/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/09/29\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2003/01/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.0\", prefix:\"libapache-mod-jk\", reference:\"3.3a-4woody1\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"tomcat\", reference:\"3.3a-4woody1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:07:47", "bulletinFamily": "scanner", "description": "Apache Tomcat (prior to 3.3.1a) is affected by a directory listing and file disclosure vulnerability.\n\nBy requesting URLs containing a null character, remote attackers can list directories even when an index.html or other file is present or obtain unprocessed source code for a JSP file.\n\nAlso note that, when deployed with JDK 1.3.1 or earlier, Tomcat allows files outside of the application directory to be accessed because 'web.xml' files are read with trusted privileges.", "modified": "2018-08-01T00:00:00", "id": "TOMCAT_DIRECTORY_LISTING_AND_FILE_DISCLOSURE.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=11438", "published": "2003-03-22T00:00:00", "title": "Apache Tomcat Directory Listing and File Disclosure", "type": "nessus", "sourceData": "#\n# written by Bekrar Chaouki - A.D.Consulting <bekrar@adconsulting.fr>\n#\n# Apache Tomcat Directory listing and file disclosure Vulnerabilities\n#\n\n# Changes by Tenable:\n# - Revised plugin title (12/28/10)\n# - Added banner check to prevent potential false positives against non-Tomcat\n# servers. (6/11/2015)\n\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(11438);\n script_version (\"1.30\");\n script_cvs_date(\"Date: 2018/08/01 17:36:12\");\n \n script_cve_id(\"CVE-2003-0042\", \"CVE-2003-0043\");\n script_bugtraq_id(6721, 6722);\n \n script_name(english:\"Apache Tomcat Directory Listing and File Disclosure\");\n script_summary(english:\"Apache Tomcat Directory listing and File Disclosure Bugs\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by an information disclosure\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"Apache Tomcat (prior to 3.3.1a) is affected by a directory listing and\nfile disclosure vulnerability.\n\nBy requesting URLs containing a null character, remote attackers can\nlist directories even when an index.html or other file is present or\nobtain unprocessed source code for a JSP file.\n\nAlso note that, when deployed with JDK 1.3.1 or earlier, Tomcat allows\nfiles outside of the application directory to be accessed because\n'web.xml' files are read with trusted privileges.\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Apache Tomcat version 4.1.18 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2003/03/22\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2003/01/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2003/03/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2003-2018 A.D.Consulting\");\n script_family(english:\"CGI abuses\");\n\n script_dependencies(\"tomcat_error_version.nasl\");\n script_require_ports(\"Services/www\", 8080);\n script_require_keys(\"installed_sw/Apache Tomcat\");\n\n exit(0);\n}\n\n#\n# Start\n#\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\ninclude(\"global_settings.inc\");\n\nport = get_http_port(default:8080);\n\nif(!get_port_state(port))\n exit(0, \"Port \" + port + \" is not open.\");\n\n# Unless we're paranoid, make sure the banner looks like Tomcat.\nif (report_paranoia < 2)\n{\n banner = get_http_banner(port:port);\n if(banner && \"Tomcat\" >!< banner && \"Coyote\" >!< banner) exit(0, \"The web server banner on port \" + port + \" is not Tomcat.\");\n}\n\nres = http_get_cache(item:\"/\", port:port);\nif( res == NULL ) exit(0, \"The Tomcat install listening on port \" + port + \" is not affected.\");\n\nif((\"Index of /\" >< res)||(\"Directory Listing\" >< res))\n exit(0, \"The Tomcat install listening on port \" + port + \" is not affected.\");\n\nreq = str_replace(string:http_get(item:\"/<REPLACEME>.jsp\", port:port),\n\t find:\"<REPLACEME>\",\n\t\t replace:raw_string(0));\n\nres = http_keepalive_send_recv(port:port, data:req);\n\nif ( res == NULL )\n exit(0, \"The Tomcat install listening on port \" + port + \" is not affected.\");\n\nif((\"Index of /\" >< res)||(\"Directory Listing\" >< res))\n security_warning(port:port, extra:'By sending a malformed request, we could obtain the following listing:\\n' + res);\nelse\n exit(0, \"The Tomcat install listening on port \" + port + \" is not affected.\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-02-21T01:14:04", "bulletinFamily": "scanner", "description": "According to its self-reported version number, the instance of Apache Tomcat 3.x listening on the remote host is prior to 3.3.2, It is, therefore, affected by multiple vulnerabilities.\n\nUnspecified cross-site scripting vulnerabilities exist in the 'ROOT' and example applications shipped with this version of Tomcat.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "modified": "2018-11-15T00:00:00", "id": "TOMCAT_3_3_2.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=50526", "published": "2010-11-09T00:00:00", "title": "Apache Tomcat 3.x < 3.3.2 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(50526);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2018/11/15 20:50:25\");\n\n script_cve_id(\"CVE-2003-0044\", \"CVE-2007-3384\");\n script_bugtraq_id(6720, 25174);\n\n script_name(english:\"Apache Tomcat 3.x < 3.3.2 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the Apache Tomcat version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apache Tomcat server is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the instance of Apache\nTomcat 3.x listening on the remote host is prior to 3.3.2, It is,\ntherefore, affected by multiple vulnerabilities.\n\nUnspecified cross-site scripting vulnerabilities exist in the 'ROOT'\nand example applications shipped with this version of Tomcat.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://tomcat.apache.org/security-3.html#Fixed_in_Apache_Tomcat_3.3.2\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/bugtraq/2007/Aug/19\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Apache Tomcat version 3.3.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2003/01/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"tomcat_error_version.nasl\");\n script_require_ports(\"Services/www\", 8080);\n script_require_keys(\"installed_sw/Apache Tomcat\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"tomcat_version.inc\");\n\ntomcat_check_version(fixed:\"3.3.2\", min:\"3.0.0\", severity:SECURITY_WARNING, xss:TRUE, granularity_regex:\"^3(\\.3)?$\");\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:07", "bulletinFamily": "software", "description": "## Vulnerability Description\nJakarta Tomcat contains a flaw that may lead to an unauthorized information disclosure. The issue is due to an error when using trusted privileges to process the web.xml file. This flaw may allow a remote attacker to use web.xml to read arbitrary files in the web server, resulting in a loss of confidentiality.\n## Solution Description\nUpgrade to version 3.3.1a or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nJakarta Tomcat contains a flaw that may lead to an unauthorized information disclosure. The issue is due to an error when using trusted privileges to process the web.xml file. This flaw may allow a remote attacker to use web.xml to read arbitrary files in the web server, resulting in a loss of confidentiality.\n## References:\nVendor URL: http://tomcat.apache.org/\nOther Advisory URL: http://www.debian.org/security/2003/dsa-246\nOther Advisory URL: http://www-1.ibm.com/services/continuity/recover1.nsf/mss/MSS-OAR-E01-2004.0932.1\nOther Advisory URL: http://www.securityfocus.com/advisories/5111\nISS X-Force ID: 11195\n[CVE-2003-0043](https://vulners.com/cve/CVE-2003-0043)\nBugtraq ID: 6722\n", "modified": "2003-01-25T00:00:00", "published": "2003-01-25T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:12231", "id": "OSVDB:12231", "type": "osvdb", "title": "Apache Tomcat web.xml Arbitrary File Access", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-04-28T13:20:04", "bulletinFamily": "software", "description": "## Vulnerability Description\nJakarta Tomcat contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate multiple variables in \"ROOT\" application. No further description is available. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nUpgrade to version 3.3.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nJakarta Tomcat contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate multiple variables in \"ROOT\" application. No further description is available. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## References:\nVendor URL: http://tomcat.apache.org/\nVendor URL: http://jakarta.apache.org/\n[Vendor Specific Advisory URL](http://www-1.ibm.com/services/continuity/recover1.nsf/mss/MSS-OAR-E01-2004.0932.1)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2003/dsa-246)\n[Related OSVDB ID: 9203](https://vulners.com/osvdb/OSVDB:9203)\nISS X-Force ID: 11196\n[CVE-2003-0044](https://vulners.com/cve/CVE-2003-0044)\nCIAC Advisory: n-060\nBugtraq ID: 6720\n", "modified": "2003-01-25T00:00:00", "published": "2003-01-25T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:9204", "id": "OSVDB:9204", "title": "Apache Tomcat ROOT Application XSS", "type": "osvdb", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:07", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nVendor URL: http://tomcat.apache.org/\nISS X-Force ID: 11194\n[CVE-2003-0042](https://vulners.com/cve/CVE-2003-0042)\nCIAC Advisory: n-060\nBugtraq ID: 6721\n", "modified": "2003-01-25T00:00:00", "published": "2003-01-25T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:12232", "id": "OSVDB:12232", "type": "osvdb", "title": "Apache Tomcat with JDK Arbitrary Directory/Source Disclosure", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-04-28T13:20:04", "bulletinFamily": "software", "description": "## Vulnerability Description\nJakarta Tomcat contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate multiple variables in examples applications. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nUpgrade to version 3.3.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nJakarta Tomcat contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate multiple variables in examples applications. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## References:\nVendor URL: http://tomcat.apache.org/\nVendor URL: http://jakarta.apache.org/\n[Vendor Specific Advisory URL](http://www-1.ibm.com/services/continuity/recover1.nsf/mss/MSS-OAR-E01-2004.0932.1)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2003/dsa-246)\n[Related OSVDB ID: 9204](https://vulners.com/osvdb/OSVDB:9204)\nISS X-Force ID: 11196\n[CVE-2003-0044](https://vulners.com/cve/CVE-2003-0044)\nCIAC Advisory: n-060\nBugtraq ID: 6720\n", "modified": "2003-01-25T00:00:00", "published": "2003-01-25T00:00:00", "id": "OSVDB:9203", "href": "https://vulners.com/osvdb/OSVDB:9203", "title": "Apache Tomcat examples Application XSS", "type": "osvdb", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-02-02T18:13:04", "bulletinFamily": "exploit", "description": "Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability. CVE-2003-0042 . Remote exploit for linux platform", "modified": "2003-01-26T00:00:00", "published": "2003-01-26T00:00:00", "id": "EDB-ID:22205", "href": "https://www.exploit-db.com/exploits/22205/", "type": "exploitdb", "title": "Apache Tomcat 3.x - Null Byte Directory/File Disclosure Vulnerability", "sourceData": "source: http://www.securityfocus.com/bid/6721/info\r\n\r\nApache Tomcat is prone to a directory/file disclosure vulnerability when used with JDK 1.3.1 or earlier.\r\n\r\nIt has been reported that remote attackers may view directory contents (even when an 'index.html' or other welcome file). It is also possible for remote attackers to disclose the contents of files.\r\n\r\nThis vulnerability is due to improper handling of null bytes (%00) and backslash ('\\') characters in requests for web resources.\r\n\r\nGET /<null byte>.jsp HTTP/1.0\r\n$ perl -e 'print \"GET /\\x00.jsp HTTP/1.0\\r\\n\\r\\n\";' | nc my.server 8080\r\n$ perl -e 'print \"GET /admin/WEB-INF\\\\classes/ContextAdmin.java\\x00.jsp HTTP/1.0\\r\\n\\r\\n\";'|nc my.server 8080\r\n$ perl -e 'print \"GET /examples/jsp/cal/cal1.jsp\\x00.html HTTP/1.0\\r\\n\\r\\n\";'|nc my.server 8080", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/22205/"}]}
