Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (c) 2017 Greenbone Networks GmbH http://greenbone.netOPENVAS:703787
HistoryFeb 13, 2017 - 12:00 a.m.

Debian Security Advisory DSA 3787-1 (tomcat7 - security update)

2017-02-1300:00:00
Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net
plugins.openvas.org
10

0.012 Low

EPSS

Percentile

83.8%

JSON

It was discovered that a programming
error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP
engine may result in denial of service via an infinite loop.

# OpenVAS Vulnerability Test
# $Id: deb_3787.nasl 8972 2018-02-28 07:02:10Z cfischer $
# Auto-generated from advisory DSA 3787-1 using nvtgen 1.0
# Script version: 1.0
#
# Author:
# Greenbone Networks
#
# Copyright:
# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net
# Text descriptions are largely excerpted from the referenced
# advisory, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#


if(description)
{
    script_id(703787);
    script_version("$Revision: 8972 $");
    script_cve_id("CVE-2017-6056");
    script_name("Debian Security Advisory DSA 3787-1 (tomcat7 - security update)");
    script_tag(name: "last_modification", value: "$Date: 2018-02-28 08:02:10 +0100 (Wed, 28 Feb 2018) $");
    script_tag(name: "creation_date", value: "2017-02-13 00:00:00 +0100 (Mon, 13 Feb 2017)");
    script_tag(name:"cvss_base", value:"5.0");
    script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");
    script_tag(name: "solution_type", value: "VendorFix");
    script_tag(name: "qod_type", value: "package");

    script_xref(name: "URL", value: "http://www.debian.org/security/2017/dsa-3787.html");

    script_category(ACT_GATHER_INFO);

    script_copyright("Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net");
    script_family("Debian Local Security Checks");
    script_dependencies("gather-package-list.nasl");
    script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages");
    script_tag(name: "affected",  value: "tomcat7 on Debian Linux");
    script_tag(name: "insight",   value: "Apache Tomcat implements the Java
Servlet and the JavaServer Pages (JSP) specifications from Sun Microsystems,
and provides a 'pure Java' HTTP web server environment for Java code to run.");
    script_tag(name: "solution",  value: "For the stable distribution (jessie),
this problem has been fixed in version 7.0.56-3+deb8u8.

We recommend that you upgrade your tomcat7 packages.");
    script_tag(name: "summary",   value: "It was discovered that a programming
error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP
engine may result in denial of service via an infinite loop.");
    script_tag(name: "vuldetect", value: "This check tests the installed software
version using the apt package manager.");
    exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-deb.inc");

res = "";
report = "";
if ((res = isdpkgvuln(pkg:"libservlet3.0-java", ver:"7.0.56-3+deb8u8", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"libservlet3.0-java-doc", ver:"7.0.56-3+deb8u8", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"libtomcat7-java", ver:"7.0.56-3+deb8u8", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"tomcat7", ver:"7.0.56-3+deb8u8", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"tomcat7-admin", ver:"7.0.56-3+deb8u8", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"tomcat7-common", ver:"7.0.56-3+deb8u8", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"tomcat7-docs", ver:"7.0.56-3+deb8u8", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"tomcat7-examples", ver:"7.0.56-3+deb8u8", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"tomcat7-user", ver:"7.0.56-3+deb8u8", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}

if (report != "") {
    security_message(data:report);
} else if (__pkg_match) {
    exit(99); # Not vulnerable.
}

Related

openvas 5
nessus 8
ibm 12
osv 3
debian 1
ubuntu 1
f5 1
cve 1
prion 1
debiancve 1
veracode 1
ubuntucve 1
redhat 5
oracle 1
openvas
openvas
Debian LTS: Security Advisory for tomcat7 (DLA-823-2)
2018-01-05 00:00:00
Debian Security Advisory DSA 3788-1 (tomcat8 - security update)
2017-02-13 00:00:00
Debian Security Advisory DSA 3788-1 (tomcat8 - security update)
2017-02-13 00:00:00
nessus
nessus
Debian DLA-823-2 : tomcat7 regression update
2017-02-15 00:00:00
Ubuntu 14.04 LTS : Tomcat vulnerability (USN-3204-1)
2017-02-21 00:00:00
Debian DSA-3788-1 : tomcat8 - security update
2017-02-14 00:00:00
ibm
ibm
Security Bulletin: A Vulnerability in Apache Tomcat affects the IBM FlashSystem models 840 and 900
2023-02-18 01:45:50
Security Bulletin: Security vulnerability has been identified in Jazz Reporting Service shipped with Rational Reporting for Development Intelligence (CVE-2017-6056)
2018-06-17 05:22:34
Security Bulletin: Security vulnerability has been identified in Jazz Reporting Service shipped with Rational Insight (CVE-2017-6056)
2018-06-17 05:22:34
osv
osv
tomcat7 - security update
2017-02-14 00:00:00
tomcat8 - security update
2017-02-13 00:00:00
tomcat7 - security update
2017-02-13 00:00:00
debian
debian
[SECURITY] [DLA 823-2] tomcat7 regression update
2017-02-22 19:52:46
ubuntu
ubuntu
Tomcat vulnerability
2017-02-20 00:00:00
f5
f5
K37337112 : Apache Tomcat vulnerability CVE-2017-6056
2017-03-06 00:00:00
cve
cve
CVE-2017-6056
2017-02-17 07:59:00
prion
prion
Design/Logic Flaw
2017-02-17 07:59:00
debiancve
debiancve
CVE-2017-6056
2017-02-17 07:59:00
veracode
veracode
Denial Of Service (DoS) Via Infinite Loop
2017-02-22 02:23:40
ubuntucve
ubuntucve
CVE-2017-6056
2017-02-13 00:00:00
redhat
redhat
(RHSA-2017:0828) Important: Red Hat JBoss Enterprise Application Platform 6.4.14 update on RHEL 7
2017-03-22 16:22:03
(RHSA-2017:0827) Important: Red Hat JBoss Enterprise Application Platform 6.4.14 update on RHEL 6
2017-03-22 16:21:44
(RHSA-2017:0826) Important: Red Hat JBoss Enterprise Application Platform 6.4.14 update on RHEL 5
2017-03-22 16:21:24
oracle
oracle
Oracle Critical Patch Update Advisory - October 2019
2020-01-22 00:00:00

0.012 Low

EPSS

Percentile

83.8%

JSON
Related for OPENVAS:703787
openvas5nessus8ibm12osv3debian1ubuntu1f51cve1prion1debiancve1veracode1ubuntucve1redhat5oracle1