ID OPENVAS:871003 Type openvas Reporter Copyright (c) 2013 Greenbone Networks GmbH Modified 2018-02-05T00:00:00
Description
Check for the Version of tomcat5
###############################################################################
# OpenVAS Vulnerability Test
#
# RedHat Update for tomcat5 RHSA-2013:0870-01
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
include("revisions-lib.inc");
tag_insight = "Apache Tomcat is a servlet container for the Java Servlet and JavaServer
Pages (JSP) technologies.
A flaw was found in the way the tomcat5 init script handled the
catalina.out log file. A malicious web application deployed on Tomcat
could use this flaw to perform a symbolic link attack to change the
ownership of an arbitrary system file to that of the tomcat user, allowing
them to escalate their privileges to root. (CVE-2013-1976)
Note: With this update, /var/log/tomcat5/catalina.out has been moved to the
/var/log/tomcat5-initd.log file.
Red Hat would like to thank Simon Fayer of Imperial College London for
reporting this issue.
Users of Tomcat are advised to upgrade to these updated packages, which
correct this issue. Tomcat must be restarted for this update to take
effect.";
tag_affected = "tomcat5 on Red Hat Enterprise Linux (v. 5 server)";
tag_solution = "Please Install the Updated Packages.";
if(description)
{
script_id(871003);
script_version("$Revision: 8672 $");
script_tag(name:"last_modification", value:"$Date: 2018-02-05 17:39:18 +0100 (Mon, 05 Feb 2018) $");
script_tag(name:"creation_date", value:"2013-05-31 09:50:36 +0530 (Fri, 31 May 2013)");
script_cve_id("CVE-2013-1976");
script_tag(name:"cvss_base", value:"6.9");
script_tag(name:"cvss_base_vector", value:"AV:L/AC:M/Au:N/C:C/I:C/A:C");
script_name("RedHat Update for tomcat5 RHSA-2013:0870-01");
script_xref(name: "RHSA", value: "2013:0870-01");
script_xref(name: "URL" , value: "https://www.redhat.com/archives/rhsa-announce/2013-May/msg00030.html");
script_tag(name: "summary" , value: "Check for the Version of tomcat5");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2013 Greenbone Networks GmbH");
script_family("Red Hat Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/rhel", "ssh/login/rpms");
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "insight" , value : tag_insight);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("pkg-lib-rpm.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "RHENT_5")
{
if ((res = isrpmvuln(pkg:"tomcat5", rpm:"tomcat5~5.5.23~0jpp.40.el5_9", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"tomcat5-admin-webapps", rpm:"tomcat5-admin-webapps~5.5.23~0jpp.40.el5_9", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"tomcat5-common-lib", rpm:"tomcat5-common-lib~5.5.23~0jpp.40.el5_9", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"tomcat5-debuginfo", rpm:"tomcat5-debuginfo~5.5.23~0jpp.40.el5_9", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"tomcat5-jasper", rpm:"tomcat5-jasper~5.5.23~0jpp.40.el5_9", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"tomcat5-jasper-javadoc", rpm:"tomcat5-jasper-javadoc~5.5.23~0jpp.40.el5_9", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"tomcat5-jsp", rpm:"tomcat5-jsp~2.0~api~5.5.23~0jpp.40.el5_9", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"tomcat5-jsp", rpm:"tomcat5-jsp~2.0~api~javadoc~5.5.23~0jpp.40.el5_9", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"tomcat5-server-lib", rpm:"tomcat5-server-lib~5.5.23~0jpp.40.el5_9", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"tomcat5-servlet", rpm:"tomcat5-servlet~2.4~api~5.5.23~0jpp.40.el5_9", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"tomcat5-servlet", rpm:"tomcat5-servlet~2.4~api~javadoc~5.5.23~0jpp.40.el5_9", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"tomcat5-webapps", rpm:"tomcat5-webapps~5.5.23~0jpp.40.el5_9", rls:"RHENT_5")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
{"id": "OPENVAS:871003", "type": "openvas", "bulletinFamily": "scanner", "title": "RedHat Update for tomcat5 RHSA-2013:0870-01", "description": "Check for the Version of tomcat5", "published": "2013-05-31T00:00:00", "modified": "2018-02-05T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=871003", "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "references": ["https://www.redhat.com/archives/rhsa-announce/2013-May/msg00030.html", "2013:0870-01"], "cvelist": ["CVE-2013-1976"], "lastseen": "2018-02-06T13:09:41", "viewCount": 2, "enchantments": {"score": {"value": 5.7, "vector": "NONE", "modified": "2018-02-06T13:09:41", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2013-1976"]}, {"type": "seebug", "idList": ["SSV:60813"]}, {"type": "openvas", "idList": ["OPENVAS:881741", "OPENVAS:1361412562310881740", "OPENVAS:1361412562310871003", "OPENVAS:1361412562310871000", "OPENVAS:1361412562310123619", "OPENVAS:881740", "OPENVAS:1361412562310123618", "OPENVAS:1361412562310881741", "OPENVAS:871000", "OPENVAS:1361412562310120087"]}, {"type": "centos", "idList": ["CESA-2013:0869", "CESA-2013:0870"]}, {"type": "amazon", "idList": ["ALAS-2013-196"]}, {"type": "oraclelinux", "idList": ["ELSA-2013-0869", "ELSA-2013-0870"]}, {"type": "redhat", "idList": ["RHSA-2013:0872", "RHSA-2013:0870", "RHSA-2013:0871", "RHSA-2013:0869"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2013-0870.NASL", "REDHAT-RHSA-2013-0872.NASL", "SUSE_11_TOMCAT6-130802.NASL", "OPENSUSE-2013-632.NASL", "REDHAT-RHSA-2013-0870.NASL", "CENTOS_RHSA-2013-0869.NASL", "REDHAT-RHSA-2013-0871.NASL", "ORACLELINUX_ELSA-2013-0870.NASL", "SL_20130528_TOMCAT5_ON_SL5_X.NASL", "ALA_ALAS-2013-196.NASL"]}], "modified": "2018-02-06T13:09:41", "rev": 2}, "vulnersScore": 5.7}, "pluginID": "871003", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for tomcat5 RHSA-2013:0870-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Apache Tomcat is a servlet container for the Java Servlet and JavaServer\n Pages (JSP) technologies.\n\n A flaw was found in the way the tomcat5 init script handled the\n catalina.out log file. A malicious web application deployed on Tomcat\n could use this flaw to perform a symbolic link attack to change the\n ownership of an arbitrary system file to that of the tomcat user, allowing\n them to escalate their privileges to root. (CVE-2013-1976)\n\n Note: With this update, /var/log/tomcat5/catalina.out has been moved to the\n /var/log/tomcat5-initd.log file.\n\n Red Hat would like to thank Simon Fayer of Imperial College London for\n reporting this issue.\n\n Users of Tomcat are advised to upgrade to these updated packages, which\n correct this issue. Tomcat must be restarted for this update to take\n effect.\";\n\n\ntag_affected = \"tomcat5 on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(871003);\n script_version(\"$Revision: 8672 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-02-05 17:39:18 +0100 (Mon, 05 Feb 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-05-31 09:50:36 +0530 (Fri, 31 May 2013)\");\n script_cve_id(\"CVE-2013-1976\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Update for tomcat5 RHSA-2013:0870-01\");\n\n script_xref(name: \"RHSA\", value: \"2013:0870-01\");\n script_xref(name: \"URL\" , value: \"https://www.redhat.com/archives/rhsa-announce/2013-May/msg00030.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of tomcat5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.23~0jpp.40.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.23~0jpp.40.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.23~0jpp.40.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-debuginfo\", rpm:\"tomcat5-debuginfo~5.5.23~0jpp.40.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.23~0jpp.40.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.23~0jpp.40.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp\", rpm:\"tomcat5-jsp~2.0~api~5.5.23~0jpp.40.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp\", rpm:\"tomcat5-jsp~2.0~api~javadoc~5.5.23~0jpp.40.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.23~0jpp.40.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet\", rpm:\"tomcat5-servlet~2.4~api~5.5.23~0jpp.40.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet\", rpm:\"tomcat5-servlet~2.4~api~javadoc~5.5.23~0jpp.40.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.23~0jpp.40.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "naslFamily": "Red Hat Local Security Checks"}
{"cve": [{"lastseen": "2020-10-03T12:45:58", "description": "The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership of arbitrary files via a symlink attack on (a) tomcat5-initd.log, (b) tomcat6-initd.log, (c) catalina.out, or (d) tomcat7-initd.log.", "edition": 3, "cvss3": {}, "published": "2013-07-09T17:55:00", "title": "CVE-2013-1976", "type": "cve", "cwe": ["CWE-59"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1976"], "modified": "2019-04-22T17:48:00", "cpe": ["cpe:/o:redhat:enterprise_linux:5", "cpe:/a:redhat:jboss_enterprise_web_server:2.0.0", "cpe:/o:redhat:enterprise_linux:6.0", "cpe:/a:redhat:jboss_enterprise_web_server:1.0.2"], "id": "CVE-2013-1976", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1976", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:redhat:jboss_enterprise_web_server:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:jboss_enterprise_web_server:2.0.0:*:*:*:*:*:*:*"]}], "seebug": [{"lastseen": "2017-11-19T17:53:18", "description": "BUGTRAQ ID: 60186\r\nCVE(CAN) ID: CVE-2013-1976\r\n\r\nApache Tomcat\u662f\u4e00\u4e2a\u6d41\u884c\u7684\u5f00\u6e90JSP\u5e94\u7528\u670d\u52a1\u5668\u7a0b\u5e8f\u3002\r\n\r\nApache Tomcat\u670d\u52a1\u4e2dinit\u811a\u672c\u5728\u7ba1\u7406Tomcat\u65e5\u5fd7\u6587\u4ef6\u65f6\u5b58\u5728\u6f0f\u6d1e\uff0c\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff0c\u6216\u8005\u901a\u8fc7\u5bf9Tomcat\u65e5\u5fd7\u6587\u4ef6\u7684\u7b26\u53f7\u94fe\u63a5\u653b\u51fb\uff0c\u4ee5\u7279\u6743\u7cfb\u7edf\u7528\u6237\u6743\u9650\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n0\r\nApache Group Tomcat\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nApache Group\r\n------------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://jakarta.apache.org/tomcat/index.html", "published": "2013-05-30T00:00:00", "type": "seebug", "title": "Apache Tomcat \u4e0d\u5b89\u5168\u4e34\u65f6\u6587\u4ef6\u5904\u7406\u6f0f\u6d1e(CVE-2013-1976)", "bulletinFamily": "exploit", "cvelist": ["CVE-2013-1976"], "modified": "2013-05-30T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-60813", "id": "SSV:60813", "sourceData": "", "sourceHref": "", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2020-03-17T23:01:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1976"], "description": "The remote host is missing an update announced via the referenced Security Advisory.", "modified": "2020-03-13T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120087", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120087", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2013-196)", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120087\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:17:08 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2013-196)\");\n script_tag(name:\"insight\", value:\"The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership of arbitrary files via a symlink attack on (a) tomcat5-initd.log, (b) tomcat6-initd.log, (c) catalina.out, or (d) tomcat7-initd.log.\");\n script_tag(name:\"solution\", value:\"Run yum update tomcat6 to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2013-196.html\");\n script_cve_id(\"CVE-2013-1976\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"tomcat6-admin-webapps\", rpm:\"tomcat6-admin-webapps~6.0.37~1.1.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat6-webapps\", rpm:\"tomcat6-webapps~6.0.37~1.1.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat6-el-2.1-api\", rpm:\"tomcat6-el-2.1-api~6.0.37~1.1.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.37~1.1.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat6-lib\", rpm:\"tomcat6-lib~6.0.37~1.1.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat6-servlet-2.5-api\", rpm:\"tomcat6-servlet-2.5-api~6.0.37~1.1.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat6-javadoc\", rpm:\"tomcat6-javadoc~6.0.37~1.1.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat6-jsp-2.1-api\", rpm:\"tomcat6-jsp-2.1-api~6.0.37~1.1.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat6-docs-webapp\", rpm:\"tomcat6-docs-webapp~6.0.37~1.1.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.37~1.1.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-14T18:59:15", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1976"], "description": "Oracle Linux Local Security Checks ELSA-2013-0870", "modified": "2020-03-13T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123618", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123618", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2013-0870", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123618\");\n script_version(\"2020-03-13T10:06:41+0000\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:06:21 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 10:06:41 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Oracle Linux Local Check: ELSA-2013-0870\");\n script_tag(name:\"insight\", value:\"ELSA-2013-0870 - tomcat5 security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2013-0870\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2013-0870.html\");\n script_cve_id(\"CVE-2013-1976\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.23~0jpp.40.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.23~0jpp.40.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.23~0jpp.40.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.23~0jpp.40.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.23~0jpp.40.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.23~0jpp.40.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.23~0jpp.40.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.23~0jpp.40.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.23~0jpp.40.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.23~0jpp.40.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.23~0jpp.40.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-14T19:02:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1976"], "description": "The remote host is missing an update for the ", "modified": "2020-03-13T00:00:00", "published": "2013-05-31T00:00:00", "id": "OPENVAS:1361412562310871003", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871003", "type": "openvas", "title": "RedHat Update for tomcat5 RHSA-2013:0870-01", "sourceData": "# Copyright (C) 2013 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871003\");\n script_version(\"2020-03-13T10:06:41+0000\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 10:06:41 +0000 (Fri, 13 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2013-05-31 09:50:36 +0530 (Fri, 31 May 2013)\");\n script_cve_id(\"CVE-2013-1976\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Update for tomcat5 RHSA-2013:0870-01\");\n\n script_xref(name:\"RHSA\", value:\"2013:0870-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2013-May/msg00030.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat5'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n script_tag(name:\"affected\", value:\"tomcat5 on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Apache Tomcat is a servlet container for the Java Servlet and JavaServer\n Pages (JSP) technologies.\n\n A flaw was found in the way the tomcat5 init script handled the\n catalina.out log file. A malicious web application deployed on Tomcat\n could use this flaw to perform a symbolic link attack to change the\n ownership of an arbitrary system file to that of the tomcat user, allowing\n them to escalate their privileges to root. (CVE-2013-1976)\n\n Note: With this update, /var/log/tomcat5/catalina.out has been moved to the\n /var/log/tomcat5-initd.log file.\n\n Red Hat would like to thank Simon Fayer of Imperial College London for\n reporting this issue.\n\n Users of Tomcat are advised to upgrade to these updated packages, which\n correct this issue. Tomcat must be restarted for this update to take\n effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.23~0jpp.40.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.23~0jpp.40.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.23~0jpp.40.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-debuginfo\", rpm:\"tomcat5-debuginfo~5.5.23~0jpp.40.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.23~0jpp.40.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.23~0jpp.40.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.23~0jpp.40.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.23~0jpp.40.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.23~0jpp.40.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.23~0jpp.40.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.23~0jpp.40.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.23~0jpp.40.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-25T10:51:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1976"], "description": "Check for the Version of tomcat5", "modified": "2017-07-10T00:00:00", "published": "2013-05-31T00:00:00", "id": "OPENVAS:881740", "href": "http://plugins.openvas.org/nasl.php?oid=881740", "type": "openvas", "title": "CentOS Update for tomcat5 CESA-2013:0870 centos5 ", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for tomcat5 CESA-2013:0870 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Apache Tomcat is a servlet container for the Java Servlet and JavaServer\n Pages (JSP) technologies.\n\n A flaw was found in the way the tomcat5 init script handled the\n catalina.out log file. A malicious web application deployed on Tomcat\n could use this flaw to perform a symbolic link attack to change the\n ownership of an arbitrary system file to that of the tomcat user, allowing\n them to escalate their privileges to root. (CVE-2013-1976)\n\n Note: With this update, /var/log/tomcat5/catalina.out has been moved to the\n /var/log/tomcat5-initd.log file.\n\n Red Hat would like to thank Simon Fayer of Imperial College London for\n reporting this issue.\n\n Users of Tomcat are advised to upgrade to these updated packages, which\n correct this issue. Tomcat must be restarted for this update to take\n effect.\";\n\n\ntag_affected = \"tomcat5 on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(881740);\n script_version(\"$Revision: 6655 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:48:58 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-05-31 09:51:25 +0530 (Fri, 31 May 2013)\");\n script_cve_id(\"CVE-2013-1976\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Update for tomcat5 CESA-2013:0870 centos5 \");\n\n script_xref(name: \"CESA\", value: \"2013:0870\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2013-May/019748.html\");\n script_summary(\"Check for the Version of tomcat5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.23~0jpp.40.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.23~0jpp.40.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.23~0jpp.40.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.23~0jpp.40.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.23~0jpp.40.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n ## Updated package name for tomcat5-jsp\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.23~0jpp.40.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.23~0jpp.40.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.23~0jpp.40.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n ## Updated package name form tomcat5-servlet\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.23~0jpp.40.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.23~0jpp.40.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.23~0jpp.40.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:37:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1976"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-05-31T00:00:00", "id": "OPENVAS:1361412562310881740", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881740", "type": "openvas", "title": "CentOS Update for tomcat5 CESA-2013:0870 centos5", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for tomcat5 CESA-2013:0870 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.881740\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-05-31 09:51:25 +0530 (Fri, 31 May 2013)\");\n script_cve_id(\"CVE-2013-1976\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Update for tomcat5 CESA-2013:0870 centos5\");\n\n script_xref(name:\"CESA\", value:\"2013:0870\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2013-May/019748.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat5'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"tomcat5 on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"Apache Tomcat is a servlet container for the Java Servlet and JavaServer\n Pages (JSP) technologies.\n\n A flaw was found in the way the tomcat5 init script handled the\n catalina.out log file. A malicious web application deployed on Tomcat\n could use this flaw to perform a symbolic link attack to change the\n ownership of an arbitrary system file to that of the tomcat user, allowing\n them to escalate their privileges to root. (CVE-2013-1976)\n\n Note: With this update, /var/log/tomcat5/catalina.out has been moved to the\n /var/log/tomcat5-initd.log file.\n\n Red Hat would like to thank Simon Fayer of Imperial College London for\n reporting this issue.\n\n Users of Tomcat are advised to upgrade to these updated packages, which\n correct this issue. Tomcat must be restarted for this update to take\n effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat5\", rpm:\"tomcat5~5.5.23~0jpp.40.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-admin-webapps\", rpm:\"tomcat5-admin-webapps~5.5.23~0jpp.40.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-common-lib\", rpm:\"tomcat5-common-lib~5.5.23~0jpp.40.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper\", rpm:\"tomcat5-jasper~5.5.23~0jpp.40.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jasper-javadoc\", rpm:\"tomcat5-jasper-javadoc~5.5.23~0jpp.40.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n ## Updated package name for tomcat5-jsp\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api\", rpm:\"tomcat5-jsp-2.0-api~5.5.23~0jpp.40.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-jsp-2.0-api-javadoc\", rpm:\"tomcat5-jsp-2.0-api-javadoc~5.5.23~0jpp.40.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-server-lib\", rpm:\"tomcat5-server-lib~5.5.23~0jpp.40.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n ## Updated package name form tomcat5-servlet\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api\", rpm:\"tomcat5-servlet-2.4-api~5.5.23~0jpp.40.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-servlet-2.4-api-javadoc\", rpm:\"tomcat5-servlet-2.4-api-javadoc~5.5.23~0jpp.40.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat5-webapps\", rpm:\"tomcat5-webapps~5.5.23~0jpp.40.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-14T19:00:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1976", "CVE-2013-2051"], "description": "Oracle Linux Local Security Checks ELSA-2013-0869", "modified": "2020-03-13T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123619", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123619", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2013-0869", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123619\");\n script_version(\"2020-03-13T10:06:41+0000\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:06:21 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 10:06:41 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Oracle Linux Local Check: ELSA-2013-0869\");\n script_tag(name:\"insight\", value:\"ELSA-2013-0869 - tomcat6 security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2013-0869\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2013-0869.html\");\n script_cve_id(\"CVE-2013-1976\", \"CVE-2013-2051\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.24~55.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat6-admin-webapps\", rpm:\"tomcat6-admin-webapps~6.0.24~55.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat6-docs-webapp\", rpm:\"tomcat6-docs-webapp~6.0.24~55.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat6-el-2.1-api\", rpm:\"tomcat6-el-2.1-api~6.0.24~55.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat6-javadoc\", rpm:\"tomcat6-javadoc~6.0.24~55.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat6-jsp-2.1-api\", rpm:\"tomcat6-jsp-2.1-api~6.0.24~55.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat6-lib\", rpm:\"tomcat6-lib~6.0.24~55.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat6-servlet-2.5-api\", rpm:\"tomcat6-servlet-2.5-api~6.0.24~55.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tomcat6-webapps\", rpm:\"tomcat6-webapps~6.0.24~55.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-25T10:51:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5887", "CVE-2013-1976", "CVE-2013-2051"], "description": "Check for the Version of tomcat6", "modified": "2017-07-10T00:00:00", "published": "2013-05-31T00:00:00", "id": "OPENVAS:881741", "href": "http://plugins.openvas.org/nasl.php?oid=881741", "type": "openvas", "title": "CentOS Update for tomcat6 CESA-2013:0869 centos6 ", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for tomcat6 CESA-2013:0869 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Apache Tomcat is a servlet container for the Java Servlet and JavaServer\n Pages (JSP) technologies.\n\n A flaw was found in the way the tomcat6 init script handled the\n tomcat6-initd.log log file. A malicious web application deployed on Tomcat\n could use this flaw to perform a symbolic link attack to change the\n ownership of an arbitrary system file to that of the tomcat user, allowing\n them to escalate their privileges to root. (CVE-2013-1976)\n\n Note: With this update, tomcat6-initd.log has been moved from\n /var/log/tomcat6/ to the /var/log/ directory.\n\n It was found that the RHSA-2013:0623 update did not correctly fix\n CVE-2012-5887, a weakness in the Tomcat DIGEST authentication\n implementation. A remote attacker could use this flaw to perform replay\n attacks in some circumstances. Additionally, this problem also prevented\n users from being able to authenticate using DIGEST authentication.\n (CVE-2013-2051)\n\n Red Hat would like to thank Simon Fayer of Imperial College London for\n reporting the CVE-2013-1976 issue.\n\n Users of Tomcat are advised to upgrade to these updated packages, which\n correct these issues. Tomcat must be restarted for this update to take\n effect.\";\n\n\ntag_affected = \"tomcat6 on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(881741);\n script_version(\"$Revision: 6655 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:48:58 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-05-31 09:51:29 +0530 (Fri, 31 May 2013)\");\n script_cve_id(\"CVE-2013-1976\", \"CVE-2013-2051\", \"CVE-2012-5887\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Update for tomcat6 CESA-2013:0869 centos6 \");\n\n script_xref(name: \"CESA\", value: \"2013:0869\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2013-May/019750.html\");\n script_summary(\"Check for the Version of tomcat6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.24~55.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-admin-webapps\", rpm:\"tomcat6-admin-webapps~6.0.24~55.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-docs-webapp\", rpm:\"tomcat6-docs-webapp~6.0.24~55.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-el-2.1-api\", rpm:\"tomcat6-el-2.1-api~6.0.24~55.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-javadoc\", rpm:\"tomcat6-javadoc~6.0.24~55.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n ## Updated package name\n if ((res = isrpmvuln(pkg:\"tomcat6-jsp-2.1-api\", rpm:\"tomcat6-jsp-2.1-api~6.0.24~55.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-lib\", rpm:\"tomcat6-lib~6.0.24~55.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n ## Updated package name\n if ((res = isrpmvuln(pkg:\"tomcat6-servlet-2.5-api\", rpm:\"tomcat6-servlet-2.5-api~6.0.24~55.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-webapps\", rpm:\"tomcat6-webapps~6.0.24~55.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-03-14T19:03:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5887", "CVE-2013-1976", "CVE-2013-2051"], "description": "The remote host is missing an update for the ", "modified": "2020-03-13T00:00:00", "published": "2013-05-31T00:00:00", "id": "OPENVAS:1361412562310871000", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871000", "type": "openvas", "title": "RedHat Update for tomcat6 RHSA-2013:0869-01", "sourceData": "# Copyright (C) 2013 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871000\");\n script_version(\"2020-03-13T10:06:41+0000\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 10:06:41 +0000 (Fri, 13 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2013-05-31 09:50:18 +0530 (Fri, 31 May 2013)\");\n script_cve_id(\"CVE-2013-1976\", \"CVE-2013-2051\", \"CVE-2012-5887\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Update for tomcat6 RHSA-2013:0869-01\");\n\n script_xref(name:\"RHSA\", value:\"2013:0869-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2013-May/msg00029.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat6'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n script_tag(name:\"affected\", value:\"tomcat6 on Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Apache Tomcat is a servlet container for the Java Servlet and JavaServer\n Pages (JSP) technologies.\n\n A flaw was found in the way the tomcat6 init script handled the\n tomcat6-initd.log log file. A malicious web application deployed on Tomcat\n could use this flaw to perform a symbolic link attack to change the\n ownership of an arbitrary system file to that of the tomcat user, allowing\n them to escalate their privileges to root. (CVE-2013-1976)\n\n Note: With this update, tomcat6-initd.log has been moved from\n /var/log/tomcat6/ to the /var/log/ directory.\n\n It was found that the RHSA-2013:0623 update did not correctly fix\n CVE-2012-5887, a weakness in the Tomcat DIGEST authentication\n implementation. A remote attacker could use this flaw to perform replay\n attacks in some circumstances. Additionally, this problem also prevented\n users from being able to authenticate using DIGEST authentication.\n (CVE-2013-2051)\n\n Red Hat would like to thank Simon Fayer of Imperial College London for\n reporting the CVE-2013-1976 issue.\n\n Users of Tomcat are advised to upgrade to these updated packages, which\n correct these issues. Tomcat must be restarted for this update to take\n effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.24~55.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-el-2.1-api\", rpm:\"tomcat6-el-2.1-api~6.0.24~55.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-jsp-2.1-api\", rpm:\"tomcat6-jsp-2.1-api~6.0.24~55.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-lib\", rpm:\"tomcat6-lib~6.0.24~55.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-servlet-2.5-api\", rpm:\"tomcat6-servlet-2.5-api~6.0.24~55.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5887", "CVE-2013-1976", "CVE-2013-2051"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-05-31T00:00:00", "id": "OPENVAS:1361412562310881741", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881741", "type": "openvas", "title": "CentOS Update for tomcat6 CESA-2013:0869 centos6", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for tomcat6 CESA-2013:0869 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.881741\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-05-31 09:51:29 +0530 (Fri, 31 May 2013)\");\n script_cve_id(\"CVE-2013-1976\", \"CVE-2013-2051\", \"CVE-2012-5887\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Update for tomcat6 CESA-2013:0869 centos6\");\n\n script_xref(name:\"CESA\", value:\"2013:0869\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2013-May/019750.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat6'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n script_tag(name:\"affected\", value:\"tomcat6 on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"Apache Tomcat is a servlet container for the Java Servlet and JavaServer\n Pages (JSP) technologies.\n\n A flaw was found in the way the tomcat6 init script handled the\n tomcat6-initd.log log file. A malicious web application deployed on Tomcat\n could use this flaw to perform a symbolic link attack to change the\n ownership of an arbitrary system file to that of the tomcat user, allowing\n them to escalate their privileges to root. (CVE-2013-1976)\n\n Note: With this update, tomcat6-initd.log has been moved from\n /var/log/tomcat6/ to the /var/log/ directory.\n\n It was found that the RHSA-2013:0623 update did not correctly fix\n CVE-2012-5887, a weakness in the Tomcat DIGEST authentication\n implementation. A remote attacker could use this flaw to perform replay\n attacks in some circumstances. Additionally, this problem also prevented\n users from being able to authenticate using DIGEST authentication.\n (CVE-2013-2051)\n\n Red Hat would like to thank Simon Fayer of Imperial College London for\n reporting the CVE-2013-1976 issue.\n\n Users of Tomcat are advised to upgrade to these updated packages, which\n correct these issues. Tomcat must be restarted for this update to take\n effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.24~55.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-admin-webapps\", rpm:\"tomcat6-admin-webapps~6.0.24~55.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-docs-webapp\", rpm:\"tomcat6-docs-webapp~6.0.24~55.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-el-2.1-api\", rpm:\"tomcat6-el-2.1-api~6.0.24~55.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-javadoc\", rpm:\"tomcat6-javadoc~6.0.24~55.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n ## Updated package name\n if ((res = isrpmvuln(pkg:\"tomcat6-jsp-2.1-api\", rpm:\"tomcat6-jsp-2.1-api~6.0.24~55.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-lib\", rpm:\"tomcat6-lib~6.0.24~55.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n ## Updated package name\n if ((res = isrpmvuln(pkg:\"tomcat6-servlet-2.5-api\", rpm:\"tomcat6-servlet-2.5-api~6.0.24~55.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-webapps\", rpm:\"tomcat6-webapps~6.0.24~55.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-18T11:09:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5887", "CVE-2013-1976", "CVE-2013-2051"], "description": "Check for the Version of tomcat6", "modified": "2018-01-17T00:00:00", "published": "2013-05-31T00:00:00", "id": "OPENVAS:871000", "href": "http://plugins.openvas.org/nasl.php?oid=871000", "type": "openvas", "title": "RedHat Update for tomcat6 RHSA-2013:0869-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for tomcat6 RHSA-2013:0869-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Apache Tomcat is a servlet container for the Java Servlet and JavaServer\n Pages (JSP) technologies.\n\n A flaw was found in the way the tomcat6 init script handled the\n tomcat6-initd.log log file. A malicious web application deployed on Tomcat\n could use this flaw to perform a symbolic link attack to change the\n ownership of an arbitrary system file to that of the tomcat user, allowing\n them to escalate their privileges to root. (CVE-2013-1976)\n\n Note: With this update, tomcat6-initd.log has been moved from\n /var/log/tomcat6/ to the /var/log/ directory.\n\n It was found that the RHSA-2013:0623 update did not correctly fix\n CVE-2012-5887, a weakness in the Tomcat DIGEST authentication\n implementation. A remote attacker could use this flaw to perform replay\n attacks in some circumstances. Additionally, this problem also prevented\n users from being able to authenticate using DIGEST authentication.\n (CVE-2013-2051)\n\n Red Hat would like to thank Simon Fayer of Imperial College London for\n reporting the CVE-2013-1976 issue.\n\n Users of Tomcat are advised to upgrade to these updated packages, which\n correct these issues. Tomcat must be restarted for this update to take\n effect.\";\n\n\ntag_affected = \"tomcat6 on Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(871000);\n script_version(\"$Revision: 8448 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-17 17:18:06 +0100 (Wed, 17 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-05-31 09:50:18 +0530 (Fri, 31 May 2013)\");\n script_cve_id(\"CVE-2013-1976\", \"CVE-2013-2051\", \"CVE-2012-5887\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Update for tomcat6 RHSA-2013:0869-01\");\n\n script_xref(name: \"RHSA\", value: \"2013:0869-01\");\n script_xref(name: \"URL\" , value: \"https://www.redhat.com/archives/rhsa-announce/2013-May/msg00029.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of tomcat6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.24~55.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-el\", rpm:\"tomcat6-el~2.1~api~6.0.24~55.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-jsp\", rpm:\"tomcat6-jsp~2.1~api~6.0.24~55.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-lib\", rpm:\"tomcat6-lib~6.0.24~55.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-servlet\", rpm:\"tomcat6-servlet~2.5~api~6.0.24~55.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2019-12-20T18:27:58", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1976"], "description": "**CentOS Errata and Security Advisory** CESA-2013:0870\n\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nA flaw was found in the way the tomcat5 init script handled the\ncatalina.out log file. A malicious web application deployed on Tomcat\ncould use this flaw to perform a symbolic link attack to change the\nownership of an arbitrary system file to that of the tomcat user, allowing\nthem to escalate their privileges to root. (CVE-2013-1976)\n\nNote: With this update, /var/log/tomcat5/catalina.out has been moved to the\n/var/log/tomcat5-initd.log file.\n\nRed Hat would like to thank Simon Fayer of Imperial College London for\nreporting this issue.\n\nUsers of Tomcat are advised to upgrade to these updated packages, which\ncorrect this issue. Tomcat must be restarted for this update to take\neffect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-May/031786.html\n\n**Affected packages:**\ntomcat5\ntomcat5-admin-webapps\ntomcat5-common-lib\ntomcat5-jasper\ntomcat5-jasper-javadoc\ntomcat5-jsp-2.0-api\ntomcat5-jsp-2.0-api-javadoc\ntomcat5-server-lib\ntomcat5-servlet-2.4-api\ntomcat5-servlet-2.4-api-javadoc\ntomcat5-webapps\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-0870.html", "edition": 3, "modified": "2013-05-28T18:47:52", "published": "2013-05-28T18:47:52", "href": "http://lists.centos.org/pipermail/centos-announce/2013-May/031786.html", "id": "CESA-2013:0870", "title": "tomcat5 security update", "type": "centos", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-20T18:25:21", "bulletinFamily": "unix", "cvelist": ["CVE-2012-5887", "CVE-2013-1976", "CVE-2013-2051"], "description": "**CentOS Errata and Security Advisory** CESA-2013:0869\n\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nA flaw was found in the way the tomcat6 init script handled the\ntomcat6-initd.log log file. A malicious web application deployed on Tomcat\ncould use this flaw to perform a symbolic link attack to change the\nownership of an arbitrary system file to that of the tomcat user, allowing\nthem to escalate their privileges to root. (CVE-2013-1976)\n\nNote: With this update, tomcat6-initd.log has been moved from\n/var/log/tomcat6/ to the /var/log/ directory.\n\nIt was found that the RHSA-2013:0623 update did not correctly fix\nCVE-2012-5887, a weakness in the Tomcat DIGEST authentication\nimplementation. A remote attacker could use this flaw to perform replay\nattacks in some circumstances. Additionally, this problem also prevented\nusers from being able to authenticate using DIGEST authentication.\n(CVE-2013-2051)\n\nRed Hat would like to thank Simon Fayer of Imperial College London for\nreporting the CVE-2013-1976 issue.\n\nUsers of Tomcat are advised to upgrade to these updated packages, which\ncorrect these issues. Tomcat must be restarted for this update to take\neffect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-May/031788.html\n\n**Affected packages:**\ntomcat6\ntomcat6-admin-webapps\ntomcat6-docs-webapp\ntomcat6-el-2.1-api\ntomcat6-javadoc\ntomcat6-jsp-2.1-api\ntomcat6-lib\ntomcat6-servlet-2.5-api\ntomcat6-webapps\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-0869.html", "edition": 3, "modified": "2013-05-29T08:25:00", "published": "2013-05-29T08:25:00", "href": "http://lists.centos.org/pipermail/centos-announce/2013-May/031788.html", "id": "CESA-2013:0869", "title": "tomcat6 security update", "type": "centos", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "amazon": [{"lastseen": "2020-11-10T12:37:05", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1976"], "description": "**Issue Overview:**\n\nThe (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership of arbitrary files via a symlink attack on (a) tomcat5-initd.log, (b) tomcat6-initd.log, (c) catalina.out, or (d) tomcat7-initd.log. \n\n \n**Affected Packages:** \n\n\ntomcat6\n\n \n**Issue Correction:** \nRun _yum update tomcat6_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n noarch: \n tomcat6-admin-webapps-6.0.37-1.1.amzn1.noarch \n tomcat6-webapps-6.0.37-1.1.amzn1.noarch \n tomcat6-el-2.1-api-6.0.37-1.1.amzn1.noarch \n tomcat6-6.0.37-1.1.amzn1.noarch \n tomcat6-lib-6.0.37-1.1.amzn1.noarch \n tomcat6-servlet-2.5-api-6.0.37-1.1.amzn1.noarch \n tomcat6-javadoc-6.0.37-1.1.amzn1.noarch \n tomcat6-jsp-2.1-api-6.0.37-1.1.amzn1.noarch \n tomcat6-docs-webapp-6.0.37-1.1.amzn1.noarch \n \n src: \n tomcat6-6.0.37-1.1.amzn1.src \n \n \n", "edition": 4, "modified": "2013-06-11T22:44:00", "published": "2013-06-11T22:44:00", "id": "ALAS-2013-196", "href": "https://alas.aws.amazon.com/ALAS-2013-196.html", "title": "Important: tomcat6", "type": "amazon", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:34:08", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1976"], "description": "[0:5.5.23-0jpp.40]\n- Related: CVE-2013-1976 It was found during additional testing\n- that the tomcat5 init may fail to start because the user\n- shell is set to sbin/nologin. Fixed in init scrip. SU now\n- uses -s /bin/sh during startup\n[0:5.5.23-0jpp.39]\n- Resolves: CVE-2013-1976 Improper TOMCAT_LOG management in\n- initscript. Change location of TOMCAT_LOG to /var/log so\n- only root can write to it. Touching TOMCAT_LOG is no longer\n- required during initscript startup. Permissions and ownership\n- changed to 0755 tomcat:root for logdir", "edition": 4, "modified": "2013-05-28T00:00:00", "published": "2013-05-28T00:00:00", "id": "ELSA-2013-0870", "href": "http://linux.oracle.com/errata/ELSA-2013-0870.html", "title": "tomcat5 security update", "type": "oraclelinux", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:24", "bulletinFamily": "unix", "cvelist": ["CVE-2012-3439", "CVE-2013-1976", "CVE-2013-2051"], "description": "[0:6.0.24-55]\n- Related: rhbz#955976 CVE-2013-1976. Changed log location\n- so only root can use it. Touching TOMCAT_LOG is no longer\n- required\n[0:6.0.24-54]\n- Resolves: rhbz#956771 Related: CVE-2012-3439 digest\n- authentication broken after errata for cve-2012-3439\n- patch for 3439 corrected\n[0:6.0.24-53]\n- Resolves: rhbz#955976 CVE-2013-1976 improper TOMCAT_LOG\n- management in init script", "edition": 4, "modified": "2013-05-28T00:00:00", "published": "2013-05-28T00:00:00", "id": "ELSA-2013-0869", "href": "http://linux.oracle.com/errata/ELSA-2013-0869.html", "title": "tomcat6 security update", "type": "oraclelinux", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:44:54", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1976"], "description": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nA flaw was found in the way the tomcat6 and tomcat7 init scripts handled\nthe tomcat6-initd.log and tomcat7-initd.log log files. A malicious web\napplication deployed on Tomcat could use this flaw to perform a symbolic\nlink attack to change the ownership of an arbitrary system file to that of\nthe tomcat user, allowing them to escalate their privileges to root.\n(CVE-2013-1976)\n\nNote: With this update, tomcat6-initd.log and tomcat7-initd.log have been\nmoved to the /var/log/ directory.\n\nRed Hat would like to thank Simon Fayer of Imperial College London for\nreporting this issue.\n\nWarning: Before applying the update, back up your existing JBoss Enterprise\nWeb Server installation (including all applications and configuration\nfiles).\n\nUsers of Tomcat should upgrade to these updated packages, which resolve\nthis issue. Tomcat must be restarted for this update to take effect.", "modified": "2018-08-09T19:46:59", "published": "2013-05-28T21:26:19", "id": "RHSA-2013:0871", "href": "https://access.redhat.com/errata/RHSA-2013:0871", "type": "redhat", "title": "(RHSA-2013:0871) Important: tomcat6 and tomcat7 security update", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:34", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1976"], "description": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nA flaw was found in the way the tomcat5 init script handled the\ncatalina.out log file. A malicious web application deployed on Tomcat\ncould use this flaw to perform a symbolic link attack to change the\nownership of an arbitrary system file to that of the tomcat user, allowing\nthem to escalate their privileges to root. (CVE-2013-1976)\n\nNote: With this update, /var/log/tomcat5/catalina.out has been moved to the\n/var/log/tomcat5-initd.log file.\n\nRed Hat would like to thank Simon Fayer of Imperial College London for\nreporting this issue.\n\nUsers of Tomcat are advised to upgrade to these updated packages, which\ncorrect this issue. Tomcat must be restarted for this update to take\neffect.\n", "modified": "2017-09-08T11:51:47", "published": "2013-05-28T04:00:00", "id": "RHSA-2013:0870", "href": "https://access.redhat.com/errata/RHSA-2013:0870", "type": "redhat", "title": "(RHSA-2013:0870) Important: tomcat5 security update", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:55", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1976"], "description": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nA flaw was found in the way the tomcat5 and tomcat6 init scripts handled\nthe tomcat5-initd.log and tomcat6-initd.log log files. A malicious web\napplication deployed on Tomcat could use this flaw to perform a symbolic\nlink attack to change the ownership of an arbitrary system file to that of\nthe tomcat user, allowing them to escalate their privileges to root.\n(CVE-2013-1976)\n\nNote: With this update, tomcat5-initd.log and tomcat6-initd.log have been\nmoved to the /var/log/ directory.\n\nRed Hat would like to thank Simon Fayer of Imperial College London for\nreporting this issue.\n\nWarning: Before applying the update, back up your existing JBoss Enterprise\nWeb Server installation (including all applications and configuration\nfiles).\n\nUsers of Tomcat should upgrade to these updated packages, which resolve\nthis issue. Tomcat must be restarted for this update to take effect.\n", "modified": "2018-06-07T02:42:41", "published": "2013-05-28T04:00:00", "id": "RHSA-2013:0872", "href": "https://access.redhat.com/errata/RHSA-2013:0872", "type": "redhat", "title": "(RHSA-2013:0872) Important: tomcat5 and tomcat6 security update", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:45", "bulletinFamily": "unix", "cvelist": ["CVE-2012-5887", "CVE-2013-1976", "CVE-2013-2051"], "description": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nA flaw was found in the way the tomcat6 init script handled the\ntomcat6-initd.log log file. A malicious web application deployed on Tomcat\ncould use this flaw to perform a symbolic link attack to change the\nownership of an arbitrary system file to that of the tomcat user, allowing\nthem to escalate their privileges to root. (CVE-2013-1976)\n\nNote: With this update, tomcat6-initd.log has been moved from\n/var/log/tomcat6/ to the /var/log/ directory.\n\nIt was found that the RHSA-2013:0623 update did not correctly fix\nCVE-2012-5887, a weakness in the Tomcat DIGEST authentication\nimplementation. A remote attacker could use this flaw to perform replay\nattacks in some circumstances. Additionally, this problem also prevented\nusers from being able to authenticate using DIGEST authentication.\n(CVE-2013-2051)\n\nRed Hat would like to thank Simon Fayer of Imperial College London for\nreporting the CVE-2013-1976 issue.\n\nUsers of Tomcat are advised to upgrade to these updated packages, which\ncorrect these issues. Tomcat must be restarted for this update to take\neffect.\n", "modified": "2018-06-06T20:24:23", "published": "2013-05-28T04:00:00", "id": "RHSA-2013:0869", "href": "https://access.redhat.com/errata/RHSA-2013:0869", "type": "redhat", "title": "(RHSA-2013:0869) Important: tomcat6 security update", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-06T09:28:45", "description": "Updated tomcat5 packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nA flaw was found in the way the tomcat5 init script handled the\ncatalina.out log file. A malicious web application deployed on Tomcat\ncould use this flaw to perform a symbolic link attack to change the\nownership of an arbitrary system file to that of the tomcat user,\nallowing them to escalate their privileges to root. (CVE-2013-1976)\n\nNote: With this update, /var/log/tomcat5/catalina.out has been moved\nto the /var/log/tomcat5-initd.log file.\n\nRed Hat would like to thank Simon Fayer of Imperial College London for\nreporting this issue.\n\nUsers of Tomcat are advised to upgrade to these updated packages,\nwhich correct this issue. Tomcat must be restarted for this update to\ntake effect.", "edition": 24, "published": "2013-05-30T00:00:00", "title": "CentOS 5 : tomcat5 (CESA-2013:0870)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1976"], "modified": "2013-05-30T00:00:00", "cpe": ["p-cpe:/a:centos:centos:tomcat5", "p-cpe:/a:centos:centos:tomcat5-webapps", "p-cpe:/a:centos:centos:tomcat5-jsp-2.0-api", "p-cpe:/a:centos:centos:tomcat5-server-lib", "p-cpe:/a:centos:centos:tomcat5-admin-webapps", "p-cpe:/a:centos:centos:tomcat5-servlet-2.4-api", "p-cpe:/a:centos:centos:tomcat5-jasper-javadoc", "p-cpe:/a:centos:centos:tomcat5-common-lib", "cpe:/o:centos:centos:5", "p-cpe:/a:centos:centos:tomcat5-servlet-2.4-api-javadoc", "p-cpe:/a:centos:centos:tomcat5-jasper", "p-cpe:/a:centos:centos:tomcat5-jsp-2.0-api-javadoc"], "id": "CENTOS_RHSA-2013-0870.NASL", "href": "https://www.tenable.com/plugins/nessus/66675", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0870 and \n# CentOS Errata and Security Advisory 2013:0870 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(66675);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2013-1976\");\n script_bugtraq_id(60186);\n script_xref(name:\"RHSA\", value:\"2013:0870\");\n\n script_name(english:\"CentOS 5 : tomcat5 (CESA-2013:0870)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated tomcat5 packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nA flaw was found in the way the tomcat5 init script handled the\ncatalina.out log file. A malicious web application deployed on Tomcat\ncould use this flaw to perform a symbolic link attack to change the\nownership of an arbitrary system file to that of the tomcat user,\nallowing them to escalate their privileges to root. (CVE-2013-1976)\n\nNote: With this update, /var/log/tomcat5/catalina.out has been moved\nto the /var/log/tomcat5-initd.log file.\n\nRed Hat would like to thank Simon Fayer of Imperial College London for\nreporting this issue.\n\nUsers of Tomcat are advised to upgrade to these updated packages,\nwhich correct this issue. Tomcat must be restarted for this update to\ntake effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2013-May/019748.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?69604f87\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat5 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-1976\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-common-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-jasper-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-jsp-2.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-jsp-2.0-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-server-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-servlet-2.4-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-servlet-2.4-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat5-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/07/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/05/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/05/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-5.5.23-0jpp.40.el5_9\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.40.el5_9\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-common-lib-5.5.23-0jpp.40.el5_9\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-jasper-5.5.23-0jpp.40.el5_9\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.40.el5_9\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.40.el5_9\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.40.el5_9\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-server-lib-5.5.23-0jpp.40.el5_9\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.40.el5_9\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.40.el5_9\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tomcat5-webapps-5.5.23-0jpp.40.el5_9\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat5 / tomcat5-admin-webapps / tomcat5-common-lib / etc\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:12:35", "description": "Updated tomcat6 and tomcat7 packages that fix one security issue are\nnow available for JBoss Enterprise Web Server 2.0.0 for Red Hat\nEnterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nA flaw was found in the way the tomcat6 and tomcat7 init scripts\nhandled the tomcat6-initd.log and tomcat7-initd.log log files. A\nmalicious web application deployed on Tomcat could use this flaw to\nperform a symbolic link attack to change the ownership of an arbitrary\nsystem file to that of the tomcat user, allowing them to escalate\ntheir privileges to root. (CVE-2013-1976)\n\nNote: With this update, tomcat6-initd.log and tomcat7-initd.log have\nbeen moved to the /var/log/ directory.\n\nRed Hat would like to thank Simon Fayer of Imperial College London for\nreporting this issue.\n\nWarning: Before applying the update, back up your existing JBoss\nEnterprise Web Server installation (including all applications and\nconfiguration files).\n\nUsers of Tomcat should upgrade to these updated packages, which\nresolve this issue. Tomcat must be restarted for this update to take\neffect.", "edition": 24, "published": "2014-06-26T00:00:00", "title": "RHEL 5 / 6 : JBoss Web Server (RHSA-2013:0871)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1976"], "modified": "2014-06-26T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:tomcat7-log4j", "p-cpe:/a:redhat:enterprise_linux:tomcat6", "p-cpe:/a:redhat:enterprise_linux:tomcat6-docs-webapp", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:tomcat7-jsp-2.2-api", "p-cpe:/a:redhat:enterprise_linux:tomcat7-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat7-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat7-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat7-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat6-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat6-servlet-2.5-api", "p-cpe:/a:redhat:enterprise_linux:tomcat6-log4j", "p-cpe:/a:redhat:enterprise_linux:tomcat6-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat7", "p-cpe:/a:redhat:enterprise_linux:tomcat6-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat6-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat7-docs-webapp", "p-cpe:/a:redhat:enterprise_linux:tomcat7-servlet-3.0-api", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:tomcat6-jsp-2.1-api", "p-cpe:/a:redhat:enterprise_linux:tomcat7-el-1.0-api", "p-cpe:/a:redhat:enterprise_linux:tomcat6-el-1.0-api"], "id": "REDHAT-RHSA-2013-0871.NASL", "href": "https://www.tenable.com/plugins/nessus/76236", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0871. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76236);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-1976\");\n script_bugtraq_id(60186);\n script_xref(name:\"RHSA\", value:\"2013:0871\");\n\n script_name(english:\"RHEL 5 / 6 : JBoss Web Server (RHSA-2013:0871)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated tomcat6 and tomcat7 packages that fix one security issue are\nnow available for JBoss Enterprise Web Server 2.0.0 for Red Hat\nEnterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nA flaw was found in the way the tomcat6 and tomcat7 init scripts\nhandled the tomcat6-initd.log and tomcat7-initd.log log files. A\nmalicious web application deployed on Tomcat could use this flaw to\nperform a symbolic link attack to change the ownership of an arbitrary\nsystem file to that of the tomcat user, allowing them to escalate\ntheir privileges to root. (CVE-2013-1976)\n\nNote: With this update, tomcat6-initd.log and tomcat7-initd.log have\nbeen moved to the /var/log/ directory.\n\nRed Hat would like to thank Simon Fayer of Imperial College London for\nreporting this issue.\n\nWarning: Before applying the update, back up your existing JBoss\nEnterprise Web Server installation (including all applications and\nconfiguration files).\n\nUsers of Tomcat should upgrade to these updated packages, which\nresolve this issue. Tomcat must be restarted for this update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:0871\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1976\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-el-1.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-el-1.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/07/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/05/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0871\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL5\", rpm:\"mod_cluster\") || rpm_exists(release:\"RHEL6\", rpm:\"mod_cluster\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"JBoss Web Server\");\n\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-6.0.35-12_patch_07.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-admin-webapps-6.0.35-12_patch_07.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-docs-webapp-6.0.35-12_patch_07.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-el-1.0-api-6.0.35-12_patch_07.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-javadoc-6.0.35-12_patch_07.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-jsp-2.1-api-6.0.35-12_patch_07.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-lib-6.0.35-12_patch_07.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-log4j-6.0.35-12_patch_07.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-servlet-2.5-api-6.0.35-12_patch_07.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-webapps-6.0.35-12_patch_07.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat7-7.0.30-5_patch_03.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat7-admin-webapps-7.0.30-5_patch_03.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat7-docs-webapp-7.0.30-5_patch_03.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat7-el-1.0-api-7.0.30-5_patch_03.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat7-javadoc-7.0.30-5_patch_03.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat7-jsp-2.2-api-7.0.30-5_patch_03.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat7-lib-7.0.30-5_patch_03.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat7-log4j-7.0.30-5_patch_03.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat7-servlet-3.0-api-7.0.30-5_patch_03.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat7-webapps-7.0.30-5_patch_03.ep6.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-6.0.35-33_patch_07.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-admin-webapps-6.0.35-33_patch_07.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-docs-webapp-6.0.35-33_patch_07.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-el-1.0-api-6.0.35-33_patch_07.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-javadoc-6.0.35-33_patch_07.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-jsp-2.1-api-6.0.35-33_patch_07.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-lib-6.0.35-33_patch_07.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-log4j-6.0.35-33_patch_07.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-servlet-2.5-api-6.0.35-33_patch_07.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-webapps-6.0.35-33_patch_07.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-7.0.30-7_patch_03.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-admin-webapps-7.0.30-7_patch_03.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-docs-webapp-7.0.30-7_patch_03.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-el-1.0-api-7.0.30-7_patch_03.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-javadoc-7.0.30-7_patch_03.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-jsp-2.2-api-7.0.30-7_patch_03.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-lib-7.0.30-7_patch_03.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-log4j-7.0.30-7_patch_03.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-servlet-3.0-api-7.0.30-7_patch_03.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-webapps-7.0.30-7_patch_03.ep6.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n }\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:47:59", "description": "From Red Hat Security Advisory 2013:0870 :\n\nUpdated tomcat5 packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nA flaw was found in the way the tomcat5 init script handled the\ncatalina.out log file. A malicious web application deployed on Tomcat\ncould use this flaw to perform a symbolic link attack to change the\nownership of an arbitrary system file to that of the tomcat user,\nallowing them to escalate their privileges to root. (CVE-2013-1976)\n\nNote: With this update, /var/log/tomcat5/catalina.out has been moved\nto the /var/log/tomcat5-initd.log file.\n\nRed Hat would like to thank Simon Fayer of Imperial College London for\nreporting this issue.\n\nUsers of Tomcat are advised to upgrade to these updated packages,\nwhich correct this issue. Tomcat must be restarted for this update to\ntake effect.", "edition": 21, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 5 : tomcat5 (ELSA-2013-0870)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1976"], "modified": "2013-07-12T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:tomcat5-jasper", "p-cpe:/a:oracle:linux:tomcat5-jsp-2.0-api-javadoc", "p-cpe:/a:oracle:linux:tomcat5-servlet-2.4-api", "p-cpe:/a:oracle:linux:tomcat5", "p-cpe:/a:oracle:linux:tomcat5-jasper-javadoc", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:tomcat5-admin-webapps", "p-cpe:/a:oracle:linux:tomcat5-servlet-2.4-api-javadoc", "p-cpe:/a:oracle:linux:tomcat5-server-lib", "p-cpe:/a:oracle:linux:tomcat5-webapps", "p-cpe:/a:oracle:linux:tomcat5-common-lib", "p-cpe:/a:oracle:linux:tomcat5-jsp-2.0-api"], "id": "ORACLELINUX_ELSA-2013-0870.NASL", "href": "https://www.tenable.com/plugins/nessus/68828", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2013:0870 and \n# Oracle Linux Security Advisory ELSA-2013-0870 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68828);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-1976\");\n script_bugtraq_id(60186);\n script_xref(name:\"RHSA\", value:\"2013:0870\");\n\n script_name(english:\"Oracle Linux 5 : tomcat5 (ELSA-2013-0870)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2013:0870 :\n\nUpdated tomcat5 packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nA flaw was found in the way the tomcat5 init script handled the\ncatalina.out log file. A malicious web application deployed on Tomcat\ncould use this flaw to perform a symbolic link attack to change the\nownership of an arbitrary system file to that of the tomcat user,\nallowing them to escalate their privileges to root. (CVE-2013-1976)\n\nNote: With this update, /var/log/tomcat5/catalina.out has been moved\nto the /var/log/tomcat5-initd.log file.\n\nRed Hat would like to thank Simon Fayer of Imperial College London for\nreporting this issue.\n\nUsers of Tomcat are advised to upgrade to these updated packages,\nwhich correct this issue. Tomcat must be restarted for this update to\ntake effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2013-May/003493.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat5 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-common-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-jasper-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-jsp-2.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-jsp-2.0-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-server-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-servlet-2.4-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-servlet-2.4-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat5-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/07/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/05/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-5.5.23-0jpp.40.el5_9\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.40.el5_9\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-common-lib-5.5.23-0jpp.40.el5_9\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-jasper-5.5.23-0jpp.40.el5_9\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.40.el5_9\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.40.el5_9\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.40.el5_9\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-server-lib-5.5.23-0jpp.40.el5_9\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.40.el5_9\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.40.el5_9\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tomcat5-webapps-5.5.23-0jpp.40.el5_9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat5 / tomcat5-admin-webapps / tomcat5-common-lib / etc\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T01:18:29", "description": "The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in\nthe RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2\nand 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to\nchange the ownership of arbitrary files via a symlink attack on (a)\ntomcat5-initd.log, (b) tomcat6-initd.log, (c) catalina.out, or (d)\ntomcat7-initd.log.", "edition": 23, "published": "2013-09-04T00:00:00", "title": "Amazon Linux AMI : tomcat6 (ALAS-2013-196)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1976"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:tomcat6-admin-webapps", "p-cpe:/a:amazon:linux:tomcat6-webapps", "p-cpe:/a:amazon:linux:tomcat6-lib", "p-cpe:/a:amazon:linux:tomcat6-servlet-2.5-api", "p-cpe:/a:amazon:linux:tomcat6-javadoc", "p-cpe:/a:amazon:linux:tomcat6-jsp-2.1-api", "p-cpe:/a:amazon:linux:tomcat6", "p-cpe:/a:amazon:linux:tomcat6-docs-webapp", "cpe:/o:amazon:linux", "p-cpe:/a:amazon:linux:tomcat6-el-2.1-api"], "id": "ALA_ALAS-2013-196.NASL", "href": "https://www.tenable.com/plugins/nessus/69754", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2013-196.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69754);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2013-1976\");\n script_xref(name:\"ALAS\", value:\"2013-196\");\n\n script_name(english:\"Amazon Linux AMI : tomcat6 (ALAS-2013-196)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in\nthe RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2\nand 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to\nchange the ownership of arbitrary files via a symlink attack on (a)\ntomcat5-initd.log, (b) tomcat6-initd.log, (c) catalina.out, or (d)\ntomcat7-initd.log.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2013-196.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update tomcat6' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-6.0.37-1.1.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-admin-webapps-6.0.37-1.1.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-docs-webapp-6.0.37-1.1.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-el-2.1-api-6.0.37-1.1.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-javadoc-6.0.37-1.1.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-jsp-2.1-api-6.0.37-1.1.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-lib-6.0.37-1.1.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-servlet-2.5-api-6.0.37-1.1.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-webapps-6.0.37-1.1.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:12:35", "description": "Updated tomcat5 and tomcat6 packages that fix one security issue are\nnow available for JBoss Enterprise Web Server 1.0.2 for Red Hat\nEnterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nA flaw was found in the way the tomcat5 and tomcat6 init scripts\nhandled the tomcat5-initd.log and tomcat6-initd.log log files. A\nmalicious web application deployed on Tomcat could use this flaw to\nperform a symbolic link attack to change the ownership of an arbitrary\nsystem file to that of the tomcat user, allowing them to escalate\ntheir privileges to root. (CVE-2013-1976)\n\nNote: With this update, tomcat5-initd.log and tomcat6-initd.log have\nbeen moved to the /var/log/ directory.\n\nRed Hat would like to thank Simon Fayer of Imperial College London for\nreporting this issue.\n\nWarning: Before applying the update, back up your existing JBoss\nEnterprise Web Server installation (including all applications and\nconfiguration files).\n\nUsers of Tomcat should upgrade to these updated packages, which\nresolve this issue. Tomcat must be restarted for this update to take\neffect.", "edition": 24, "published": "2013-05-30T00:00:00", "title": "RHEL 5 / 6 : tomcat5 and tomcat6 (RHSA-2013:0872)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1976"], "modified": "2013-05-30T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:tomcat6", "p-cpe:/a:redhat:enterprise_linux:tomcat5-jsp-2.0-api-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat5-servlet-2.4-api-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat6-docs-webapp", "p-cpe:/a:redhat:enterprise_linux:tomcat5-server-lib", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:tomcat5-common-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat5-jasper-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat6-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat6-servlet-2.5-api", "p-cpe:/a:redhat:enterprise_linux:tomcat5-jsp-2.0-api", "p-cpe:/a:redhat:enterprise_linux:tomcat6-log4j", "p-cpe:/a:redhat:enterprise_linux:tomcat6-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat6-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat5", "p-cpe:/a:redhat:enterprise_linux:tomcat5-jasper", "p-cpe:/a:redhat:enterprise_linux:tomcat5-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat5-parent", "p-cpe:/a:redhat:enterprise_linux:tomcat6-lib", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:tomcat5-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat5-servlet-2.4-api", "p-cpe:/a:redhat:enterprise_linux:tomcat6-jsp-2.1-api", "p-cpe:/a:redhat:enterprise_linux:tomcat5-jasper-eclipse", "p-cpe:/a:redhat:enterprise_linux:tomcat6-el-1.0-api"], "id": "REDHAT-RHSA-2013-0872.NASL", "href": "https://www.tenable.com/plugins/nessus/66690", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0872. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(66690);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-1976\");\n script_xref(name:\"RHSA\", value:\"2013:0872\");\n\n script_name(english:\"RHEL 5 / 6 : tomcat5 and tomcat6 (RHSA-2013:0872)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated tomcat5 and tomcat6 packages that fix one security issue are\nnow available for JBoss Enterprise Web Server 1.0.2 for Red Hat\nEnterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nA flaw was found in the way the tomcat5 and tomcat6 init scripts\nhandled the tomcat5-initd.log and tomcat6-initd.log log files. A\nmalicious web application deployed on Tomcat could use this flaw to\nperform a symbolic link attack to change the ownership of an arbitrary\nsystem file to that of the tomcat user, allowing them to escalate\ntheir privileges to root. (CVE-2013-1976)\n\nNote: With this update, tomcat5-initd.log and tomcat6-initd.log have\nbeen moved to the /var/log/ directory.\n\nRed Hat would like to thank Simon Fayer of Imperial College London for\nreporting this issue.\n\nWarning: Before applying the update, back up your existing JBoss\nEnterprise Web Server installation (including all applications and\nconfiguration files).\n\nUsers of Tomcat should upgrade to these updated packages, which\nresolve this issue. Tomcat must be restarted for this update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:0872\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1976\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-common-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-jasper-eclipse\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-jasper-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-jsp-2.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-jsp-2.0-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-parent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-server-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-servlet-2.4-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-servlet-2.4-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-el-1.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/07/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/05/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/05/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0872\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat5-5.5.33-33_patch_09.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat5-admin-webapps-5.5.33-33_patch_09.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat5-common-lib-5.5.33-33_patch_09.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat5-jasper-5.5.33-33_patch_09.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat5-jasper-eclipse-5.5.33-33_patch_09.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat5-jasper-javadoc-5.5.33-33_patch_09.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat5-jsp-2.0-api-5.5.33-33_patch_09.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.33-33_patch_09.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat5-parent-5.5.33-33_patch_09.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat5-server-lib-5.5.33-33_patch_09.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat5-servlet-2.4-api-5.5.33-33_patch_09.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.33-33_patch_09.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat5-webapps-5.5.33-33_patch_09.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-6.0.32-32_patch_09.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-admin-webapps-6.0.32-32_patch_09.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-docs-webapp-6.0.32-32_patch_09.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-el-1.0-api-6.0.32-32_patch_09.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-javadoc-6.0.32-32_patch_09.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-jsp-2.1-api-6.0.32-32_patch_09.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-lib-6.0.32-32_patch_09.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-log4j-6.0.32-32_patch_09.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-servlet-2.5-api-6.0.32-32_patch_09.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-webapps-6.0.32-32_patch_09.ep5.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat5-5.5.33-36_patch_09.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat5-admin-webapps-5.5.33-36_patch_09.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat5-common-lib-5.5.33-36_patch_09.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat5-jasper-5.5.33-36_patch_09.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat5-jasper-eclipse-5.5.33-36_patch_09.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat5-jasper-javadoc-5.5.33-36_patch_09.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat5-jsp-2.0-api-5.5.33-36_patch_09.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.33-36_patch_09.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat5-parent-5.5.33-36_patch_09.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat5-server-lib-5.5.33-36_patch_09.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat5-servlet-2.4-api-5.5.33-36_patch_09.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.33-36_patch_09.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat5-webapps-5.5.33-36_patch_09.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-6.0.32-35_patch_09.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-admin-webapps-6.0.32-35_patch_09.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-docs-webapp-6.0.32-35_patch_09.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-el-1.0-api-6.0.32-35_patch_09.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-javadoc-6.0.32-35_patch_09.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-jsp-2.1-api-6.0.32-35_patch_09.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-lib-6.0.32-35_patch_09.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-log4j-6.0.32-35_patch_09.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-servlet-2.5-api-6.0.32-35_patch_09.ep5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-webapps-6.0.32-35_patch_09.ep5.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat5 / tomcat5-admin-webapps / tomcat5-common-lib / etc\");\n }\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:47:37", "description": "A flaw was found in the way the tomcat5 init script handled the\ncatalina.out log file. A malicious web application deployed on Tomcat\ncould use this flaw to perform a symbolic link attack to change the\nownership of an arbitrary system file to that of the tomcat user,\nallowing them to escalate their privileges to root. (CVE-2013-1976)\n\nNote: With this update, /var/log/tomcat5/catalina.out has been moved\nto the /var/log/tomcat5-initd.log file.\n\nTomcat must be restarted for this update to take effect.", "edition": 14, "published": "2013-05-29T00:00:00", "title": "Scientific Linux Security Update : tomcat5 on SL5.x i386/x86_64 (20130528)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1976"], "modified": "2013-05-29T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:tomcat5-jsp-2.0-api", "p-cpe:/a:fermilab:scientific_linux:tomcat5-server-lib", "p-cpe:/a:fermilab:scientific_linux:tomcat5-common-lib", "p-cpe:/a:fermilab:scientific_linux:tomcat5-jasper-javadoc", "p-cpe:/a:fermilab:scientific_linux:tomcat5-webapps", "p-cpe:/a:fermilab:scientific_linux:tomcat5-admin-webapps", "p-cpe:/a:fermilab:scientific_linux:tomcat5-jasper", "p-cpe:/a:fermilab:scientific_linux:tomcat5-debuginfo", "x-cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:tomcat5-servlet-2.4-api-javadoc", "p-cpe:/a:fermilab:scientific_linux:tomcat5-servlet-2.4-api", "p-cpe:/a:fermilab:scientific_linux:tomcat5", "p-cpe:/a:fermilab:scientific_linux:tomcat5-jsp-2.0-api-javadoc"], "id": "SL_20130528_TOMCAT5_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/66664", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(66664);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-1976\");\n\n script_name(english:\"Scientific Linux Security Update : tomcat5 on SL5.x i386/x86_64 (20130528)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in the way the tomcat5 init script handled the\ncatalina.out log file. A malicious web application deployed on Tomcat\ncould use this flaw to perform a symbolic link attack to change the\nownership of an arbitrary system file to that of the tomcat user,\nallowing them to escalate their privileges to root. (CVE-2013-1976)\n\nNote: With this update, /var/log/tomcat5/catalina.out has been moved\nto the /var/log/tomcat5-initd.log file.\n\nTomcat must be restarted for this update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1305&L=scientific-linux-errata&T=0&P=2291\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ddc5e362\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat5-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat5-common-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat5-jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat5-jasper-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat5-jsp-2.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat5-jsp-2.0-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat5-server-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat5-servlet-2.4-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat5-servlet-2.4-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat5-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/07/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/05/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/05/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 5.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-5.5.23-0jpp.40.el5_9\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.40.el5_9\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-common-lib-5.5.23-0jpp.40.el5_9\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-debuginfo-5.5.23-0jpp.40.el5_9\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-jasper-5.5.23-0jpp.40.el5_9\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.40.el5_9\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.40.el5_9\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.40.el5_9\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-server-lib-5.5.23-0jpp.40.el5_9\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.40.el5_9\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.40.el5_9\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tomcat5-webapps-5.5.23-0jpp.40.el5_9\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat5 / tomcat5-admin-webapps / tomcat5-common-lib / etc\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:12:35", "description": "Updated tomcat5 packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nA flaw was found in the way the tomcat5 init script handled the\ncatalina.out log file. A malicious web application deployed on Tomcat\ncould use this flaw to perform a symbolic link attack to change the\nownership of an arbitrary system file to that of the tomcat user,\nallowing them to escalate their privileges to root. (CVE-2013-1976)\n\nNote: With this update, /var/log/tomcat5/catalina.out has been moved\nto the /var/log/tomcat5-initd.log file.\n\nRed Hat would like to thank Simon Fayer of Imperial College London for\nreporting this issue.\n\nUsers of Tomcat are advised to upgrade to these updated packages,\nwhich correct this issue. Tomcat must be restarted for this update to\ntake effect.", "edition": 24, "published": "2013-05-29T00:00:00", "title": "RHEL 5 : tomcat5 (RHSA-2013:0870)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1976"], "modified": "2013-05-29T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:tomcat5-jsp-2.0-api-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat5-servlet-2.4-api-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat5-server-lib", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:tomcat5-common-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat5-jasper-javadoc", "cpe:/o:redhat:enterprise_linux:5.9", "p-cpe:/a:redhat:enterprise_linux:tomcat5-jsp-2.0-api", "p-cpe:/a:redhat:enterprise_linux:tomcat5-debuginfo", "p-cpe:/a:redhat:enterprise_linux:tomcat5", "p-cpe:/a:redhat:enterprise_linux:tomcat5-jasper", "p-cpe:/a:redhat:enterprise_linux:tomcat5-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat5-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat5-servlet-2.4-api"], "id": "REDHAT-RHSA-2013-0870.NASL", "href": "https://www.tenable.com/plugins/nessus/66661", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0870. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(66661);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-1976\");\n script_bugtraq_id(60186);\n script_xref(name:\"RHSA\", value:\"2013:0870\");\n\n script_name(english:\"RHEL 5 : tomcat5 (RHSA-2013:0870)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated tomcat5 packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nA flaw was found in the way the tomcat5 init script handled the\ncatalina.out log file. A malicious web application deployed on Tomcat\ncould use this flaw to perform a symbolic link attack to change the\nownership of an arbitrary system file to that of the tomcat user,\nallowing them to escalate their privileges to root. (CVE-2013-1976)\n\nNote: With this update, /var/log/tomcat5/catalina.out has been moved\nto the /var/log/tomcat5-initd.log file.\n\nRed Hat would like to thank Simon Fayer of Imperial College London for\nreporting this issue.\n\nUsers of Tomcat are advised to upgrade to these updated packages,\nwhich correct this issue. Tomcat must be restarted for this update to\ntake effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:0870\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1976\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-common-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-jasper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-jasper-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-jsp-2.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-jsp-2.0-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-server-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-servlet-2.4-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-servlet-2.4-api-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat5-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.9\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/05/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/05/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0870\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-5.5.23-0jpp.40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-5.5.23-0jpp.40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-5.5.23-0jpp.40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-admin-webapps-5.5.23-0jpp.40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-common-lib-5.5.23-0jpp.40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-common-lib-5.5.23-0jpp.40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-common-lib-5.5.23-0jpp.40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-debuginfo-5.5.23-0jpp.40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-debuginfo-5.5.23-0jpp.40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-debuginfo-5.5.23-0jpp.40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-jasper-5.5.23-0jpp.40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-jasper-5.5.23-0jpp.40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-jasper-5.5.23-0jpp.40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-jasper-javadoc-5.5.23-0jpp.40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-jsp-2.0-api-5.5.23-0jpp.40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-server-lib-5.5.23-0jpp.40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-server-lib-5.5.23-0jpp.40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-server-lib-5.5.23-0jpp.40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-servlet-2.4-api-5.5.23-0jpp.40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tomcat5-webapps-5.5.23-0jpp.40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tomcat5-webapps-5.5.23-0jpp.40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tomcat5-webapps-5.5.23-0jpp.40.el5_9\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat5 / tomcat5-admin-webapps / tomcat5-common-lib / etc\");\n }\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-05T11:12:11", "description": "Tomcat was updated to fix two security issues: CVE-2013-1976: Avoid a\npotential symlink race during startup of the tomcat server, where a\nlocal attacker that gaine access to the tomcat chroot could escalate\nprivileges to root.\n\nCVE-2013-2071:\njava/org/apache/catalina/core/AsyncContextImpl.java in\nApache Tomcat 7.x did not properly handle the throwing of a\nRuntimeException in an AsyncListener in an application,\nwhich allows context-dependent attackers to obtain sensitive\nrequest information intended for other applications in\nopportunistic circumstances via an application that records\nthe requests that it processes.", "edition": 17, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : tomcat (openSUSE-SU-2013:1306-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2071", "CVE-2013-1976"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:tomcat-jsvc", "p-cpe:/a:novell:opensuse:tomcat", "cpe:/o:novell:opensuse:12.3", "p-cpe:/a:novell:opensuse:tomcat-el-2_2-api", "p-cpe:/a:novell:opensuse:tomcat-docs-webapp", "p-cpe:/a:novell:opensuse:tomcat-admin-webapps", "p-cpe:/a:novell:opensuse:tomcat-javadoc", "p-cpe:/a:novell:opensuse:tomcat-servlet-3_0-api", "p-cpe:/a:novell:opensuse:tomcat-webapps", "p-cpe:/a:novell:opensuse:tomcat-jsp-2_2-api", "p-cpe:/a:novell:opensuse:tomcat-lib"], "id": "OPENSUSE-2013-632.NASL", "href": "https://www.tenable.com/plugins/nessus/75106", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-632.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75106);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2013-1976\", \"CVE-2013-2071\");\n\n script_name(english:\"openSUSE Security Update : tomcat (openSUSE-SU-2013:1306-1)\");\n script_summary(english:\"Check for the openSUSE-2013-632 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Tomcat was updated to fix two security issues: CVE-2013-1976: Avoid a\npotential symlink race during startup of the tomcat server, where a\nlocal attacker that gaine access to the tomcat chroot could escalate\nprivileges to root.\n\nCVE-2013-2071:\njava/org/apache/catalina/core/AsyncContextImpl.java in\nApache Tomcat 7.x did not properly handle the throwing of a\nRuntimeException in an AsyncListener in an application,\nwhich allows context-dependent attackers to obtain sensitive\nrequest information intended for other applications in\nopportunistic circumstances via an application that records\nthe requests that it processes.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=822177\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=831117\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2013-08/msg00013.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-el-2_2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-jsp-2_2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-servlet-3_0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"tomcat-7.0.35-2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"tomcat-admin-webapps-7.0.35-2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"tomcat-docs-webapp-7.0.35-2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"tomcat-el-2_2-api-7.0.35-2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"tomcat-javadoc-7.0.35-2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"tomcat-jsp-2_2-api-7.0.35-2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"tomcat-jsvc-7.0.35-2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"tomcat-lib-7.0.35-2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"tomcat-servlet-3_0-api-7.0.35-2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"tomcat-webapps-7.0.35-2.33.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-05T11:12:11", "description": "Tomcat was updated to fix security issues and bug: CVE-2013-1976:\nAvoid a potential symlink race during startup of the tomcat server,\nwhere a local attacker that gaine access to the tomcat chroot could\nescalate privileges to root.\n\nCVE-2013-2067:\njava/org/apache/catalina/authenticator/FormAuthenticator.java in the\nform authentication feature in Apache Tomcat did not properly handle\nthe relationships between authentication requirements and sessions,\nwhich allows remote attackers to inject a request into a session by\nsending this request during completion of the login form, a variant of\na session fixation attack.\n\nCVE-2012-3544: Tomcat were affected by a chunked transfer encoding\nextension size denial of service vulnerability.\n\nAlso the following bug was fixed :\n\n - Fix tomcat init scripts generating malformed classpath\n (http://youtrack.jetbrains.com/issue/JT-18545)\n bnc#804992", "edition": 22, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : tomcat (openSUSE-SU-2013:1307-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-3544", "CVE-2013-2067", "CVE-2013-1976"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:tomcat-jsvc", "p-cpe:/a:novell:opensuse:tomcat", "p-cpe:/a:novell:opensuse:tomcat-el-2_2-api", "p-cpe:/a:novell:opensuse:tomcat-docs-webapp", "p-cpe:/a:novell:opensuse:tomcat-admin-webapps", "p-cpe:/a:novell:opensuse:tomcat-javadoc", "p-cpe:/a:novell:opensuse:tomcat-servlet-3_0-api", "p-cpe:/a:novell:opensuse:tomcat-webapps", "p-cpe:/a:novell:opensuse:tomcat-jsp-2_2-api", "p-cpe:/a:novell:opensuse:tomcat-lib", "cpe:/o:novell:opensuse:12.2"], "id": "OPENSUSE-2013-633.NASL", "href": "https://www.tenable.com/plugins/nessus/75107", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-633.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75107);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2012-3544\", \"CVE-2013-1976\", \"CVE-2013-2067\");\n\n script_name(english:\"openSUSE Security Update : tomcat (openSUSE-SU-2013:1307-1)\");\n script_summary(english:\"Check for the openSUSE-2013-633 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Tomcat was updated to fix security issues and bug: CVE-2013-1976:\nAvoid a potential symlink race during startup of the tomcat server,\nwhere a local attacker that gaine access to the tomcat chroot could\nescalate privileges to root.\n\nCVE-2013-2067:\njava/org/apache/catalina/authenticator/FormAuthenticator.java in the\nform authentication feature in Apache Tomcat did not properly handle\nthe relationships between authentication requirements and sessions,\nwhich allows remote attackers to inject a request into a session by\nsending this request during completion of the login form, a variant of\na session fixation attack.\n\nCVE-2012-3544: Tomcat were affected by a chunked transfer encoding\nextension size denial of service vulnerability.\n\nAlso the following bug was fixed :\n\n - Fix tomcat init scripts generating malformed classpath\n (http://youtrack.jetbrains.com/issue/JT-18545)\n bnc#804992\"\n );\n # http://youtrack.jetbrains.com/issue/JT-18545\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://youtrack.jetbrains.com/issue/JT-18545\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=768772\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=804992\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=822177\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=831117\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=831119\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2013-08/msg00014.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-el-2_2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-jsp-2_2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-servlet-3_0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/08/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.2\", reference:\"tomcat-7.0.27-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"tomcat-admin-webapps-7.0.27-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"tomcat-docs-webapp-7.0.27-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"tomcat-el-2_2-api-7.0.27-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"tomcat-javadoc-7.0.27-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"tomcat-jsp-2_2-api-7.0.27-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"tomcat-jsvc-7.0.27-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"tomcat-lib-7.0.27-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"tomcat-servlet-3_0-api-7.0.27-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"tomcat-webapps-7.0.27-2.26.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:12:35", "description": "Updated tomcat6 packages that fix two security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nA flaw was found in the way the tomcat6 init script handled the\ntomcat6-initd.log log file. A malicious web application deployed on\nTomcat could use this flaw to perform a symbolic link attack to change\nthe ownership of an arbitrary system file to that of the tomcat user,\nallowing them to escalate their privileges to root. (CVE-2013-1976)\n\nNote: With this update, tomcat6-initd.log has been moved from\n/var/log/tomcat6/ to the /var/log/ directory.\n\nIt was found that the RHSA-2013:0623 update did not correctly fix\nCVE-2012-5887, a weakness in the Tomcat DIGEST authentication\nimplementation. A remote attacker could use this flaw to perform\nreplay attacks in some circumstances. Additionally, this problem also\nprevented users from being able to authenticate using DIGEST\nauthentication. (CVE-2013-2051)\n\nRed Hat would like to thank Simon Fayer of Imperial College London for\nreporting the CVE-2013-1976 issue.\n\nUsers of Tomcat are advised to upgrade to these updated packages,\nwhich correct these issues. Tomcat must be restarted for this update\nto take effect.", "edition": 25, "published": "2013-05-29T00:00:00", "title": "RHEL 6 : tomcat6 (RHSA-2013:0869)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5887", "CVE-2013-1976", "CVE-2013-2051"], "modified": "2013-05-29T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:tomcat6", "p-cpe:/a:redhat:enterprise_linux:tomcat6-docs-webapp", "p-cpe:/a:redhat:enterprise_linux:tomcat6-admin-webapps", "cpe:/o:redhat:enterprise_linux:6.4", "p-cpe:/a:redhat:enterprise_linux:tomcat6-servlet-2.5-api", "p-cpe:/a:redhat:enterprise_linux:tomcat6-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat6-el-2.1-api", "p-cpe:/a:redhat:enterprise_linux:tomcat6-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat6-lib", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:tomcat6-jsp-2.1-api"], "id": "REDHAT-RHSA-2013-0869.NASL", "href": "https://www.tenable.com/plugins/nessus/66660", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0869. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(66660);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-1976\", \"CVE-2013-2051\");\n script_xref(name:\"RHSA\", value:\"2013:0869\");\n\n script_name(english:\"RHEL 6 : tomcat6 (RHSA-2013:0869)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated tomcat6 packages that fix two security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nA flaw was found in the way the tomcat6 init script handled the\ntomcat6-initd.log log file. A malicious web application deployed on\nTomcat could use this flaw to perform a symbolic link attack to change\nthe ownership of an arbitrary system file to that of the tomcat user,\nallowing them to escalate their privileges to root. (CVE-2013-1976)\n\nNote: With this update, tomcat6-initd.log has been moved from\n/var/log/tomcat6/ to the /var/log/ directory.\n\nIt was found that the RHSA-2013:0623 update did not correctly fix\nCVE-2012-5887, a weakness in the Tomcat DIGEST authentication\nimplementation. A remote attacker could use this flaw to perform\nreplay attacks in some circumstances. Additionally, this problem also\nprevented users from being able to authenticate using DIGEST\nauthentication. (CVE-2013-2051)\n\nRed Hat would like to thank Simon Fayer of Imperial College London for\nreporting the CVE-2013-1976 issue.\n\nUsers of Tomcat are advised to upgrade to these updated packages,\nwhich correct these issues. Tomcat must be restarted for this update\nto take effect.\"\n );\n # https://rhn.redhat.com/errata/RHSA-2013-0623.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:0623\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:0869\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1976\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2051\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/07/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/05/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/05/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0869\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-6.0.24-55.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-admin-webapps-6.0.24-55.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-docs-webapp-6.0.24-55.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-el-2.1-api-6.0.24-55.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-javadoc-6.0.24-55.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-jsp-2.1-api-6.0.24-55.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-lib-6.0.24-55.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-servlet-2.5-api-6.0.24-55.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-webapps-6.0.24-55.el6_4\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n }\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}]}
