A bug in the error handling of the send file code for the NIO HTTP
connector resulted in the current Processor object being added to the
Processor cache multiple times. This in turn meant that the same
Processor could be used for concurrent requests. Sharing a Processor
can result in information leakage between requests including, not
limited to, session ID and the response body.
In addition this update also addresses a regression when running
Tomcat 7 with SecurityManager enabled due to an incomplete fix for
[CVE-2016-6816](https://security-tracker.debian.org/tracker/CVE-2016-6816).
For Debian 7 Wheezy, these problems have been fixed in version
7.0.28-4+deb7u9.
We recommend that you upgrade your tomcat7 packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: <https://wiki.debian.org/LTS>
{"openvas": [{"lastseen": "2020-02-20T18:45:02", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for tomcat (EulerOS-SA-2017-1081)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8745", "CVE-2016-6816"], "modified": "2020-02-18T00:00:00", "id": "OPENVAS:1361412562311220171081", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171081", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1081\");\n script_version(\"2020-02-18T11:13:49+0000\");\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-8745\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-02-18 11:13:49 +0000 (Tue, 18 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 10:48:29 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for tomcat (EulerOS-SA-2017-1081)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1081\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1081\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'tomcat' package(s) announced via the EulerOS-SA-2017-1081 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)\n\nA bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)\");\n\n script_tag(name:\"affected\", value:\"'tomcat' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~7.0.69~11\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-admin-webapps\", rpm:\"tomcat-admin-webapps~7.0.69~11\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-el-2.2-api\", rpm:\"tomcat-el-2.2-api~7.0.69~11\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-jsp-2.2-api\", rpm:\"tomcat-jsp-2.2-api~7.0.69~11\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-lib\", rpm:\"tomcat-lib~7.0.69~11\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-servlet-3.0-api\", rpm:\"tomcat-servlet-3.0-api~7.0.69~11\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-webapps\", rpm:\"tomcat-webapps~7.0.69~11\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-02-20T18:46:49", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for tomcat (EulerOS-SA-2017-1082)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8745", "CVE-2016-6816"], "modified": "2020-02-18T00:00:00", "id": "OPENVAS:1361412562311220171082", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171082", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1082\");\n script_version(\"2020-02-18T11:13:49+0000\");\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-8745\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-02-18 11:13:49 +0000 (Tue, 18 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 10:48:31 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for tomcat (EulerOS-SA-2017-1082)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1082\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1082\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'tomcat' package(s) announced via the EulerOS-SA-2017-1082 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)\n\nA bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)\");\n\n script_tag(name:\"affected\", value:\"'tomcat' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~7.0.69~11\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-admin-webapps\", rpm:\"tomcat-admin-webapps~7.0.69~11\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-el-2.2-api\", rpm:\"tomcat-el-2.2-api~7.0.69~11\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-jsp-2.2-api\", rpm:\"tomcat-jsp-2.2-api~7.0.69~11\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-lib\", rpm:\"tomcat-lib~7.0.69~11\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-servlet-3.0-api\", rpm:\"tomcat-servlet-3.0-api~7.0.69~11\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-webapps\", rpm:\"tomcat-webapps~7.0.69~11\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-14T18:36:47", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-04-13T00:00:00", "type": "openvas", "title": "RedHat Update for tomcat RHSA-2017:0935-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8745", "CVE-2016-6816"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310871795", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871795", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871795\");\n script_version(\"2020-03-13T10:06:41+0000\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 10:06:41 +0000 (Fri, 13 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-04-13 06:32:25 +0200 (Thu, 13 Apr 2017)\");\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-8745\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for tomcat RHSA-2017:0935-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Apache Tomcat is a servlet container for\n the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n * It was discovered that the code that parsed the HTTP request line\npermitted invalid characters. This could be exploited, in conjunction with\na proxy that also permitted the invalid characters but with a different\ninterpretation, to inject data into the HTTP response. By manipulating the\nHTTP response the attacker could poison a web-cache, perform an XSS attack,\nor obtain sensitive information from requests other then their own.\n(CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request error\nwhen request contains characters that are not permitted by the HTTP\nspecification to appear not encoded, even though they were previously\naccepted. The newly introduced system property\ntomcat.util.http.parser.HttpParser.requestTargetAllow can be used to\nconfigure Tomcat to accept curly braces ({ and }) and the pipe symbol\nin not encoded form, as these are often used in URLs without being properly\nencoded.\n\n * A bug was discovered in the error handling of the send file code for the\nNIO HTTP connector. This led to the current Processor object being added to\nthe Processor cache multiple times allowing information leakage between\nrequests including, and not limited to, session ID and the response body.\n(CVE-2016-8745)\");\n script_tag(name:\"affected\", value:\"tomcat on\n Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2017:0935-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2017-April/msg00026.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~7.0.69~11.el7_3\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-admin-webapps\", rpm:\"tomcat-admin-webapps~7.0.69~11.el7_3\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-el-2.2-api\", rpm:\"tomcat-el-2.2-api~7.0.69~11.el7_3\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-jsp-2.2-api\", rpm:\"tomcat-jsp-2.2-api~7.0.69~11.el7_3\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-lib\", rpm:\"tomcat-lib~7.0.69~11.el7_3\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-servlet-3.0-api\", rpm:\"tomcat-servlet-3.0-api~7.0.69~11.el7_3\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-webapps\", rpm:\"tomcat-webapps~7.0.69~11.el7_3\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-14T18:46:22", "description": "Check the version of tomcat6", "cvss3": {}, "published": "2017-03-18T00:00:00", "type": "openvas", "title": "CentOS Update for tomcat6 CESA-2017:0527 centos6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8745", "CVE-2016-6816"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310882682", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882682", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882682\");\n script_version(\"2020-03-13T10:06:41+0000\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 10:06:41 +0000 (Fri, 13 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-03-18 06:37:15 +0100 (Sat, 18 Mar 2017)\");\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-8745\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for tomcat6 CESA-2017:0527 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of tomcat6\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Apache Tomcat is a servlet container for\nthe Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n * It was discovered that the code that parsed the HTTP request line\npermitted invalid characters. This could be exploited, in conjunction with\na proxy that also permitted the invalid characters but with a different\ninterpretation, to inject data into the HTTP response. By manipulating the\nHTTP response the attacker could poison a web-cache, perform an XSS attack,\nor obtain sensitive information from requests other then their own.\n(CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request error\nwhen request contains characters that are not permitted by the HTTP\nspecification to appear not encoded, even though they were previously\naccepted. The newly introduced system property\ntomcat.util.http.parser.HttpParser.requestTargetAllow can be used to\nconfigure Tomcat to accept curly braces ({ and }) and the pipe symbol\nin not encoded form, as these are often used in URLs without being properly\nencoded.\n\n * A bug was discovered in the error handling of the send file code for the\nNIO HTTP connector. This led to the current Processor object being added to\nthe Processor cache multiple times allowing information leakage between\nrequests including, and not limited to, session ID and the response body.\n(CVE-2016-8745)\");\n script_tag(name:\"affected\", value:\"tomcat6 on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2017:0527\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2017-March/022342.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.24~105.el6_8\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-admin-webapps\", rpm:\"tomcat6-admin-webapps~6.0.24~105.el6_8\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-docs-webapp\", rpm:\"tomcat6-docs-webapp~6.0.24~105.el6_8\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-el-2.1-api\", rpm:\"tomcat6-el-2.1-api~6.0.24~105.el6_8\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-javadoc\", rpm:\"tomcat6-javadoc~6.0.24~105.el6_8\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-jsp-2.1-api\", rpm:\"tomcat6-jsp-2.1-api~6.0.24~105.el6_8\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-lib\", rpm:\"tomcat6-lib~6.0.24~105.el6_8\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-servlet-2.5-api\", rpm:\"tomcat6-servlet-2.5-api~6.0.24~105.el6_8\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-webapps\", rpm:\"tomcat6-webapps~6.0.24~105.el6_8\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-14T18:41:56", "description": "Check the version of tomcat", "cvss3": {}, "published": "2017-04-14T00:00:00", "type": "openvas", "title": "CentOS Update for tomcat CESA-2017:0935 centos7", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8745", "CVE-2016-6816"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310882690", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882690", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882690\");\n script_version(\"2020-03-13T10:06:41+0000\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 10:06:41 +0000 (Fri, 13 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-04-14 06:30:11 +0200 (Fri, 14 Apr 2017)\");\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-8745\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for tomcat CESA-2017:0935 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of tomcat\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Apache Tomcat is a servlet container for\nthe Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n * It was discovered that the code that parsed the HTTP request line\npermitted invalid characters. This could be exploited, in conjunction with\na proxy that also permitted the invalid characters but with a different\ninterpretation, to inject data into the HTTP response. By manipulating the\nHTTP response the attacker could poison a web-cache, perform an XSS attack,\nor obtain sensitive information from requests other then their own.\n(CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request error\nwhen request contains characters that are not permitted by the HTTP\nspecification to appear not encoded, even though they were previously\naccepted. The newly introduced system property\ntomcat.util.http.parser.HttpParser.requestTargetAllow can be used to\nconfigure Tomcat to accept curly braces ({ and }) and the pipe symbol\nin not encoded form, as these are often used in URLs without being properly\nencoded.\n\n * A bug was discovered in the error handling of the send file code for the\nNIO HTTP connector. This led to the current Processor object being added to\nthe Processor cache multiple times allowing information leakage between\nrequests including, and not limited to, session ID and the response body.\n(CVE-2016-8745)\");\n script_tag(name:\"affected\", value:\"tomcat on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2017:0935\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2017-April/022384.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~7.0.69~11.el7_3\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-admin-webapps\", rpm:\"tomcat-admin-webapps~7.0.69~11.el7_3\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-docs-webapp\", rpm:\"tomcat-docs-webapp~7.0.69~11.el7_3\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-el-2.2-api\", rpm:\"tomcat-el-2.2-api~7.0.69~11.el7_3\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-javadoc\", rpm:\"tomcat-javadoc~7.0.69~11.el7_3\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-jsp-2.2-api\", rpm:\"tomcat-jsp-2.2-api~7.0.69~11.el7_3\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-jsvc\", rpm:\"tomcat-jsvc~7.0.69~11.el7_3\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-lib\", rpm:\"tomcat-lib~7.0.69~11.el7_3\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-servlet-3.0-api\", rpm:\"tomcat-servlet-3.0-api~7.0.69~11.el7_3\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat-webapps\", rpm:\"tomcat-webapps~7.0.69~11.el7_3\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-14T18:38:58", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-03-16T00:00:00", "type": "openvas", "title": "RedHat Update for tomcat6 RHSA-2017:0527-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8745", "CVE-2016-6816"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310871773", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871773", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871773\");\n script_version(\"2020-03-13T10:06:41+0000\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 10:06:41 +0000 (Fri, 13 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-03-16 05:49:35 +0100 (Thu, 16 Mar 2017)\");\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-8745\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for tomcat6 RHSA-2017:0527-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat6'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Apache Tomcat is a servlet container for\nthe Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n * It was discovered that the code that parsed the HTTP request line\npermitted invalid characters. This could be exploited, in conjunction with\na proxy that also permitted the invalid characters but with a different\ninterpretation, to inject data into the HTTP response. By manipulating the\nHTTP response the attacker could poison a web-cache, perform an XSS attack,\nor obtain sensitive information from requests other then their own.\n(CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request error\nwhen request contains characters that are not permitted by the HTTP\nspecification to appear not encoded, even though they were previously\naccepted. The newly introduced system property\ntomcat.util.http.parser.HttpParser.requestTargetAllow can be used to\nconfigure Tomcat to accept curly braces ({ and }) and the pipe symbol\nin not encoded form, as these are often used in URLs without being properly\nencoded.\n\n * A bug was discovered in the error handling of the send file code for the\nNIO HTTP connector. This led to the current Processor object being added to\nthe Processor cache multiple times allowing information leakage between\nrequests including, and not limited to, session ID and the response body.\n(CVE-2016-8745)\");\n script_tag(name:\"affected\", value:\"tomcat6 on\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2017:0527-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2017-March/msg00029.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.24~105.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-el-2.1-api\", rpm:\"tomcat6-el-2.1-api~6.0.24~105.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-jsp-2.1-api\", rpm:\"tomcat6-jsp-2.1-api~6.0.24~105.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-lib\", rpm:\"tomcat6-lib~6.0.24~105.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-servlet-2.5-api\", rpm:\"tomcat6-servlet-2.5-api~6.0.24~105.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:30", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-02-23T00:00:00", "type": "openvas", "title": "Fedora Update for tomcat FEDORA-2017-376ae2b92c", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8745"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872399", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872399", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tomcat FEDORA-2017-376ae2b92c\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872399\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-02-23 05:08:34 +0100 (Thu, 23 Feb 2017)\");\n script_cve_id(\"CVE-2016-8745\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for tomcat FEDORA-2017-376ae2b92c\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"tomcat on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-376ae2b92c\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FIYQ6WYU54TMBVP4TAW6TRG6NKARY4JW\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~8.0.41~1.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2017-09-04T14:22:36", "description": "It was discovered that incorrect error\nhandling in the NIO HTTP connector of the Tomcat servlet and JSP engine could\nresult in information disclosure.", "cvss3": {}, "published": "2017-01-08T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3755-1 (tomcat8 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8745"], "modified": "2017-08-31T00:00:00", "id": "OPENVAS:703755", "href": "http://plugins.openvas.org/nasl.php?oid=703755", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3755.nasl 7026 2017-08-31 06:13:04Z asteins $\n# Auto-generated from advisory DSA 3755-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703755);\n script_version(\"$Revision: 7026 $\");\n script_cve_id(\"CVE-2016-8745\");\n script_name(\"Debian Security Advisory DSA 3755-1 (tomcat8 - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-08-31 08:13:04 +0200 (Thu, 31 Aug 2017) $\");\n script_tag(name: \"creation_date\", value: \"2017-01-08 00:00:00 +0100 (Sun, 08 Jan 2017)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2017/dsa-3755.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"tomcat8 on Debian Linux\");\n script_tag(name: \"insight\", value: \"Apache Tomcat implements the Java\nServlet and the JavaServer Pages (JSP) specifications from Oracle, and provides\na 'pure Java' HTTP web server environment for Java code to run.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie),\nthis problem has been fixed in version 8.0.14-1+deb8u6.\n\nFor the testing distribution (stretch), this problem has been fixed\nin version 8.5.9-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 8.5.9-1.\n\nWe recommend that you upgrade your tomcat8 packages.\");\n script_tag(name: \"summary\", value: \"It was discovered that incorrect error\nhandling in the NIO HTTP connector of the Tomcat servlet and JSP engine could\nresult in information disclosure.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libservlet3.1-java\", ver:\"8.5.9-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libservlet3.1-java-doc\", ver:\"8.5.9-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtomcat8-embed-java\", ver:\"8.5.9-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtomcat8-java\", ver:\"8.5.9-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8\", ver:\"8.5.9-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8-admin\", ver:\"8.5.9-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8-common\", ver:\"8.5.9-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8-docs\", ver:\"8.5.9-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8-examples\", ver:\"8.5.9-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8-user\", ver:\"8.5.9-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libservlet3.1-java\", ver:\"8.0.14-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libservlet3.1-java-doc\", ver:\"8.0.14-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtomcat8-java\", ver:\"8.0.14-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8\", ver:\"8.0.14-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8-admin\", ver:\"8.0.14-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8-common\", ver:\"8.0.14-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8-docs\", ver:\"8.0.14-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8-examples\", ver:\"8.0.14-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8-user\", ver:\"8.0.14-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2020-03-05T18:35:57", "description": "This host is installed with Apache Tomcat\n and is prone to information disclosure vulnerability.", "cvss3": {}, "published": "2017-08-11T00:00:00", "type": "openvas", "title": "Apache Tomcat NIO HTTP connector Information Disclosure Vulnerability (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8745"], "modified": "2020-03-04T00:00:00", "id": "OPENVAS:1361412562310811296", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811296", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apache Tomcat NIO HTTP connector Information Disclosure Vulnerability (Windows)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:tomcat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811296\");\n script_version(\"2020-03-04T09:29:37+0000\");\n script_cve_id(\"CVE-2016-8745\");\n script_bugtraq_id(94828);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-03-04 09:29:37 +0000 (Wed, 04 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-08-11 12:49:43 +0530 (Fri, 11 Aug 2017)\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_name(\"Apache Tomcat NIO HTTP connector Information Disclosure Vulnerability (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apache Tomcat\n and is prone to information disclosure vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to error handling of the\n send file code for the NIO HTTP connector in Apache Tomcat resulting in the\n current Processor object being added to the Processor cache multiple times.\n This in turn means that the same Processor could be used for concurrent requests.\n Sharing a Processor can result in information leakage between requests including,\n not not limited to, session ID and the response body.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to gain access to potentially sensitive information.\");\n\n script_tag(name:\"affected\", value:\"Apache Tomcat versions 9.0.0.M1 to 9.0.0.M13,\n Apache Tomcat versions 8.5.0 to 8.5.8,\n Apache Tomcat versions 8.0.0.RC1 to 8.0.39,\n Apache Tomcat versions 7.0.0 to 7.0.73, and\n Apache Tomcat versions 6.0.16 to 6.0.48 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apache Tomcat version 9.0.0.M15\n or 8.5.9 or 8.0.41 or 7.0.75 or 6.0.50 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://bz.apache.org/bugzilla/show_bug.cgi?id=60409\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.0.M15\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.41\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.75\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.9\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.50\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Web Servers\");\n script_dependencies(\"gb_apache_tomcat_consolidation.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"apache/tomcat/detected\", \"Host/runs_windows\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"revisions-lib.inc\");\ninclude(\"version_func.inc\");\n\nif(isnull(tomPort = get_app_port(cpe:CPE)))\n exit(0);\n\nif(!infos = get_app_version_and_location(cpe:CPE, port:tomPort, exit_no_version:TRUE))\n exit(0);\n\nappVer = infos[\"version\"];\npath = infos[\"location\"];\n\nif(appVer =~ \"^6\\.\")\n{\n if((revcomp(a: appVer, b: \"6.0.50\") < 0) &&\n (revcomp(a: appVer, b: \"6.0.16\") >= 0)){\n fix = \"6.0.50\";\n }\n}\n\nelse if(appVer =~ \"^7\\.\")\n{\n if(revcomp(a: appVer, b: \"7.0.75\") < 0){\n fix = \"7.0.75\";\n }\n}\n\nelse if(appVer =~ \"^8\\.5\\.\")\n{\n if(revcomp(a: appVer, b: \"8.5.9\") < 0){\n fix = \"8.5.9\";\n }\n}\n\nelse if(appVer =~ \"^8\\.\")\n{\n if(revcomp(a: appVer, b: \"8.0.41\") < 0){\n fix = \"8.0.41\";\n }\n}\n\nelse if(appVer =~ \"^9\\.\")\n{\n if(revcomp(a: appVer, b: \"9.0.0.M15\") < 0){\n fix = \"9.0.0.M15\";\n }\n}\n\nif(fix)\n{\n report = report_fixed_ver(installed_version:appVer, fixed_version:fix, install_path:path);\n security_message(data:report, port:tomPort);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-03-05T18:42:26", "description": "This host is installed with Apache Tomcat\n and is prone to information disclosure vulnerability.", "cvss3": {}, "published": "2017-08-11T00:00:00", "type": "openvas", "title": "Apache Tomcat NIO HTTP connector Information Disclosure Vulnerability (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8745"], "modified": "2020-03-04T00:00:00", "id": "OPENVAS:1361412562310811701", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811701", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apache Tomcat NIO HTTP connector Information Disclosure Vulnerability (Linux)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:tomcat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811701\");\n script_version(\"2020-03-04T09:29:37+0000\");\n script_cve_id(\"CVE-2016-8745\");\n script_bugtraq_id(94828);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-03-04 09:29:37 +0000 (Wed, 04 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-08-11 16:00:03 +0530 (Fri, 11 Aug 2017)\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_name(\"Apache Tomcat NIO HTTP connector Information Disclosure Vulnerability (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apache Tomcat\n and is prone to information disclosure vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to error handling of the\n send file code for the NIO HTTP connector in Apache Tomcat resulting in the\n current Processor object being added to the Processor cache multiple times.\n This in turn means that the same Processor could be used for concurrent requests.\n Sharing a Processor can result in information leakage between requests including,\n not not limited to, session ID and the response body.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to gain access to potentially sensitive information.\");\n\n script_tag(name:\"affected\", value:\"Apache Tomcat versions 9.0.0.M1 to 9.0.0.M13,\n Apache Tomcat versions 8.5.0 to 8.5.8,\n Apache Tomcat versions 8.0.0.RC1 to 8.0.39,\n Apache Tomcat versions 7.0.0 to 7.0.73, and\n Apache Tomcat versions 6.0.16 to 6.0.48 on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apache Tomcat version 9.0.0.M15\n or 8.5.9 or 8.0.41 or 7.0.75 or 6.0.50 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://bz.apache.org/bugzilla/show_bug.cgi?id=60409\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.0.M15\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.41\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.75\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.9\");\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.50\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Web Servers\");\n script_dependencies(\"gb_apache_tomcat_consolidation.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"apache/tomcat/detected\", \"Host/runs_unixoide\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"revisions-lib.inc\");\ninclude(\"version_func.inc\");\n\nif(isnull(tomPort = get_app_port(cpe:CPE)))\n exit(0);\n\nif(!infos = get_app_version_and_location(cpe:CPE, port:tomPort, exit_no_version:TRUE))\n exit(0);\n\nappVer = infos[\"version\"];\npath = infos[\"location\"];\n\nif(appVer =~ \"^6\\.\")\n{\n if((revcomp(a: appVer, b: \"6.0.50\") < 0) &&\n (revcomp(a: appVer, b: \"6.0.16\") >= 0)){\n fix = \"6.0.50\";\n }\n}\n\nelse if(appVer =~ \"^7\\.\")\n{\n if(revcomp(a: appVer, b: \"7.0.75\") < 0){\n fix = \"7.0.75\";\n }\n}\n\nelse if(appVer =~ \"^8\\.5\\.\")\n{\n if(revcomp(a: appVer, b: \"8.5.9\") < 0){\n fix = \"8.5.9\";\n }\n}\n\nelse if(appVer =~ \"^8\\.\")\n{\n if(revcomp(a: appVer, b: \"8.0.41\") < 0){\n fix = \"8.0.41\";\n }\n}\n\nelse if(appVer =~ \"^9\\.\")\n{\n if(revcomp(a: appVer, b: \"9.0.0.M15\") < 0){\n fix = \"9.0.0.M15\";\n }\n}\n\nif(fix)\n{\n report = report_fixed_ver(installed_version:appVer, fixed_version:fix, install_path:path);\n security_message(data:report, port:tomPort);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2017-09-04T14:22:14", "description": "It was discovered that incorrect\nerror handling in the NIO HTTP connector of the Tomcat servlet and JSP engine\ncould result in information disclosure.", "cvss3": {}, "published": "2017-01-08T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3754-1 (tomcat7 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8745"], "modified": "2017-08-31T00:00:00", "id": "OPENVAS:703754", "href": "http://plugins.openvas.org/nasl.php?oid=703754", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3754.nasl 7026 2017-08-31 06:13:04Z asteins $\n# Auto-generated from advisory DSA 3754-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703754);\n script_version(\"$Revision: 7026 $\");\n script_cve_id(\"CVE-2016-8745\");\n script_name(\"Debian Security Advisory DSA 3754-1 (tomcat7 - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-08-31 08:13:04 +0200 (Thu, 31 Aug 2017) $\");\n script_tag(name: \"creation_date\", value: \"2017-01-08 00:00:00 +0100 (Sun, 08 Jan 2017)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2017/dsa-3754.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"tomcat7 on Debian Linux\");\n script_tag(name: \"insight\", value: \"Apache Tomcat implements the Java\nServlet and the JavaServer Pages (JSP) specifications from Sun Microsystems,\nand provides a 'pure Java' HTTP web server environment for Java code to run.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie),\nthis problem has been fixed in version 7.0.56-3+deb8u7.\n\nWe recommend that you upgrade your tomcat7 packages.\");\n script_tag(name: \"summary\", value: \"It was discovered that incorrect\nerror handling in the NIO HTTP connector of the Tomcat servlet and JSP engine\ncould result in information disclosure.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libservlet3.0-java\", ver:\"7.0.56-3+deb8u7\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libservlet3.0-java-doc\", ver:\"7.0.56-3+deb8u7\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtomcat7-java\", ver:\"7.0.56-3+deb8u7\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7\", ver:\"7.0.56-3+deb8u7\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7-admin\", ver:\"7.0.56-3+deb8u7\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7-common\", ver:\"7.0.56-3+deb8u7\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7-docs\", ver:\"7.0.56-3+deb8u7\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7-examples\", ver:\"7.0.56-3+deb8u7\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7-user\", ver:\"7.0.56-3+deb8u7\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-05-29T18:33:53", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-03-02T00:00:00", "type": "openvas", "title": "Fedora Update for tomcat FEDORA-2017-19c5440abe", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8745"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872428", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872428", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tomcat FEDORA-2017-19c5440abe\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872428\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-03-02 05:57:29 +0100 (Thu, 02 Mar 2017)\");\n script_cve_id(\"CVE-2016-8745\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for tomcat FEDORA-2017-19c5440abe\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"tomcat on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-19c5440abe\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TRWTBQBY4PA72E4QQYXHFD6XTYM73JGF\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~8.0.41~1.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:34:02", "description": "It was discovered that incorrect\nerror handling in the NIO HTTP connector of the Tomcat servlet and JSP engine\ncould result in information disclosure.", "cvss3": {}, "published": "2017-01-08T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3754-1 (tomcat7 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8745"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703754", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703754", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3754.nasl 14280 2019-03-18 14:50:45Z cfischer $\n# Auto-generated from advisory DSA 3754-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703754\");\n script_version(\"$Revision: 14280 $\");\n script_cve_id(\"CVE-2016-8745\");\n script_name(\"Debian Security Advisory DSA 3754-1 (tomcat7 - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:50:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-01-08 00:00:00 +0100 (Sun, 08 Jan 2017)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2017/dsa-3754.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"tomcat7 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie),\nthis problem has been fixed in version 7.0.56-3+deb8u7.\n\nWe recommend that you upgrade your tomcat7 packages.\");\n script_tag(name:\"summary\", value:\"It was discovered that incorrect\nerror handling in the NIO HTTP connector of the Tomcat servlet and JSP engine\ncould result in information disclosure.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libservlet3.0-java\", ver:\"7.0.56-3+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libservlet3.0-java-doc\", ver:\"7.0.56-3+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtomcat7-java\", ver:\"7.0.56-3+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7\", ver:\"7.0.56-3+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7-admin\", ver:\"7.0.56-3+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7-common\", ver:\"7.0.56-3+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7-docs\", ver:\"7.0.56-3+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7-examples\", ver:\"7.0.56-3+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7-user\", ver:\"7.0.56-3+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:34:08", "description": "It was discovered that incorrect error\nhandling in the NIO HTTP connector of the Tomcat servlet and JSP engine could\nresult in information disclosure.", "cvss3": {}, "published": "2017-01-08T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3755-1 (tomcat8 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8745"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703755", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703755", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3755.nasl 14280 2019-03-18 14:50:45Z cfischer $\n# Auto-generated from advisory DSA 3755-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703755\");\n script_version(\"$Revision: 14280 $\");\n script_cve_id(\"CVE-2016-8745\");\n script_name(\"Debian Security Advisory DSA 3755-1 (tomcat8 - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:50:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-01-08 00:00:00 +0100 (Sun, 08 Jan 2017)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2017/dsa-3755.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(9|8)\");\n script_tag(name:\"affected\", value:\"tomcat8 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie),\nthis problem has been fixed in version 8.0.14-1+deb8u6.\n\nFor the testing distribution (stretch), this problem has been fixed\nin version 8.5.9-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 8.5.9-1.\n\nWe recommend that you upgrade your tomcat8 packages.\");\n script_tag(name:\"summary\", value:\"It was discovered that incorrect error\nhandling in the NIO HTTP connector of the Tomcat servlet and JSP engine could\nresult in information disclosure.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libservlet3.1-java\", ver:\"8.5.9-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libservlet3.1-java-doc\", ver:\"8.5.9-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtomcat8-embed-java\", ver:\"8.5.9-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtomcat8-java\", ver:\"8.5.9-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8\", ver:\"8.5.9-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8-admin\", ver:\"8.5.9-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8-common\", ver:\"8.5.9-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8-docs\", ver:\"8.5.9-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8-examples\", ver:\"8.5.9-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8-user\", ver:\"8.5.9-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libservlet3.1-java\", ver:\"8.0.14-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libservlet3.1-java-doc\", ver:\"8.0.14-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtomcat8-java\", ver:\"8.0.14-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8\", ver:\"8.0.14-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8-admin\", ver:\"8.0.14-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8-common\", ver:\"8.0.14-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8-docs\", ver:\"8.0.14-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8-examples\", ver:\"8.0.14-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8-user\", ver:\"8.0.14-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-03-05T18:32:21", "description": "This host is installed with Apache Tomcat\n and is prone to information disclosure vulnerability.", "cvss3": {}, "published": "2017-03-24T00:00:00", "type": "openvas", "title": "Apache Tomcat HTTP Request Line Information Disclosure Vulnerability (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816"], "modified": "2020-03-04T00:00:00", "id": "OPENVAS:1361412562310810717", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810717", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_apache_tomcat_http_req_line_info_disc_vuln_win.nasl 69688 2016-07-24 11:25:47 +0530 March$\n#\n# Apache Tomcat HTTP Request Line Information Disclosure Vulnerability (Windows)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:tomcat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810717\");\n script_version(\"2020-03-04T09:29:37+0000\");\n script_cve_id(\"CVE-2016-6816\");\n script_bugtraq_id(94461);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-03-04 09:29:37 +0000 (Wed, 04 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-03-24 13:05:36 +0530 (Fri, 24 Mar 2017)\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_name(\"Apache Tomcat HTTP Request Line Information Disclosure Vulnerability (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apache Tomcat\n and is prone to information disclosure vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The code that parsed the HTTP request line\n permitted invalid characters. This could be exploited, in conjunction with a\n proxy that also permitted the invalid characters but with a different\n interpretation, to inject data into the HTTP response.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to poison a web-cache, perform an XSS attack and/or obtain sensitive\n information from requests other then their own.\");\n\n script_tag(name:\"affected\", value:\"Apache Tomcat versions 9.0.0.M1 to 9.0.0.M11,\n Apache Tomcat versions 8.5.0 to 8.5.6,\n Apache Tomcat versions 8.0.0.RC1 to 8.0.38,\n Apache Tomcat versions 7.0.0 to 7.0.72, and\n Apache Tomcat versions 6.0.0 to 6.0.47 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to version 9.0.0.M13,\n 8.5.8, 8.0.39, 7.0.73, 6.0.48 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48\");\n script_xref(name:\"URL\", value:\"https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73\");\n script_xref(name:\"URL\", value:\"https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39\");\n script_xref(name:\"URL\", value:\"https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.8\");\n script_xref(name:\"URL\", value:\"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.0.M13\");\n script_xref(name:\"URL\", value:\"https://qnalist.com/questions/7885204/security-cve-2016-6816-apache-tomcat-information-disclosure\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Web Servers\");\n script_dependencies(\"gb_apache_tomcat_consolidation.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"apache/tomcat/detected\", \"Host/runs_windows\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(isnull(tomPort = get_app_port(cpe:CPE)))\n exit(0);\n\nif(!infos = get_app_version_and_location(cpe:CPE, port:tomPort, exit_no_version:TRUE))\n exit(0);\n\nappVer = infos[\"version\"];\npath = infos[\"location\"];\n\nif(appVer =~ \"^[6-9]\\.\")\n{\n if(version_in_range(version:appVer, test_version:\"6.0.0\", test_version2:\"6.0.47\"))\n {\n fix = \"6.0.48\";\n VULN = TRUE;\n }\n\n else if(version_in_range(version:appVer, test_version:\"7.0.0\", test_version2:\"7.0.72\"))\n {\n fix = \"7.0.73\";\n VULN = TRUE;\n }\n\n else if(version_in_range(version:appVer, test_version:\"8.5.0\", test_version2:\"8.5.6\"))\n {\n fix = \"8.5.8\";\n VULN = TRUE;\n }\n\n else if(version_in_range(version:appVer, test_version:\"8.0.0.RC1\", test_version2:\"8.0.38\"))\n {\n fix = \"8.0.39\";\n VULN = TRUE;\n }\n\n else if(version_in_range(version:appVer, test_version:\"9.0.0.M1\", test_version2:\"9.0.0.M11\"))\n {\n fix = \"9.0.0.M13\";\n VULN = TRUE;\n }\n\n if(VULN)\n {\n report = report_fixed_ver(installed_version:appVer, fixed_version:fix, install_path:path);\n security_message(data:report, port:tomPort);\n exit(0);\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-05-12T17:07:24", "description": "This host is installed with Apache Tomcat\n and is prone to information disclosure vulnerability.", "cvss3": {}, "published": "2017-04-04T00:00:00", "type": "openvas", "title": "Apache Tomcat HTTP Request Line Information Disclosure Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816"], "modified": "2020-05-08T00:00:00", "id": "OPENVAS:1361412562310810730", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810730", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_apache_tomcat_http_req_line_info_disc_vuln.nasl 69688 2016-07-24 11:25:47 +0530 March$\n#\n# Apache Tomcat HTTP Request Line Information Disclosure Vulnerability\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:tomcat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810730\");\n script_version(\"2020-05-08T08:34:44+0000\");\n script_cve_id(\"CVE-2016-6816\");\n script_bugtraq_id(94461);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-05-08 08:34:44 +0000 (Fri, 08 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-04-04 14:36:33 +0530 (Tue, 04 Apr 2017)\");\n script_tag(name:\"qod_type\", value:\"remote_active\");\n script_name(\"Apache Tomcat HTTP Request Line Information Disclosure Vulnerability\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apache Tomcat\n and is prone to information disclosure vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The code that parsed the HTTP request line\n permitted invalid characters. This could be exploited, in conjunction with a\n proxy that also permitted the invalid characters but with a different\n interpretation, to inject data into the HTTP response.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to poison a web-cache, perform an XSS attack and/or obtain sensitive\n information from requests other then their own.\");\n\n script_tag(name:\"affected\", value:\"Apache Tomcat versions 9.0.0.M1 to 9.0.0.M11,\n Apache Tomcat versions 8.5.0 to 8.5.6,\n Apache Tomcat versions 8.0.0.RC1 to 8.0.38,\n Apache Tomcat versions 7.0.0 to 7.0.72, and\n Apache Tomcat versions 6.0.0 to 6.0.47.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to version 9.0.0.M13,\n 8.5.8, 8.0.39, 7.0.73, 6.0.48 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48\");\n script_xref(name:\"URL\", value:\"https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73\");\n script_xref(name:\"URL\", value:\"https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39\");\n script_xref(name:\"URL\", value:\"https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.8\");\n script_xref(name:\"URL\", value:\"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.0.M13\");\n script_xref(name:\"URL\", value:\"https://qnalist.com/questions/7885204/security-cve-2016-6816-apache-tomcat-information-disclosure\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Web Servers\");\n script_dependencies(\"gb_apache_tomcat_consolidation.nasl\");\n script_mandatory_keys(\"apache/tomcat/http/detected\");\n script_require_ports(\"Services/www\", 8080);\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\n\nif(!tomPort = get_app_port(cpe:CPE, service:\"www\"))\n exit(0);\n\nif(!dir = get_app_location(cpe:CPE, port:tomPort))\n exit(0);\n\nurl = dir + \"/?{{%25}}cake\\=1\";\n\n## Response will be Apache tomcat front page something like\n## https://en.wikipedia.org/wiki/File:Apache-tomcat-frontpage-epiphany-browser.jpg\nif(http_vuln_check(port:tomPort, url:url, check_header:TRUE,\n pattern:'Apache Software Foundation', extra_check:make_list('tomcat.apache.org<',\n '\"Powered by Tomcat\"', 'tomcat.gif', 'tomcat-power.gif')))\n{\n report = http_report_vuln_url( port:tomPort, url:url );\n security_message(port:tomPort, data:report);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-05T18:39:50", "description": "This host is installed with Apache Tomcat\n and is prone to information disclosure vulnerability.", "cvss3": {}, "published": "2017-03-24T00:00:00", "type": "openvas", "title": "Apache Tomcat HTTP Request Line Information Disclosure Vulnerability (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816"], "modified": "2020-03-04T00:00:00", "id": "OPENVAS:1361412562310810718", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810718", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_apache_tomcat_http_req_line_info_disc_vuln_lin.nasl 69688 2016-07-24 11:25:47 +0530 March$\n#\n# Apache Tomcat HTTP Request Line Information Disclosure Vulnerability (Linux)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:tomcat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810718\");\n script_version(\"2020-03-04T09:29:37+0000\");\n script_cve_id(\"CVE-2016-6816\");\n script_bugtraq_id(94461);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-03-04 09:29:37 +0000 (Wed, 04 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-03-24 13:27:12 +0530 (Fri, 24 Mar 2017)\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_name(\"Apache Tomcat HTTP Request Line Information Disclosure Vulnerability (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apache Tomcat\n and is prone to information disclosure vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The code that parsed the HTTP request line\n permitted invalid characters. This could be exploited, in conjunction with a\n proxy that also permitted the invalid characters but with a different\n interpretation, to inject data into the HTTP response.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to poison a web-cache, perform an XSS attack and/or obtain sensitive\n information from requests other then their own.\");\n\n script_tag(name:\"affected\", value:\"Apache Tomcat versions 9.0.0.M1 to 9.0.0.M11,\n Apache Tomcat versions 8.5.0 to 8.5.6,\n Apache Tomcat versions 8.0.0.RC1 to 8.0.38,\n Apache Tomcat versions 7.0.0 to 7.0.72, and\n Apache Tomcat versions 6.0.0 to 6.0.47 on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to version 9.0.0.M13,\n 8.5.8, 8.0.39, 7.0.73, 6.0.48 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48\");\n script_xref(name:\"URL\", value:\"https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73\");\n script_xref(name:\"URL\", value:\"https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39\");\n script_xref(name:\"URL\", value:\"https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.8\");\n script_xref(name:\"URL\", value:\"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.0.M13\");\n script_xref(name:\"URL\", value:\"https://qnalist.com/questions/7885204/security-cve-2016-6816-apache-tomcat-information-disclosure\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Web Servers\");\n script_dependencies(\"gb_apache_tomcat_consolidation.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"apache/tomcat/detected\", \"Host/runs_unixoide\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(isnull(tomPort = get_app_port(cpe:CPE)))\n exit(0);\n\nif(!infos = get_app_version_and_location(cpe:CPE, port:tomPort, exit_no_version:TRUE))\n exit(0);\n\nappVer = infos[\"version\"];\npath = infos[\"location\"];\n\nif(appVer =~ \"^[6-9]\\.\")\n{\n if(version_in_range(version:appVer, test_version:\"6.0.0\", test_version2:\"6.0.47\"))\n {\n fix = \"6.0.48\";\n VULN = TRUE;\n }\n\n else if(version_in_range(version:appVer, test_version:\"7.0.0\", test_version2:\"7.0.72\"))\n {\n fix = \"7.0.73\";\n VULN = TRUE;\n }\n\n else if(version_in_range(version:appVer, test_version:\"8.5.0\", test_version2:\"8.5.6\"))\n {\n fix = \"8.5.8\";\n VULN = TRUE;\n }\n\n else if(version_in_range(version:appVer, test_version:\"8.0.0.RC1\", test_version2:\"8.0.38\"))\n {\n fix = \"8.0.39\";\n VULN = TRUE;\n }\n\n else if(version_in_range(version:appVer, test_version:\"9.0.0.M1\", test_version2:\"9.0.0.M11\"))\n {\n fix = \"9.0.0.M13\";\n VULN = TRUE;\n }\n\n if(VULN)\n {\n report = report_fixed_ver(installed_version:appVer, fixed_version:fix, install_path:path);\n security_message(data:report, port:tomPort);\n exit(0);\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:26:52", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-05-16T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for tomcat (openSUSE-SU-2017:1292-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8745", "CVE-2017-5647", "CVE-2017-5648"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851553", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851553", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851553\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-05-16 06:53:12 +0200 (Tue, 16 May 2017)\");\n script_cve_id(\"CVE-2016-8745\", \"CVE-2017-5647\", \"CVE-2017-5648\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for tomcat (openSUSE-SU-2017:1292-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for tomcat fixes the following issues:\n\n - CVE-2017-5647 Pipelined requests could lead to information disclosure\n (bsc#1033448)\n\n - CVE-2017-5648 Untrusted application could retain listener leading to\n information disclosure (bsc#1033447)\n\n - CVE-2016-8745 shared Processor on Connector code could lead to\n information disclosure (bsc#1015119)\n\n This update was imported from the SUSE:SLE-12-SP1:Update and\n SUSE:SLE-12-SP2:Update update projects.\");\n\n script_tag(name:\"affected\", value:\"tomcat on openSUSE Leap 42.2, openSUSE Leap 42.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:1292-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(openSUSELeap42\\.2|openSUSELeap42\\.1)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.2\") {\n if(!isnull(res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~8.0.43~6.7.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-admin-webapps\", rpm:\"tomcat-admin-webapps~8.0.43~6.7.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-docs-webapp\", rpm:\"tomcat-docs-webapp~8.0.43~6.7.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-el-3_0-api\", rpm:\"tomcat-el-3_0-api~8.0.43~6.7.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-embed\", rpm:\"tomcat-embed~8.0.43~6.7.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-javadoc\", rpm:\"tomcat-javadoc~8.0.43~6.7.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-jsp-2_3-api\", rpm:\"tomcat-jsp-2_3-api~8.0.43~6.7.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-jsvc\", rpm:\"tomcat-jsvc~8.0.43~6.7.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-lib\", rpm:\"tomcat-lib~8.0.43~6.7.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-servlet-3_1-api\", rpm:\"tomcat-servlet-3_1-api~8.0.43~6.7.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-webapps\", rpm:\"tomcat-webapps~8.0.43~6.7.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"openSUSELeap42.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~8.0.43~17.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-admin-webapps\", rpm:\"tomcat-admin-webapps~8.0.43~17.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-docs-webapp\", rpm:\"tomcat-docs-webapp~8.0.43~17.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-el-3_0-api\", rpm:\"tomcat-el-3_0-api~8.0.43~17.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-embed\", rpm:\"tomcat-embed~8.0.43~17.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-javadoc\", rpm:\"tomcat-javadoc~8.0.43~17.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-jsp-2_3-api\", rpm:\"tomcat-jsp-2_3-api~8.0.43~17.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-jsvc\", rpm:\"tomcat-jsvc~8.0.43~17.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-lib\", rpm:\"tomcat-lib~8.0.43~17.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-servlet-3_1-api\", rpm:\"tomcat-servlet-3_1-api~8.0.43~17.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-webapps\", rpm:\"tomcat-webapps~8.0.43~17.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:29", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-16T00:00:00", "type": "openvas", "title": "Fedora Update for tomcat FEDORA-2016-9c33466fbb", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-6817", "CVE-2016-8735"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872150", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872150", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tomcat FEDORA-2016-9c33466fbb\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872150\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-16 06:03:12 +0100 (Fri, 16 Dec 2016)\");\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-6817\", \"CVE-2016-8735\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for tomcat FEDORA-2016-9c33466fbb\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"tomcat on Fedora 23\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-9c33466fbb\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PENNFBRKLWKJB57BLHAVVE7N7SNJZAAG\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC23\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~8.0.39~1.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:33", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-16T00:00:00", "type": "openvas", "title": "Fedora Update for tomcat FEDORA-2016-a98c560116", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-6817", "CVE-2016-8735"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872157", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872157", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tomcat FEDORA-2016-a98c560116\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872157\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-16 06:04:55 +0100 (Fri, 16 Dec 2016)\");\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-6817\", \"CVE-2016-8735\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for tomcat FEDORA-2016-a98c560116\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"tomcat on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-a98c560116\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UF4TZRB2ZZISKBSEVHSMDJFYA36MOY2B\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~8.0.39~1.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:31", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-16T00:00:00", "type": "openvas", "title": "Fedora Update for tomcat FEDORA-2016-98cca07999", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-6817", "CVE-2016-8735"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872149", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872149", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tomcat FEDORA-2016-98cca07999\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872149\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-16 06:03:10 +0100 (Fri, 16 Dec 2016)\");\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-6817\", \"CVE-2016-8735\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for tomcat FEDORA-2016-98cca07999\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"tomcat on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-98cca07999\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GROU4JPVEOMXRKCZLSWVE36HA3PSXAEP\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~8.0.39~1.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:14", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-01-24T00:00:00", "type": "openvas", "title": "Ubuntu Update for tomcat8 USN-3177-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9774", "CVE-2016-6796", "CVE-2016-8745", "CVE-2016-0762", "CVE-2016-6816", "CVE-2016-5388", "CVE-2016-5018", "CVE-2016-9775", "CVE-2016-8735", "CVE-2016-6794", "CVE-2016-6797"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843024", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843024", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for tomcat8 USN-3177-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843024\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-01-24 10:19:27 +0100 (Tue, 24 Jan 2017)\");\n script_cve_id(\"CVE-2016-0762\", \"CVE-2016-5018\", \"CVE-2016-5388\", \"CVE-2016-6794\",\n\t\t\"CVE-2016-6796\", \"CVE-2016-6797\", \"CVE-2016-6816\", \"CVE-2016-8735\",\n\t\t\"CVE-2016-8745\", \"CVE-2016-9774\", \"CVE-2016-9775\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for tomcat8 USN-3177-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat8'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that the Tomcat realm implementations incorrectly handled\npasswords when a username didn't exist. A remote attacker could possibly\nuse this issue to enumerate usernames. This issue only applied to Ubuntu\n12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-0762)\n\nAlvaro Munoz and Alexander Mirosh discovered that Tomcat incorrectly\nlimited use of a certain utility method. A malicious application could\npossibly use this to bypass Security Manager restrictions. This issue only\napplied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.\n(CVE-2016-5018)\n\nIt was discovered that Tomcat did not protect applications from untrusted\ndata in the HTTP_PROXY environment variable. A remote attacker could\npossibly use this issue to redirect outbound traffic to an arbitrary proxy\nserver. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and\nUbuntu 16.04 LTS. (CVE-2016-5388)\n\nIt was discovered that Tomcat incorrectly controlled reading system\nproperties. A malicious application could possibly use this to bypass\nSecurity Manager restrictions. This issue only applied to Ubuntu 12.04 LTS,\nUbuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6794)\n\nIt was discovered that Tomcat incorrectly controlled certain configuration\nparameters. A malicious application could possibly use this to bypass\nSecurity Manager restrictions. This issue only applied to Ubuntu 12.04 LTS,\nUbuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6796)\n\nIt was discovered that Tomcat incorrectly limited access to global JNDI\nresources. A malicious application could use this to access any global JNDI\nresource without an explicit ResourceLink. This issue only applied to\nUbuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6797)\n\nRegis Leroy discovered that Tomcat incorrectly filtered certain invalid\ncharacters from the HTTP request line. A remote attacker could possibly\nuse this issue to inject data into HTTP responses. (CVE-2016-6816)\n\nPierre Ernst discovered that the Tomcat JmxRemoteLifecycleListener did not\nimplement a recommended fix. A remote attacker could possibly use this\nissue to execute arbitrary code. (CVE-2016-8735)\n\nIt was discovered that Tomcat incorrectly handled error handling in the\nsend file code. A remote attacker could possibly use this issue to access\ninformation from other requests. (CVE-2016-8745)\n\nPaul Szabo discovered that the Tomcat package incorrectly handled upgrades\nand removals. A local attacker could possibly use this issue to obtain\nroot privileges. (CVE-2016-9774, CVE-2016-9775)\");\n script_tag(name:\"affected\", value:\"tomcat8 on Ubuntu 16.10,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3177-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3177-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|16\\.10|12\\.04 LTS|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtomcat7-java\", ver:\"7.0.52-1ubuntu0.8\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat7\", ver:\"7.0.52-1ubuntu0.8\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtomcat8-java\", ver:\"8.0.37-1ubuntu0.1\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat8\", ver:\"8.0.37-1ubuntu0.1\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.35-1ubuntu3.9\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6\", ver:\"6.0.35-1ubuntu3.9\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtomcat8-java\", ver:\"8.0.32-1ubuntu1.3\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat8\", ver:\"8.0.32-1ubuntu1.3\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:03", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-02-03T00:00:00", "type": "openvas", "title": "Ubuntu Update for tomcat7 USN-3177-2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9774", "CVE-2016-6796", "CVE-2016-8745", "CVE-2016-0762", "CVE-2016-6816", "CVE-2016-5388", "CVE-2016-5018", "CVE-2016-9775", "CVE-2016-8735", "CVE-2016-6794", "CVE-2016-6797"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843035", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843035", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for tomcat7 USN-3177-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843035\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-02-03 05:48:02 +0100 (Fri, 03 Feb 2017)\");\n script_cve_id(\"CVE-2016-0762\", \"CVE-2016-5018\", \"CVE-2016-5388\", \"CVE-2016-6794\",\n\t\t\"CVE-2016-6796\", \"CVE-2016-6797\", \"CVE-2016-6816\", \"CVE-2016-8735\",\n\t\t\"CVE-2016-8745\", \"CVE-2016-9774\", \"CVE-2016-9775\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for tomcat7 USN-3177-2\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat7'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"USN-3177-1 fixed vulnerabilities in Tomcat.\n The update introduced a regression in environments where Tomcat is started with\n a security manager. This update fixes the problem.\n\nOriginal advisory details:\n\nIt was discovered that the Tomcat realm implementations incorrectly handled\npasswords when a username didn't exist. A remote attacker could possibly\nuse this issue to enumerate usernames. This issue only applied to Ubuntu\n12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-0762)\nAlvaro Munoz and Alexander Mirosh discovered that Tomcat incorrectly\nlimited use of a certain utility method. A malicious application could\npossibly use this to bypass Security Manager restrictions. This issue only\napplied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.\n(CVE-2016-5018)\nIt was discovered that Tomcat did not protect applications from untrusted\ndata in the HTTP_PROXY environment variable. A remote attacker could\npossibly use this issue to redirect outbound traffic to an arbitrary proxy\nserver. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and\nUbuntu 16.04 LTS. (CVE-2016-5388)\nIt was discovered that Tomcat incorrectly controlled reading system\nproperties. A malicious application could possibly use this to bypass\nSecurity Manager restrictions. This issue only applied to Ubuntu 12.04 LTS,\nUbuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6794)\nIt was discovered that Tomcat incorrectly controlled certain configuration\nparameters. A malicious application could possibly use this to bypass\nSecurity Manager restrictions. This issue only applied to Ubuntu 12.04 LTS,\nUbuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6796)\nIt was discovered that Tomcat incorrectly limited access to global JNDI\nresources. A malicious application could use this to access any global JNDI\nresource without an explicit ResourceLink. This issue only applied to\nUbuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6797)\nRegis Leroy discovered that Tomcat incorrectly filtered certain invalid\ncharacters from the HTTP request line. A remote attacker could possibly\nuse this issue to inject data into HTTP responses. (CVE-2016-6816)\nPierre Ernst discovered that the Tomcat JmxRemoteLifecycleListener did not\nimplement a recommended fix. A remote attacker could possibly use this\nissue to execute arbitrary code. (CVE-2016-8735)\nIt was discovered that Tomcat incorrectly handled error handling in the\nsend file code. A remote attacker could possibly use this issue to access\ninformation from other requests. (CVE-2016-8745)\nPaul Szabo discovered that the Tomcat package incorrectly handled upgrades\nand removals. A local attacker could possibly use this issue to obtain\nroot privileges. (CVE-2016-9774, CVE-2016-9775)\");\n script_tag(name:\"affected\", value:\"tomcat7 on Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3177-2\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3177-2/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtomcat7-java\", ver:\"7.0.52-1ubuntu0.9\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat7\", ver:\"7.0.52-1ubuntu0.9\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libtomcat6-java\", ver:\"6.0.35-1ubuntu3.10\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"tomcat6\", ver:\"6.0.35-1ubuntu3.10\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:48", "description": "Multiple security vulnerabilities were\ndiscovered in the Tomcat servlet and JSP engine, as well as in its Debian-specific\nmaintainer scripts. Those flaws allowed for privilege escalation, information\ndisclosure, and remote code execution.\n\nAs part of this update, several regressions stemming from incomplete\nfixes for previous vulnerabilities were also fixed.", "cvss3": {}, "published": "2016-12-18T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3738-1 (tomcat7 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9774", "CVE-2016-6816", "CVE-2016-9775", "CVE-2016-8735"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703738", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703738", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3738.nasl 14279 2019-03-18 14:48:34Z cfischer $\n# Auto-generated from advisory DSA 3738-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703738\");\n script_version(\"$Revision: 14279 $\");\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-8735\", \"CVE-2016-9774\", \"CVE-2016-9775\");\n script_name(\"Debian Security Advisory DSA 3738-1 (tomcat7 - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:48:34 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-18 00:00:00 +0100 (Sun, 18 Dec 2016)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2016/dsa-3738.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(8|9)\");\n script_tag(name:\"affected\", value:\"tomcat7 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie),\nthese problems have been fixed in version 7.0.56-3+deb8u6.\n\nFor the testing (stretch) and unstable (sid) distributions, these\nproblems have been fixed in version 7.0.72-3.\n\nWe recommend that you upgrade your tomcat7 packages.\");\n script_tag(name:\"summary\", value:\"Multiple security vulnerabilities were\ndiscovered in the Tomcat servlet and JSP engine, as well as in its Debian-specific\nmaintainer scripts. Those flaws allowed for privilege escalation, information\ndisclosure, and remote code execution.\n\nAs part of this update, several regressions stemming from incomplete\nfixes for previous vulnerabilities were also fixed.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libservlet3.0-java\", ver:\"7.0.56-3+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libservlet3.0-java-doc\", ver:\"7.0.56-3+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtomcat7-java\", ver:\"7.0.56-3+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7\", ver:\"7.0.56-3+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7-admin\", ver:\"7.0.56-3+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7-common\", ver:\"7.0.56-3+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7-docs\", ver:\"7.0.56-3+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7-examples\", ver:\"7.0.56-3+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat7-user\", ver:\"7.0.56-3+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libservlet3.0-java\", ver:\"7.0.72-3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libservlet3.0-java-doc\", ver:\"7.0.72-3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:56", "description": "Multiple security vulnerabilities were\ndiscovered in the Tomcat servlet and JSP engine, as well as in its Debian-specific\nmaintainer scripts. Those flaws allowed for privilege escalation, information\ndisclosure, and remote code execution.\n\nAs part of this update, several regressions stemming from incomplete\nfixes for previous vulnerabilities were also fixed.", "cvss3": {}, "published": "2016-12-18T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3739-1 (tomcat8 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9774", "CVE-2016-6816", "CVE-2016-9775", "CVE-2016-8735"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703739", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703739", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3739.nasl 14279 2019-03-18 14:48:34Z cfischer $\n# Auto-generated from advisory DSA 3739-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703739\");\n script_version(\"$Revision: 14279 $\");\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-8735\", \"CVE-2016-9774\", \"CVE-2016-9775\");\n script_name(\"Debian Security Advisory DSA 3739-1 (tomcat8 - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:48:34 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-18 00:00:00 +0100 (Sun, 18 Dec 2016)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2016/dsa-3739.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(8|9)\");\n script_tag(name:\"affected\", value:\"tomcat8 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie),\nthese problems have been fixed in version 8.0.14-1+deb8u5.\n\nFor the testing (stretch) and unstable (sid) distributions, these problems have\nbeen fixed in version 8.5.8-2.\n\nWe recommend that you upgrade your tomcat8 packages.\");\n script_tag(name:\"summary\", value:\"Multiple security vulnerabilities were\ndiscovered in the Tomcat servlet and JSP engine, as well as in its Debian-specific\nmaintainer scripts. Those flaws allowed for privilege escalation, information\ndisclosure, and remote code execution.\n\nAs part of this update, several regressions stemming from incomplete\nfixes for previous vulnerabilities were also fixed.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libservlet3.1-java\", ver:\"8.0.14-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libservlet3.1-java-doc\", ver:\"8.0.14-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtomcat8-java\", ver:\"8.0.14-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8\", ver:\"8.0.14-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8-admin\", ver:\"8.0.14-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8-common\", ver:\"8.0.14-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8-docs\", ver:\"8.0.14-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8-examples\", ver:\"8.0.14-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8-user\", ver:\"8.0.14-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libservlet3.1-java\", ver:\"8.5.8-2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libservlet3.1-java-doc\", ver:\"8.5.8-2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtomcat8-embed-java\", ver:\"8.5.8-2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtomcat8-java\", ver:\"8.5.8-2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8\", ver:\"8.5.8-2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8-admin\", ver:\"8.5.8-2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8-common\", ver:\"8.5.8-2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8-docs\", ver:\"8.5.8-2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8-examples\", ver:\"8.5.8-2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tomcat8-user\", ver:\"8.5.8-2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:54:27", "description": "Multiple security vulnerabilities were\ndiscovered in the Tomcat servlet and JSP engine, as well as in its Debian-specific\nmaintainer scripts. Those flaws allowed for privilege escalation, information\ndisclosure, and remote code execution.\n\nAs part of this update, several regressions stemming from incomplete\nfixes for previous vulnerabilities were also fixed.", "cvss3": {}, "published": "2016-12-18T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3738-1 (tomcat7 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9774", "CVE-2016-6816", "CVE-2016-9775", "CVE-2016-8735"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703738", "href": "http://plugins.openvas.org/nasl.php?oid=703738", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3738.nasl 6608 2017-07-07 12:05:05Z cfischer $\n# Auto-generated from advisory DSA 3738-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703738);\n script_version(\"$Revision: 6608 $\");\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-8735\", \"CVE-2016-9774\", \"CVE-2016-9775\");\n script_name(\"Debian Security Advisory DSA 3738-1 (tomcat7 - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:05 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2016-12-18 00:00:00 +0100 (Sun, 18 Dec 2016)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3738.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"tomcat7 on Debian Linux\");\n script_tag(name: \"insight\", value: \"Apache Tomcat implements the Java\nServlet and the JavaServer Pages (JSP) specifications from Sun Microsystems, and\nprovides a 'pure Java' HTTP web server environment for Java code to run.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie),\nthese problems have been fixed in version 7.0.56-3+deb8u6.\n\nFor the testing (stretch) and unstable (sid) distributions, these\nproblems have been fixed in version 7.0.72-3.\n\nWe recommend that you upgrade your tomcat7 packages.\");\n script_tag(name: \"summary\", value: \"Multiple security vulnerabilities were\ndiscovered in the Tomcat servlet and JSP engine, as well as in its Debian-specific\nmaintainer scripts. Those flaws allowed for privilege escalation, information\ndisclosure, and remote code execution.\n\nAs part of this update, several regressions stemming from incomplete\nfixes for previous vulnerabilities were also fixed.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libservlet3.0-java\", ver:\"7.0.56-3+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libservlet3.0-java-doc\", ver:\"7.0.56-3+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtomcat7-java\", ver:\"7.0.56-3+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7\", ver:\"7.0.56-3+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7-admin\", ver:\"7.0.56-3+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7-common\", ver:\"7.0.56-3+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7-docs\", ver:\"7.0.56-3+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7-examples\", ver:\"7.0.56-3+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat7-user\", ver:\"7.0.56-3+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libservlet3.0-java\", ver:\"7.0.72-3\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libservlet3.0-java-doc\", ver:\"7.0.72-3\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:55:02", "description": "Multiple security vulnerabilities were\ndiscovered in the Tomcat servlet and JSP engine, as well as in its Debian-specific\nmaintainer scripts. Those flaws allowed for privilege escalation, information\ndisclosure, and remote code execution.\n\nAs part of this update, several regressions stemming from incomplete\nfixes for previous vulnerabilities were also fixed.", "cvss3": {}, "published": "2016-12-18T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3739-1 (tomcat8 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9774", "CVE-2016-6816", "CVE-2016-9775", "CVE-2016-8735"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703739", "href": "http://plugins.openvas.org/nasl.php?oid=703739", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3739.nasl 6608 2017-07-07 12:05:05Z cfischer $\n# Auto-generated from advisory DSA 3739-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703739);\n script_version(\"$Revision: 6608 $\");\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-8735\", \"CVE-2016-9774\", \"CVE-2016-9775\");\n script_name(\"Debian Security Advisory DSA 3739-1 (tomcat8 - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:05 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2016-12-18 00:00:00 +0100 (Sun, 18 Dec 2016)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3739.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"tomcat8 on Debian Linux\");\n script_tag(name: \"insight\", value: \"Apache Tomcat implements the Java\nServlet and the JavaServer Pages (JSP) specifications from Oracle, and provides\na 'pure Java' HTTP web server environment for Java code to run.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie),\nthese problems have been fixed in version 8.0.14-1+deb8u5.\n\nFor the testing (stretch) and unstable (sid) distributions, these problems have\nbeen fixed in version 8.5.8-2.\n\nWe recommend that you upgrade your tomcat8 packages.\");\n script_tag(name: \"summary\", value: \"Multiple security vulnerabilities were\ndiscovered in the Tomcat servlet and JSP engine, as well as in its Debian-specific\nmaintainer scripts. Those flaws allowed for privilege escalation, information\ndisclosure, and remote code execution.\n\nAs part of this update, several regressions stemming from incomplete\nfixes for previous vulnerabilities were also fixed.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libservlet3.1-java\", ver:\"8.0.14-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libservlet3.1-java-doc\", ver:\"8.0.14-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtomcat8-java\", ver:\"8.0.14-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8\", ver:\"8.0.14-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8-admin\", ver:\"8.0.14-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8-common\", ver:\"8.0.14-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8-docs\", ver:\"8.0.14-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8-examples\", ver:\"8.0.14-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8-user\", ver:\"8.0.14-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libservlet3.1-java\", ver:\"8.5.8-2\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libservlet3.1-java-doc\", ver:\"8.5.8-2\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtomcat8-embed-java\", ver:\"8.5.8-2\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtomcat8-java\", ver:\"8.5.8-2\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8\", ver:\"8.5.8-2\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8-admin\", ver:\"8.5.8-2\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8-common\", ver:\"8.5.8-2\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8-docs\", ver:\"8.5.8-2\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8-examples\", ver:\"8.5.8-2\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tomcat8-user\", ver:\"8.5.8-2\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-01-31T18:36:28", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-14T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for tomcat (openSUSE-SU-2016:3129-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6796", "CVE-2016-0762", "CVE-2016-6816", "CVE-2016-5018", "CVE-2016-8735", "CVE-2016-6794", "CVE-2016-6797"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851455", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851455", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851455\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-12-14 05:55:01 +0100 (Wed, 14 Dec 2016)\");\n script_cve_id(\"CVE-2016-0762\", \"CVE-2016-5018\", \"CVE-2016-6794\", \"CVE-2016-6796\",\n \"CVE-2016-6797\", \"CVE-2016-6816\", \"CVE-2016-8735\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for tomcat (openSUSE-SU-2016:3129-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for Tomcat provides the following fixes:\n\n Feature changes:\n\n The embedded Apache Commons DBCP component was updated to version 2.0.\n (bsc#1010893 fate#321029)\n\n Security fixes:\n\n - CVE-2016-0762: Realm Timing Attack (bsc#1007854)\n\n - CVE-2016-5018: Security Manager Bypass (bsc#1007855)\n\n - CVE-2016-6794: System Property Disclosure (bsc#1007857)\n\n - CVE-2016-6796: Manager Bypass (bsc#1007858)\n\n - CVE-2016-6797: Unrestricted Access to Global Resources (bsc#1007853)\n\n - CVE-2016-8735: Remote code execution vulnerability in\n JmxRemoteLifecycleListener (bsc#1011805)\n\n - CVE-2016-6816: HTTP Request smuggling vulnerability due to permitting\n invalid character in HTTP requests (bsc#1011812)\n\n Bugs fixed:\n\n - Fixed StringIndexOutOfBoundsException in WebAppClassLoaderBase.filter().\n (bsc#974407)\n\n - Fixed a deployment error in the examples webapp by changing the\n context.xml format to the new one introduced by Tomcat 8. (bsc#1004728)\n\n - Enabled optional setenv.sh script. See section '(3.4) Using the 'setenv'\n script' in the referenced documentation. (bsc#1002639)\n\n - Fixed regression caused by CVE-2016-6816.\n\n This update supplies the new packages apache-commons-pool2 and\n apache-commons-dbcp in version 2 to allow tomcat to use the DBCP 2.0\n interface.\n\n This update was imported from the SUSE:SLE-12-SP1:Update update project.\");\n\n script_tag(name:\"affected\", value:\"tomcat on openSUSE Leap 42.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:3129-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.1\");\n\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/tomcat-8.0-doc/RUNNING.txt\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"apache-commons-dbcp\", rpm:\"apache-commons-dbcp~2.1.1~2.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache-commons-dbcp-javadoc\", rpm:\"apache-commons-dbcp-javadoc~2.1.1~2.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache-commons-pool2\", rpm:\"apache-commons-pool2~2.4.2~2.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache-commons-pool2-javadoc\", rpm:\"apache-commons-pool2-javadoc~2.4.2~2.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~8.0.32~11.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-admin-webapps\", rpm:\"tomcat-admin-webapps~8.0.32~11.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-docs-webapp\", rpm:\"tomcat-docs-webapp~8.0.32~11.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-el-3_0-api\", rpm:\"tomcat-el-3_0-api~8.0.32~11.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-embed\", rpm:\"tomcat-embed~8.0.32~11.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-javadoc\", rpm:\"tomcat-javadoc~8.0.32~11.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-jsp-2_3-api\", rpm:\"tomcat-jsp-2_3-api~8.0.32~11.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-jsvc\", rpm:\"tomcat-jsvc~8.0.32~11.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-lib\", rpm:\"tomcat-lib~8.0.32~11.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-servlet-3_1-api\", rpm:\"tomcat-servlet-3_1-api~8.0.32~11.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-webapps\", rpm:\"tomcat-webapps~8.0.32~11.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:28:14", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-02-22T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for tomcat (openSUSE-SU-2016:3144-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6796", "CVE-2016-0762", "CVE-2016-6816", "CVE-2016-5018", "CVE-2016-8735", "CVE-2016-6794", "CVE-2016-6797"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851503", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851503", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851503\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-02-22 15:16:02 +0100 (Wed, 22 Feb 2017)\");\n script_cve_id(\"CVE-2016-0762\", \"CVE-2016-5018\", \"CVE-2016-6794\", \"CVE-2016-6796\",\n \"CVE-2016-6797\", \"CVE-2016-6816\", \"CVE-2016-8735\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for tomcat (openSUSE-SU-2016:3144-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for tomcat fixes the following issues:\n\n Feature changes:\n\n The embedded Apache Commons DBCP component was updated to version 2.0.\n (bsc#1010893 fate#321029)\n\n Security fixes:\n\n - CVE-2016-0762: Realm Timing Attack (bsc#1007854)\n\n - CVE-2016-5018: Security Manager Bypass (bsc#1007855)\n\n - CVE-2016-6794: System Property Disclosure (bsc#1007857)\n\n - CVE-2016-6796: Security Manager Bypass (bsc#1007858)\n\n - CVE-2016-6797: Unrestricted Access to Global Resources (bsc#1007853)\n\n - CVE-2016-8735: Remote code execution vulnerability in\n JmxRemoteLifecycleListener (bsc#1011805)\n\n - CVE-2016-6816: HTTP Request smuggling vulnerability due to permitting\n invalid character in HTTP requests (bsc#1011812)\n\n Bug fixes:\n\n - Enabled optional setenv.sh script. See section '(3.4) Using the 'setenv'\n script' in the linked documentation. (bsc#1002639)\n\n This update supplies the new packages apache-commons-pool2 and\n apache-commons-dbcp in version 2 to allow tomcat to use the DBCP 2.0\n interface.\n\n This update was imported from the SUSE:SLE-12-SP2:Update update project.\");\n\n script_tag(name:\"affected\", value:\"tomcat on openSUSE Leap 42.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:3144-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.2\");\n\n script_xref(name:\"URL\", value:\"http://tomcat.apache.org/tomcat-8.0-doc/RUNNING.txt\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.2\") {\n if(!isnull(res = isrpmvuln(pkg:\"apache-commons-dbcp\", rpm:\"apache-commons-dbcp~2.1.1~2.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache-commons-dbcp-javadoc\", rpm:\"apache-commons-dbcp-javadoc~2.1.1~2.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache-commons-pool2\", rpm:\"apache-commons-pool2~2.4.2~2.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache-commons-pool2-javadoc\", rpm:\"apache-commons-pool2-javadoc~2.4.2~2.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~8.0.36~4.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-admin-webapps\", rpm:\"tomcat-admin-webapps~8.0.36~4.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-docs-webapp\", rpm:\"tomcat-docs-webapp~8.0.36~4.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-el-3_0-api\", rpm:\"tomcat-el-3_0-api~8.0.36~4.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-embed\", rpm:\"tomcat-embed~8.0.36~4.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-javadoc\", rpm:\"tomcat-javadoc~8.0.36~4.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-jsp-2_3-api\", rpm:\"tomcat-jsp-2_3-api~8.0.36~4.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-jsvc\", rpm:\"tomcat-jsvc~8.0.36~4.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-lib\", rpm:\"tomcat-lib~8.0.36~4.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-servlet-3_1-api\", rpm:\"tomcat-servlet-3_1-api~8.0.36~4.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-webapps\", rpm:\"tomcat-webapps~8.0.36~4.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2023-01-01T04:42:26", "description": "**CentOS Errata and Security Advisory** CESA-2017:0935\n\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n* It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request error when request contains characters that are not permitted by the HTTP specification to appear not encoded, even though they were previously accepted. The newly introduced system property tomcat.util.http.parser.HttpParser.requestTargetAllow can be used to configure Tomcat to accept curly braces ({ and }) and the pipe symbol (|) in not encoded form, as these are often used in URLs without being properly encoded. \n\n* A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2017-April/071859.html\n\n**Affected packages:**\ntomcat\ntomcat-admin-webapps\ntomcat-docs-webapp\ntomcat-el-2.2-api\ntomcat-javadoc\ntomcat-jsp-2.2-api\ntomcat-jsvc\ntomcat-lib\ntomcat-servlet-3.0-api\ntomcat-webapps\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2017:0935", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-04-13T11:00:11", "type": "centos", "title": "tomcat security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816", "CVE-2016-8745"], "modified": "2017-04-13T11:00:11", "id": "CESA-2017:0935", "href": "https://lists.centos.org/pipermail/centos-announce/2017-April/071859.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-01T04:42:30", "description": "**CentOS Errata and Security Advisory** CESA-2017:0527\n\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n* It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request error when request contains characters that are not permitted by the HTTP specification to appear not encoded, even though they were previously accepted. The newly introduced system property tomcat.util.http.parser.HttpParser.requestTargetAllow can be used to configure Tomcat to accept curly braces ({ and }) and the pipe symbol (|) in not encoded form, as these are often used in URLs without being properly encoded. \n\n* A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2017-March/071817.html\n\n**Affected packages:**\ntomcat6\ntomcat6-admin-webapps\ntomcat6-docs-webapp\ntomcat6-el-2.1-api\ntomcat6-javadoc\ntomcat6-jsp-2.1-api\ntomcat6-lib\ntomcat6-servlet-2.5-api\ntomcat6-webapps\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2017:0527", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-03-17T14:19:39", "type": "centos", "title": "tomcat6 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816", "CVE-2016-8745"], "modified": "2017-03-17T14:19:39", "id": "CESA-2017:0527", "href": "https://lists.centos.org/pipermail/centos-announce/2017-March/071817.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-01-31T14:21:47", "description": "An update for tomcat is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request error when request contains characters that are not permitted by the HTTP specification to appear not encoded, even though they were previously accepted. The newly introduced system property tomcat.util.http.parser.HttpParser.requestTargetAllow can be used to configure Tomcat to accept curly braces ({ and }) and the pipe symbol (|) in not encoded form, as these are often used in URLs without being properly encoded.\n\n* A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-04-14T00:00:00", "type": "nessus", "title": "CentOS 7 : tomcat (CESA-2017:0935)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816", "CVE-2016-8745"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:tomcat", "p-cpe:/a:centos:centos:tomcat-admin-webapps", "p-cpe:/a:centos:centos:tomcat-docs-webapp", "p-cpe:/a:centos:centos:tomcat-el-2.2-api", "p-cpe:/a:centos:centos:tomcat-javadoc", "p-cpe:/a:centos:centos:tomcat-jsp-2.2-api", "p-cpe:/a:centos:centos:tomcat-jsvc", "p-cpe:/a:centos:centos:tomcat-lib", "p-cpe:/a:centos:centos:tomcat-servlet-3.0-api", "p-cpe:/a:centos:centos:tomcat-webapps", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2017-0935.NASL", "href": "https://www.tenable.com/plugins/nessus/99384", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:0935 and \n# CentOS Errata and Security Advisory 2017:0935 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99384);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-8745\");\n script_xref(name:\"RHSA\", value:\"2017:0935\");\n\n script_name(english:\"CentOS 7 : tomcat (CESA-2017:0935)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for tomcat is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* It was discovered that the code that parsed the HTTP request line\npermitted invalid characters. This could be exploited, in conjunction\nwith a proxy that also permitted the invalid characters but with a\ndifferent interpretation, to inject data into the HTTP response. By\nmanipulating the HTTP response the attacker could poison a web-cache,\nperform an XSS attack, or obtain sensitive information from requests\nother then their own. (CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request\nerror when request contains characters that are not permitted by the\nHTTP specification to appear not encoded, even though they were\npreviously accepted. The newly introduced system property\ntomcat.util.http.parser.HttpParser.requestTargetAllow can be used to\nconfigure Tomcat to accept curly braces ({ and }) and the pipe symbol\n(|) in not encoded form, as these are often used in URLs without being\nproperly encoded.\n\n* A bug was discovered in the error handling of the send file code for\nthe NIO HTTP connector. This led to the current Processor object being\nadded to the Processor cache multiple times allowing information\nleakage between requests including, and not limited to, session ID and\nthe response body. (CVE-2016-8745)\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2017-April/022384.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6f9e6646\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-6816\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-7.0.69-11.el7_3\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-admin-webapps-7.0.69-11.el7_3\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-docs-webapp-7.0.69-11.el7_3\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-el-2.2-api-7.0.69-11.el7_3\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-javadoc-7.0.69-11.el7_3\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-jsp-2.2-api-7.0.69-11.el7_3\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-jsvc-7.0.69-11.el7_3\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-lib-7.0.69-11.el7_3\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-servlet-3.0-api-7.0.69-11.el7_3\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-webapps-7.0.69-11.el7_3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-31T14:23:52", "description": "According to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response.\n By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)\n\n - A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-05-03T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP1 : tomcat (EulerOS-SA-2017-1081)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816", "CVE-2016-8745"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:tomcat", "p-cpe:/a:huawei:euleros:tomcat-admin-webapps", "p-cpe:/a:huawei:euleros:tomcat-el-2.2-api", "p-cpe:/a:huawei:euleros:tomcat-jsp-2.2-api", "p-cpe:/a:huawei:euleros:tomcat-lib", "p-cpe:/a:huawei:euleros:tomcat-servlet-3.0-api", "p-cpe:/a:huawei:euleros:tomcat-webapps", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1081.NASL", "href": "https://www.tenable.com/plugins/nessus/99947", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99947);\n script_version(\"3.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-6816\",\n \"CVE-2016-8745\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : tomcat (EulerOS-SA-2017-1081)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the tomcat packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - It was discovered that the code that parsed the HTTP\n request line permitted invalid characters. This could\n be exploited, in conjunction with a proxy that also\n permitted the invalid characters but with a different\n interpretation, to inject data into the HTTP response.\n By manipulating the HTTP response the attacker could\n poison a web-cache, perform an XSS attack, or obtain\n sensitive information from requests other then their\n own. (CVE-2016-6816)\n\n - A bug was discovered in the error handling of the send\n file code for the NIO HTTP connector. This led to the\n current Processor object being added to the Processor\n cache multiple times allowing information leakage\n between requests including, and not limited to, session\n ID and the response body. (CVE-2016-8745)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1081\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?486df412\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected tomcat packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"tomcat-7.0.69-11\",\n \"tomcat-admin-webapps-7.0.69-11\",\n \"tomcat-el-2.2-api-7.0.69-11\",\n \"tomcat-jsp-2.2-api-7.0.69-11\",\n \"tomcat-lib-7.0.69-11\",\n \"tomcat-servlet-3.0-api-7.0.69-11\",\n \"tomcat-webapps-7.0.69-11\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-31T14:21:47", "description": "Security Fix(es) :\n\n - It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response.\n By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request error when request contains characters that are not permitted by the HTTP specification to appear not encoded, even though they were previously accepted. The newly introduced system property tomcat.util.http.parser.HttpParser.requestTargetAllow can be used to configure Tomcat to accept curly braces ({ and }) and the pipe symbol (|) in not encoded form, as these are often used in URLs without being properly encoded.\n\n - A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-04-13T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : tomcat on SL7.x (noarch) (20170412)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816", "CVE-2016-8745"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:tomcat", "p-cpe:/a:fermilab:scientific_linux:tomcat-admin-webapps", "p-cpe:/a:fermilab:scientific_linux:tomcat-docs-webapp", "p-cpe:/a:fermilab:scientific_linux:tomcat-el-2.2-api", "p-cpe:/a:fermilab:scientific_linux:tomcat-javadoc", "p-cpe:/a:fermilab:scientific_linux:tomcat-jsp-2.2-api", "p-cpe:/a:fermilab:scientific_linux:tomcat-jsvc", "p-cpe:/a:fermilab:scientific_linux:tomcat-lib", "p-cpe:/a:fermilab:scientific_linux:tomcat-servlet-3.0-api", "p-cpe:/a:fermilab:scientific_linux:tomcat-webapps", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20170412_TOMCAT_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/99353", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99353);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-8745\");\n\n script_name(english:\"Scientific Linux Security Update : tomcat on SL7.x (noarch) (20170412)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - It was discovered that the code that parsed the HTTP\n request line permitted invalid characters. This could be\n exploited, in conjunction with a proxy that also\n permitted the invalid characters but with a different\n interpretation, to inject data into the HTTP response.\n By manipulating the HTTP response the attacker could\n poison a web-cache, perform an XSS attack, or obtain\n sensitive information from requests other then their\n own. (CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request\nerror when request contains characters that are not permitted by the\nHTTP specification to appear not encoded, even though they were\npreviously accepted. The newly introduced system property\ntomcat.util.http.parser.HttpParser.requestTargetAllow can be used to\nconfigure Tomcat to accept curly braces ({ and }) and the pipe symbol\n(|) in not encoded form, as these are often used in URLs without being\nproperly encoded.\n\n - A bug was discovered in the error handling of the send\n file code for the NIO HTTP connector. This led to the\n current Processor object being added to the Processor\n cache multiple times allowing information leakage\n between requests including, and not limited to, session\n ID and the response body. (CVE-2016-8745)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1704&L=scientific-linux-errata&F=&S=&P=8502\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b0863e9c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", reference:\"tomcat-7.0.69-11.el7_3\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"tomcat-admin-webapps-7.0.69-11.el7_3\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"tomcat-docs-webapp-7.0.69-11.el7_3\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"tomcat-el-2.2-api-7.0.69-11.el7_3\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"tomcat-javadoc-7.0.69-11.el7_3\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"tomcat-jsp-2.2-api-7.0.69-11.el7_3\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"tomcat-jsvc-7.0.69-11.el7_3\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"tomcat-lib-7.0.69-11.el7_3\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"tomcat-servlet-3.0-api-7.0.69-11.el7_3\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"tomcat-webapps-7.0.69-11.el7_3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-31T14:21:47", "description": "From Red Hat Security Advisory 2017:0935 :\n\nAn update for tomcat is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request error when request contains characters that are not permitted by the HTTP specification to appear not encoded, even though they were previously accepted. The newly introduced system property tomcat.util.http.parser.HttpParser.requestTargetAllow can be used to configure Tomcat to accept curly braces ({ and }) and the pipe symbol (|) in not encoded form, as these are often used in URLs without being properly encoded.\n\n* A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-04-13T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : tomcat (ELSA-2017-0935)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816", "CVE-2016-8745"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:tomcat", "p-cpe:/a:oracle:linux:tomcat-admin-webapps", "p-cpe:/a:oracle:linux:tomcat-docs-webapp", "p-cpe:/a:oracle:linux:tomcat-el-2.2-api", "p-cpe:/a:oracle:linux:tomcat-javadoc", "p-cpe:/a:oracle:linux:tomcat-jsp-2.2-api", "p-cpe:/a:oracle:linux:tomcat-jsvc", "p-cpe:/a:oracle:linux:tomcat-lib", "p-cpe:/a:oracle:linux:tomcat-servlet-3.0-api", "p-cpe:/a:oracle:linux:tomcat-webapps", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2017-0935.NASL", "href": "https://www.tenable.com/plugins/nessus/99334", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2017:0935 and \n# Oracle Linux Security Advisory ELSA-2017-0935 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99334);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-8745\");\n script_xref(name:\"RHSA\", value:\"2017:0935\");\n\n script_name(english:\"Oracle Linux 7 : tomcat (ELSA-2017-0935)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2017:0935 :\n\nAn update for tomcat is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* It was discovered that the code that parsed the HTTP request line\npermitted invalid characters. This could be exploited, in conjunction\nwith a proxy that also permitted the invalid characters but with a\ndifferent interpretation, to inject data into the HTTP response. By\nmanipulating the HTTP response the attacker could poison a web-cache,\nperform an XSS attack, or obtain sensitive information from requests\nother then their own. (CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request\nerror when request contains characters that are not permitted by the\nHTTP specification to appear not encoded, even though they were\npreviously accepted. The newly introduced system property\ntomcat.util.http.parser.HttpParser.requestTargetAllow can be used to\nconfigure Tomcat to accept curly braces ({ and }) and the pipe symbol\n(|) in not encoded form, as these are often used in URLs without being\nproperly encoded.\n\n* A bug was discovered in the error handling of the send file code for\nthe NIO HTTP connector. This led to the current Processor object being\nadded to the Processor cache multiple times allowing information\nleakage between requests including, and not limited to, session ID and\nthe response body. (CVE-2016-8745)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2017-April/006831.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-7.0.69-11.el7_3\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-admin-webapps-7.0.69-11.el7_3\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-docs-webapp-7.0.69-11.el7_3\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-el-2.2-api-7.0.69-11.el7_3\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-javadoc-7.0.69-11.el7_3\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-jsp-2.2-api-7.0.69-11.el7_3\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-jsvc-7.0.69-11.el7_3\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-lib-7.0.69-11.el7_3\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-servlet-3.0-api-7.0.69-11.el7_3\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-webapps-7.0.69-11.el7_3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-31T14:20:57", "description": "From Red Hat Security Advisory 2017:0527 :\n\nAn update for tomcat6 is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request error when request contains characters that are not permitted by the HTTP specification to appear not encoded, even though they were previously accepted. The newly introduced system property tomcat.util.http.parser.HttpParser.requestTargetAllow can be used to configure Tomcat to accept curly braces ({ and }) and the pipe symbol (|) in not encoded form, as these are often used in URLs without being properly encoded.\n\n* A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-03-16T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : tomcat6 (ELSA-2017-0527)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816", "CVE-2016-8745"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:tomcat6", "p-cpe:/a:oracle:linux:tomcat6-admin-webapps", "p-cpe:/a:oracle:linux:tomcat6-docs-webapp", "p-cpe:/a:oracle:linux:tomcat6-el-2.1-api", "p-cpe:/a:oracle:linux:tomcat6-javadoc", "p-cpe:/a:oracle:linux:tomcat6-jsp-2.1-api", "p-cpe:/a:oracle:linux:tomcat6-lib", "p-cpe:/a:oracle:linux:tomcat6-servlet-2.5-api", "p-cpe:/a:oracle:linux:tomcat6-webapps", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2017-0527.NASL", "href": "https://www.tenable.com/plugins/nessus/97765", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2017:0527 and \n# Oracle Linux Security Advisory ELSA-2017-0527 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97765);\n script_version(\"3.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-8745\");\n script_xref(name:\"RHSA\", value:\"2017:0527\");\n\n script_name(english:\"Oracle Linux 6 : tomcat6 (ELSA-2017-0527)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2017:0527 :\n\nAn update for tomcat6 is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* It was discovered that the code that parsed the HTTP request line\npermitted invalid characters. This could be exploited, in conjunction\nwith a proxy that also permitted the invalid characters but with a\ndifferent interpretation, to inject data into the HTTP response. By\nmanipulating the HTTP response the attacker could poison a web-cache,\nperform an XSS attack, or obtain sensitive information from requests\nother then their own. (CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request\nerror when request contains characters that are not permitted by the\nHTTP specification to appear not encoded, even though they were\npreviously accepted. The newly introduced system property\ntomcat.util.http.parser.HttpParser.requestTargetAllow can be used to\nconfigure Tomcat to accept curly braces ({ and }) and the pipe symbol\n(|) in not encoded form, as these are often used in URLs without being\nproperly encoded.\n\n* A bug was discovered in the error handling of the send file code for\nthe NIO HTTP connector. This led to the current Processor object being\nadded to the Processor cache multiple times allowing information\nleakage between requests including, and not limited to, session ID and\nthe response body. (CVE-2016-8745)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2017-March/006786.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat6 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-6.0.24-105.el6_8\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-admin-webapps-6.0.24-105.el6_8\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-docs-webapp-6.0.24-105.el6_8\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-el-2.1-api-6.0.24-105.el6_8\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-javadoc-6.0.24-105.el6_8\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-jsp-2.1-api-6.0.24-105.el6_8\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-lib-6.0.24-105.el6_8\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-servlet-2.5-api-6.0.24-105.el6_8\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-webapps-6.0.24-105.el6_8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-31T14:20:57", "description": "Security Fix(es) :\n\n - It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response.\n By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request error when request contains characters that are not permitted by the HTTP specification to appear not encoded, even though they were previously accepted. The newly introduced system property tomcat.util.http.parser.HttpParser.requestTargetAllow can be used to configure Tomcat to accept curly braces ({ and }) and the pipe symbol (|) in not encoded form, as these are often used in URLs without being properly encoded.\n\n - A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-03-16T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : tomcat6 on SL6.x (noarch) (20170315)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816", "CVE-2016-8745"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:tomcat6", "p-cpe:/a:fermilab:scientific_linux:tomcat6-admin-webapps", "p-cpe:/a:fermilab:scientific_linux:tomcat6-docs-webapp", "p-cpe:/a:fermilab:scientific_linux:tomcat6-el-2.1-api", "p-cpe:/a:fermilab:scientific_linux:tomcat6-javadoc", "p-cpe:/a:fermilab:scientific_linux:tomcat6-jsp-2.1-api", "p-cpe:/a:fermilab:scientific_linux:tomcat6-lib", "p-cpe:/a:fermilab:scientific_linux:tomcat6-servlet-2.5-api", "p-cpe:/a:fermilab:scientific_linux:tomcat6-webapps", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20170315_TOMCAT6_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/97770", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97770);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-8745\");\n\n script_name(english:\"Scientific Linux Security Update : tomcat6 on SL6.x (noarch) (20170315)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - It was discovered that the code that parsed the HTTP\n request line permitted invalid characters. This could be\n exploited, in conjunction with a proxy that also\n permitted the invalid characters but with a different\n interpretation, to inject data into the HTTP response.\n By manipulating the HTTP response the attacker could\n poison a web-cache, perform an XSS attack, or obtain\n sensitive information from requests other then their\n own. (CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request\nerror when request contains characters that are not permitted by the\nHTTP specification to appear not encoded, even though they were\npreviously accepted. The newly introduced system property\ntomcat.util.http.parser.HttpParser.requestTargetAllow can be used to\nconfigure Tomcat to accept curly braces ({ and }) and the pipe symbol\n(|) in not encoded form, as these are often used in URLs without being\nproperly encoded.\n\n - A bug was discovered in the error handling of the send\n file code for the NIO HTTP connector. This led to the\n current Processor object being added to the Processor\n cache multiple times allowing information leakage\n between requests including, and not limited to, session\n ID and the response body. (CVE-2016-8745)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1703&L=scientific-linux-errata&F=&S=&P=8501\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dc04edf8\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-6.0.24-105.el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-admin-webapps-6.0.24-105.el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-docs-webapp-6.0.24-105.el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-el-2.1-api-6.0.24-105.el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-javadoc-6.0.24-105.el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-jsp-2.1-api-6.0.24-105.el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-lib-6.0.24-105.el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-servlet-2.5-api-6.0.24-105.el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-webapps-6.0.24-105.el6_8\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-31T14:21:11", "description": "An update for tomcat6 is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request error when request contains characters that are not permitted by the HTTP specification to appear not encoded, even though they were previously accepted. The newly introduced system property tomcat.util.http.parser.HttpParser.requestTargetAllow can be used to configure Tomcat to accept curly braces ({ and }) and the pipe symbol (|) in not encoded form, as these are often used in URLs without being properly encoded.\n\n* A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-03-20T00:00:00", "type": "nessus", "title": "CentOS 6 : tomcat6 (CESA-2017:0527)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816", "CVE-2016-8745"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:tomcat6", "p-cpe:/a:centos:centos:tomcat6-admin-webapps", "p-cpe:/a:centos:centos:tomcat6-docs-webapp", "p-cpe:/a:centos:centos:tomcat6-el-2.1-api", "p-cpe:/a:centos:centos:tomcat6-javadoc", "p-cpe:/a:centos:centos:tomcat6-jsp-2.1-api", "p-cpe:/a:centos:centos:tomcat6-lib", "p-cpe:/a:centos:centos:tomcat6-servlet-2.5-api", "p-cpe:/a:centos:centos:tomcat6-webapps", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2017-0527.NASL", "href": "https://www.tenable.com/plugins/nessus/97795", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:0527 and \n# CentOS Errata and Security Advisory 2017:0527 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97795);\n script_version(\"3.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-8745\");\n script_xref(name:\"RHSA\", value:\"2017:0527\");\n\n script_name(english:\"CentOS 6 : tomcat6 (CESA-2017:0527)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for tomcat6 is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* It was discovered that the code that parsed the HTTP request line\npermitted invalid characters. This could be exploited, in conjunction\nwith a proxy that also permitted the invalid characters but with a\ndifferent interpretation, to inject data into the HTTP response. By\nmanipulating the HTTP response the attacker could poison a web-cache,\nperform an XSS attack, or obtain sensitive information from requests\nother then their own. (CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request\nerror when request contains characters that are not permitted by the\nHTTP specification to appear not encoded, even though they were\npreviously accepted. The newly introduced system property\ntomcat.util.http.parser.HttpParser.requestTargetAllow can be used to\nconfigure Tomcat to accept curly braces ({ and }) and the pipe symbol\n(|) in not encoded form, as these are often used in URLs without being\nproperly encoded.\n\n* A bug was discovered in the error handling of the send file code for\nthe NIO HTTP connector. This led to the current Processor object being\nadded to the Processor cache multiple times allowing information\nleakage between requests including, and not limited to, session ID and\nthe response body. (CVE-2016-8745)\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2017-March/022342.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c36d97ba\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat6 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-6816\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-6.0.24-105.el6_8\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-admin-webapps-6.0.24-105.el6_8\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-docs-webapp-6.0.24-105.el6_8\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-el-2.1-api-6.0.24-105.el6_8\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-javadoc-6.0.24-105.el6_8\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-jsp-2.1-api-6.0.24-105.el6_8\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-lib-6.0.24-105.el6_8\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-servlet-2.5-api-6.0.24-105.el6_8\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-webapps-6.0.24-105.el6_8\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-31T14:26:06", "description": "An update for tomcat is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request error when request contains characters that are not permitted by the HTTP specification to appear not encoded, even though they were previously accepted. The newly introduced system property tomcat.util.http.parser.HttpParser.requestTargetAllow can be used to configure Tomcat to accept curly braces ({ and }) and the pipe symbol (|) in not encoded form, as these are often used in URLs without being properly encoded.\n\n* A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)\n\nNote that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-07-13T00:00:00", "type": "nessus", "title": "Virtuozzo 7 : tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc (VZLSA-2017-0935)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816", "CVE-2016-8745"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:virtuozzo:virtuozzo:tomcat", "p-cpe:/a:virtuozzo:virtuozzo:tomcat-admin-webapps", "p-cpe:/a:virtuozzo:virtuozzo:tomcat-docs-webapp", "p-cpe:/a:virtuozzo:virtuozzo:tomcat-el-2.2-api", "p-cpe:/a:virtuozzo:virtuozzo:tomcat-javadoc", "p-cpe:/a:virtuozzo:virtuozzo:tomcat-jsp-2.2-api", "p-cpe:/a:virtuozzo:virtuozzo:tomcat-jsvc", "p-cpe:/a:virtuozzo:virtuozzo:tomcat-lib", "p-cpe:/a:virtuozzo:virtuozzo:tomcat-servlet-3.0-api", "p-cpe:/a:virtuozzo:virtuozzo:tomcat-webapps", "cpe:/o:virtuozzo:virtuozzo:7"], "id": "VIRTUOZZO_VZLSA-2017-0935.NASL", "href": "https://www.tenable.com/plugins/nessus/101450", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101450);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2016-6816\",\n \"CVE-2016-8745\"\n );\n\n script_name(english:\"Virtuozzo 7 : tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc (VZLSA-2017-0935)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for tomcat is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* It was discovered that the code that parsed the HTTP request line\npermitted invalid characters. This could be exploited, in conjunction\nwith a proxy that also permitted the invalid characters but with a\ndifferent interpretation, to inject data into the HTTP response. By\nmanipulating the HTTP response the attacker could poison a web-cache,\nperform an XSS attack, or obtain sensitive information from requests\nother then their own. (CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request\nerror when request contains characters that are not permitted by the\nHTTP specification to appear not encoded, even though they were\npreviously accepted. The newly introduced system property\ntomcat.util.http.parser.HttpParser.requestTargetAllow can be used to\nconfigure Tomcat to accept curly braces ({ and }) and the pipe symbol\n(|) in not encoded form, as these are often used in URLs without being\nproperly encoded.\n\n* A bug was discovered in the error handling of the send file code for\nthe NIO HTTP connector. This led to the current Processor object being\nadded to the Processor cache multiple times allowing information\nleakage between requests including, and not limited to, session ID and\nthe response body. (CVE-2016-8745)\n\nNote that Tenable Network Security has attempted to extract the\npreceding description block directly from the corresponding Red Hat\nsecurity advisory. Virtuozzo provides no description for VZLSA\nadvisories. Tenable has attempted to automatically clean and format\nit as much as possible without introducing additional issues.\");\n # http://repo.virtuozzo.com/vzlinux/announcements/json/VZLSA-2017-0935.json\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cf47d5ba\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2017-0935\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:tomcat-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:tomcat-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:tomcat-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:tomcat-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:tomcat-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:tomcat-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:7\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 7.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nflag = 0;\n\npkgs = [\"tomcat-7.0.69-11.vl7\",\n \"tomcat-admin-webapps-7.0.69-11.vl7\",\n \"tomcat-docs-webapp-7.0.69-11.vl7\",\n \"tomcat-el-2.2-api-7.0.69-11.vl7\",\n \"tomcat-javadoc-7.0.69-11.vl7\",\n \"tomcat-jsp-2.2-api-7.0.69-11.vl7\",\n \"tomcat-jsvc-7.0.69-11.vl7\",\n \"tomcat-lib-7.0.69-11.vl7\",\n \"tomcat-servlet-3.0-api-7.0.69-11.vl7\",\n \"tomcat-webapps-7.0.69-11.vl7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"Virtuozzo-7\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-31T14:25:28", "description": "An update for tomcat6 is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request error when request contains characters that are not permitted by the HTTP specification to appear not encoded, even though they were previously accepted. The newly introduced system property tomcat.util.http.parser.HttpParser.requestTargetAllow can be used to configure Tomcat to accept curly braces ({ and }) and the pipe symbol (|) in not encoded form, as these are often used in URLs without being properly encoded.\n\n* A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)\n\nNote that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-07-13T00:00:00", "type": "nessus", "title": "Virtuozzo 6 : tomcat6 / tomcat6-admin-webapps / etc (VZLSA-2017-0527)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816", "CVE-2016-8745"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:virtuozzo:virtuozzo:tomcat6", "p-cpe:/a:virtuozzo:virtuozzo:tomcat6-admin-webapps", "p-cpe:/a:virtuozzo:virtuozzo:tomcat6-docs-webapp", "p-cpe:/a:virtuozzo:virtuozzo:tomcat6-el-2.1-api", "p-cpe:/a:virtuozzo:virtuozzo:tomcat6-javadoc", "p-cpe:/a:virtuozzo:virtuozzo:tomcat6-jsp-2.1-api", "p-cpe:/a:virtuozzo:virtuozzo:tomcat6-lib", "p-cpe:/a:virtuozzo:virtuozzo:tomcat6-servlet-2.5-api", "p-cpe:/a:virtuozzo:virtuozzo:tomcat6-webapps", "cpe:/o:virtuozzo:virtuozzo:6"], "id": "VIRTUOZZO_VZLSA-2017-0527.NASL", "href": "https://www.tenable.com/plugins/nessus/101438", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101438);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2016-6816\",\n \"CVE-2016-8745\"\n );\n\n script_name(english:\"Virtuozzo 6 : tomcat6 / tomcat6-admin-webapps / etc (VZLSA-2017-0527)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for tomcat6 is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* It was discovered that the code that parsed the HTTP request line\npermitted invalid characters. This could be exploited, in conjunction\nwith a proxy that also permitted the invalid characters but with a\ndifferent interpretation, to inject data into the HTTP response. By\nmanipulating the HTTP response the attacker could poison a web-cache,\nperform an XSS attack, or obtain sensitive information from requests\nother then their own. (CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request\nerror when request contains characters that are not permitted by the\nHTTP specification to appear not encoded, even though they were\npreviously accepted. The newly introduced system property\ntomcat.util.http.parser.HttpParser.requestTargetAllow can be used to\nconfigure Tomcat to accept curly braces ({ and }) and the pipe symbol\n(|) in not encoded form, as these are often used in URLs without being\nproperly encoded.\n\n* A bug was discovered in the error handling of the send file code for\nthe NIO HTTP connector. This led to the current Processor object being\nadded to the Processor cache multiple times allowing information\nleakage between requests including, and not limited to, session ID and\nthe response body. (CVE-2016-8745)\n\nNote that Tenable Network Security has attempted to extract the\npreceding description block directly from the corresponding Red Hat\nsecurity advisory. Virtuozzo provides no description for VZLSA\nadvisories. Tenable has attempted to automatically clean and format\nit as much as possible without introducing additional issues.\");\n # http://repo.virtuozzo.com/vzlinux/announcements/json/VZLSA-2017-0527.json\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f9920be2\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2017-0527\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected tomcat6 / tomcat6-admin-webapps / etc package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:6\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 6.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nflag = 0;\n\npkgs = [\"tomcat6-6.0.24-105.vl6\",\n \"tomcat6-admin-webapps-6.0.24-105.vl6\",\n \"tomcat6-docs-webapp-6.0.24-105.vl6\",\n \"tomcat6-el-2.1-api-6.0.24-105.vl6\",\n \"tomcat6-javadoc-6.0.24-105.vl6\",\n \"tomcat6-jsp-2.1-api-6.0.24-105.vl6\",\n \"tomcat6-lib-6.0.24-105.vl6\",\n \"tomcat6-servlet-2.5-api-6.0.24-105.vl6\",\n \"tomcat6-webapps-6.0.24-105.vl6\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"Virtuozzo-6\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-02T14:50:26", "description": "It was discovered that the code that parsed the HTTP request line permitted\n\ninvalid characters. This could be exploited, in conjunction with a proxy that\n\nalso permitted the invalid characters but with a different interpretation, to\n\ninject data into the HTTP response. By manipulating the HTTP response the\n\nattacker could poison a web-cache, perform an XSS attack, or obtain sensitive\n\ninformation from requests other then their own. (CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request error when\n\nrequest contains characters that are not permitted by the HTTP specification to\n\nappear not encoded, even though they were previously accepted. The newly\n\nintroduced system property tomcat.util.http.parser.HttpParser.requestTargetAllow\n\ncan be used to configure Tomcat to accept curly braces ({ and }) and the pipe\n\nsymbol (|) in not encoded form, as these are often used in URLs without being\n\nproperly encoded.\n\n - A bug was discovered in the error handling of the send file code for the NIO\n\nHTTP connector. This led to the current Processor object being added to the\n\nProcessor cache multiple times allowing information leakage between requests\n\nincluding, and not limited to, session ID and the response body.\n(CVE-2016-8745)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-03-30T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : tomcat6 (ALAS-2017-810)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816", "CVE-2016-8745"], "modified": "2019-04-10T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:tomcat6", "p-cpe:/a:amazon:linux:tomcat6-admin-webapps", "p-cpe:/a:amazon:linux:tomcat6-docs-webapp", "p-cpe:/a:amazon:linux:tomcat6-el-2.1-api", "p-cpe:/a:amazon:linux:tomcat6-javadoc", "p-cpe:/a:amazon:linux:tomcat6-jsp-2.1-api", "p-cpe:/a:amazon:linux:tomcat6-lib", "p-cpe:/a:amazon:linux:tomcat6-servlet-2.5-api", "p-cpe:/a:amazon:linux:tomcat6-webapps", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2017-810.NASL", "href": "https://www.tenable.com/plugins/nessus/99037", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2017-810.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99037);\n script_version(\"3.7\");\n script_cvs_date(\"Date: 2019/04/10 16:10:16\");\n\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-8745\");\n script_xref(name:\"ALAS\", value:\"2017-810\");\n script_xref(name:\"RHSA\", value:\"2017:0527\");\n\n script_name(english:\"Amazon Linux AMI : tomcat6 (ALAS-2017-810)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the code that parsed the HTTP request line\npermitted\n\ninvalid characters. This could be exploited, in conjunction with a\nproxy that\n\nalso permitted the invalid characters but with a different\ninterpretation, to\n\ninject data into the HTTP response. By manipulating the HTTP response\nthe\n\nattacker could poison a web-cache, perform an XSS attack, or obtain\nsensitive\n\ninformation from requests other then their own. (CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request\nerror when\n\nrequest contains characters that are not permitted by the HTTP\nspecification to\n\nappear not encoded, even though they were previously accepted. The\nnewly\n\nintroduced system property\ntomcat.util.http.parser.HttpParser.requestTargetAllow\n\ncan be used to configure Tomcat to accept curly braces ({ and }) and\nthe pipe\n\nsymbol (|) in not encoded form, as these are often used in URLs\nwithout being\n\nproperly encoded.\n\n - A bug was discovered in the error handling of the send\n file code for the NIO\n\nHTTP connector. This led to the current Processor object being added\nto the\n\nProcessor cache multiple times allowing information leakage between\nrequests\n\nincluding, and not limited to, session ID and the response body.\n(CVE-2016-8745)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2017-810.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update tomcat6' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-6.0.51-1.10.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-admin-webapps-6.0.51-1.10.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-docs-webapp-6.0.51-1.10.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-el-2.1-api-6.0.51-1.10.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-javadoc-6.0.51-1.10.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-jsp-2.1-api-6.0.51-1.10.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-lib-6.0.51-1.10.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-servlet-2.5-api-6.0.51-1.10.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-webapps-6.0.51-1.10.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-31T14:17:38", "description": "A bug in the error handling of the send file code for the NIO HTTP connector resulted in the current Processor object being added to the Processor cache multiple times. This in turn meant that the same Processor could be used for concurrent requests. Sharing a Processor can result in information leakage between requests including, not limited to, session ID and the response body.\n\nIn addition this update also addresses a regression when running Tomcat 7 with SecurityManager enabled due to an incomplete fix for CVE-2016-6816.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 7.0.28-4+deb7u9.\n\nWe recommend that you upgrade your tomcat7 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-01-11T00:00:00", "type": "nessus", "title": "Debian DLA-779-1 : tomcat7 security update", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816", "CVE-2016-8745"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libservlet3.0-java", "p-cpe:/a:debian:debian_linux:libservlet3.0-java-doc", "p-cpe:/a:debian:debian_linux:libtomcat7-java", "p-cpe:/a:debian:debian_linux:tomcat7", "p-cpe:/a:debian:debian_linux:tomcat7-admin", "p-cpe:/a:debian:debian_linux:tomcat7-common", "p-cpe:/a:debian:debian_linux:tomcat7-docs", "p-cpe:/a:debian:debian_linux:tomcat7-examples", "p-cpe:/a:debian:debian_linux:tomcat7-user", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-779.NASL", "href": "https://www.tenable.com/plugins/nessus/96396", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-779-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96396);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-8745\");\n\n script_name(english:\"Debian DLA-779-1 : tomcat7 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A bug in the error handling of the send file code for the NIO HTTP\nconnector resulted in the current Processor object being added to the\nProcessor cache multiple times. This in turn meant that the same\nProcessor could be used for concurrent requests. Sharing a Processor\ncan result in information leakage between requests including, not\nlimited to, session ID and the response body.\n\nIn addition this update also addresses a regression when running\nTomcat 7 with SecurityManager enabled due to an incomplete fix for\nCVE-2016-6816.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n7.0.28-4+deb7u9.\n\nWe recommend that you upgrade your tomcat7 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/01/msg00011.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/tomcat7\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libservlet3.0-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libservlet3.0-java-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libtomcat7-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat7-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat7-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat7-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat7-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat7-user\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libservlet3.0-java\", reference:\"7.0.28-4+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libservlet3.0-java-doc\", reference:\"7.0.28-4+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libtomcat7-java\", reference:\"7.0.28-4+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat7\", reference:\"7.0.28-4+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat7-admin\", reference:\"7.0.28-4+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat7-common\", reference:\"7.0.28-4+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat7-docs\", reference:\"7.0.28-4+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat7-examples\", reference:\"7.0.28-4+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat7-user\", reference:\"7.0.28-4+deb7u9\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-31T14:22:53", "description": "An update for tomcat is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request error when request contains characters that are not permitted by the HTTP specification to appear not encoded, even though they were previously accepted. The newly introduced system property tomcat.util.http.parser.HttpParser.requestTargetAllow can be used to configure Tomcat to accept curly braces ({ and }) and the pipe symbol (|) in not encoded form, as these are often used in URLs without being properly encoded.\n\n* A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-04-13T00:00:00", "type": "nessus", "title": "RHEL 7 : tomcat (RHSA-2017:0935)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816", "CVE-2016-8745"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:tomcat", "p-cpe:/a:redhat:enterprise_linux:tomcat-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat-docs-webapp", "p-cpe:/a:redhat:enterprise_linux:tomcat-el-2.2-api", "p-cpe:/a:redhat:enterprise_linux:tomcat-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat-jsp-2.2-api", "p-cpe:/a:redhat:enterprise_linux:tomcat-jsvc", "p-cpe:/a:redhat:enterprise_linux:tomcat-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat-servlet-3.0-api", "p-cpe:/a:redhat:enterprise_linux:tomcat-webapps", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2017-0935.NASL", "href": "https://www.tenable.com/plugins/nessus/99348", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:0935. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99348);\n script_version(\"3.12\");\n script_cvs_date(\"Date: 2019/10/24 15:35:42\");\n\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-8745\");\n script_xref(name:\"RHSA\", value:\"2017:0935\");\n\n script_name(english:\"RHEL 7 : tomcat (RHSA-2017:0935)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for tomcat is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* It was discovered that the code that parsed the HTTP request line\npermitted invalid characters. This could be exploited, in conjunction\nwith a proxy that also permitted the invalid characters but with a\ndifferent interpretation, to inject data into the HTTP response. By\nmanipulating the HTTP response the attacker could poison a web-cache,\nperform an XSS attack, or obtain sensitive information from requests\nother then their own. (CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request\nerror when request contains characters that are not permitted by the\nHTTP specification to appear not encoded, even though they were\npreviously accepted. The newly introduced system property\ntomcat.util.http.parser.HttpParser.requestTargetAllow can be used to\nconfigure Tomcat to accept curly braces ({ and }) and the pipe symbol\n(|) in not encoded form, as these are often used in URLs without being\nproperly encoded.\n\n* A bug was discovered in the error handling of the send file code for\nthe NIO HTTP connector. This led to the current Processor object being\nadded to the Processor cache multiple times allowing information\nleakage between requests including, and not limited to, session ID and\nthe response body. (CVE-2016-8745)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:0935\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6816\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-8745\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:0935\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-7.0.69-11.el7_3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-admin-webapps-7.0.69-11.el7_3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-docs-webapp-7.0.69-11.el7_3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-el-2.2-api-7.0.69-11.el7_3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-javadoc-7.0.69-11.el7_3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-jsp-2.2-api-7.0.69-11.el7_3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-jsvc-7.0.69-11.el7_3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-lib-7.0.69-11.el7_3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-servlet-3.0-api-7.0.69-11.el7_3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-webapps-7.0.69-11.el7_3\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-31T14:23:25", "description": "According to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response.\n By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)\n\n - A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-05-03T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : tomcat (EulerOS-SA-2017-1082)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816", "CVE-2016-8745"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:tomcat", "p-cpe:/a:huawei:euleros:tomcat-admin-webapps", "p-cpe:/a:huawei:euleros:tomcat-el-2.2-api", "p-cpe:/a:huawei:euleros:tomcat-jsp-2.2-api", "p-cpe:/a:huawei:euleros:tomcat-lib", "p-cpe:/a:huawei:euleros:tomcat-servlet-3.0-api", "p-cpe:/a:huawei:euleros:tomcat-webapps", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1082.NASL", "href": "https://www.tenable.com/plugins/nessus/99948", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99948);\n script_version(\"3.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-6816\",\n \"CVE-2016-8745\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : tomcat (EulerOS-SA-2017-1082)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the tomcat packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - It was discovered that the code that parsed the HTTP\n request line permitted invalid characters. This could\n be exploited, in conjunction with a proxy that also\n permitted the invalid characters but with a different\n interpretation, to inject data into the HTTP response.\n By manipulating the HTTP response the attacker could\n poison a web-cache, perform an XSS attack, or obtain\n sensitive information from requests other then their\n own. (CVE-2016-6816)\n\n - A bug was discovered in the error handling of the send\n file code for the NIO HTTP connector. This led to the\n current Processor object being added to the Processor\n cache multiple times allowing information leakage\n between requests including, and not limited to, session\n ID and the response body. (CVE-2016-8745)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1082\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0f998546\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected tomcat packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"tomcat-7.0.69-11\",\n \"tomcat-admin-webapps-7.0.69-11\",\n \"tomcat-el-2.2-api-7.0.69-11\",\n \"tomcat-jsp-2.2-api-7.0.69-11\",\n \"tomcat-lib-7.0.69-11\",\n \"tomcat-servlet-3.0-api-7.0.69-11\",\n \"tomcat-webapps-7.0.69-11\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-31T14:21:27", "description": "An update for tomcat6 is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request error when request contains characters that are not permitted by the HTTP specification to appear not encoded, even though they were previously accepted. The newly introduced system property tomcat.util.http.parser.HttpParser.requestTargetAllow can be used to configure Tomcat to accept curly braces ({ and }) and the pipe symbol (|) in not encoded form, as these are often used in URLs without being properly encoded.\n\n* A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-03-16T00:00:00", "type": "nessus", "title": "RHEL 6 : tomcat6 (RHSA-2017:0527)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816", "CVE-2016-8745"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:tomcat6", "p-cpe:/a:redhat:enterprise_linux:tomcat6-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat6-docs-webapp", "p-cpe:/a:redhat:enterprise_linux:tomcat6-el-2.1-api", "p-cpe:/a:redhat:enterprise_linux:tomcat6-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat6-jsp-2.1-api", "p-cpe:/a:redhat:enterprise_linux:tomcat6-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat6-servlet-2.5-api", "p-cpe:/a:redhat:enterprise_linux:tomcat6-webapps", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2017-0527.NASL", "href": "https://www.tenable.com/plugins/nessus/97767", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:0527. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97767);\n script_version(\"3.15\");\n script_cvs_date(\"Date: 2019/10/24 15:35:42\");\n\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-8745\");\n script_xref(name:\"RHSA\", value:\"2017:0527\");\n\n script_name(english:\"RHEL 6 : tomcat6 (RHSA-2017:0527)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for tomcat6 is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* It was discovered that the code that parsed the HTTP request line\npermitted invalid characters. This could be exploited, in conjunction\nwith a proxy that also permitted the invalid characters but with a\ndifferent interpretation, to inject data into the HTTP response. By\nmanipulating the HTTP response the attacker could poison a web-cache,\nperform an XSS attack, or obtain sensitive information from requests\nother then their own. (CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request\nerror when request contains characters that are not permitted by the\nHTTP specification to appear not encoded, even though they were\npreviously accepted. The newly introduced system property\ntomcat.util.http.parser.HttpParser.requestTargetAllow can be used to\nconfigure Tomcat to accept curly braces ({ and }) and the pipe symbol\n(|) in not encoded form, as these are often used in URLs without being\nproperly encoded.\n\n* A bug was discovered in the error handling of the send file code for\nthe NIO HTTP connector. This led to the current Processor object being\nadded to the Processor cache multiple times allowing information\nleakage between requests including, and not limited to, session ID and\nthe response body. (CVE-2016-8745)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:0527\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6816\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-8745\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:0527\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-6.0.24-105.el6_8\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-admin-webapps-6.0.24-105.el6_8\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-docs-webapp-6.0.24-105.el6_8\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-el-2.1-api-6.0.24-105.el6_8\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-javadoc-6.0.24-105.el6_8\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-jsp-2.1-api-6.0.24-105.el6_8\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-lib-6.0.24-105.el6_8\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-servlet-2.5-api-6.0.24-105.el6_8\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-webapps-6.0.24-105.el6_8\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-17T23:29:05", "description": "According to its self-reported version number, the Apache Tomcat service running on the remote host is 7.0.x prior to 7.0.75. It is therefore, affected by an information disclosure vulnerability in error handling during send file processing by the NIO HTTP connector, in which an error can cause the current Processor object to be added to the Processor cache multiple times. This allows the same Processor to be used for concurrent requests. An unauthenticated, remote attacker can exploit this issue, via a shared Processor, to disclose sensitive information, such as session IDs, response bodies related to another request, etc.\n\nNote that Nessus Network Monitor has not attempted to exploit this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-05-13T00:00:00", "type": "nessus", "title": "Apache Tomcat 7.0.x < 7.0.75 NIO HTTP Connector Information Disclosure", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-8745"], "modified": "2019-05-13T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "700671.PASL", "href": "https://www.tenable.com/plugins/nnm/700671", "sourceData": "Binary data 700671.pasl", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-17T23:24:41", "description": "According to its self-reported version number, the Apache Tomcat service running on the remote host is 7.0.x prior to 7.0.75. It is therefore, affected by an information disclosure vulnerability in error handling during send file processing by the NIO HTTP connector, in which an error can cause the current Processor object to be added to the Processor cache multiple times. This allows the same Processor to be used for concurrent requests. An unauthenticated, remote attacker can exploit this issue, via a shared Processor, to disclose sensitive information, such as session IDs, response bodies related to another request, etc.\n\nNote that Nessus Network Monitor has not attempted to exploit this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-05-10T00:00:00", "type": "nessus", "title": "Apache Tomcat 6.0.x < 6.0.50 NIO HTTP Connector Information Disclosure", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-8745"], "modified": "2019-05-10T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "700669.PASL", "href": "https://www.tenable.com/plugins/nnm/700669", "sourceData": "Binary data 700669.pasl", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T15:05:15", "description": "According to its self-reported version number, the Apache Tomcat service running on the remote host is 8.0.x prior to 8.0.41. It is therefore, affected by an information disclosure vulnerability in error handling during send file processing by the NIO HTTP connector, in which an error can cause the current Processor object to be added to the Processor cache multiple times. This allows the same Processor to be used for concurrent requests. An unauthenticated, remote attacker can exploit this issue, via a shared Processor, to disclose sensitive information, such as session IDs, response bodies related to another request, etc.\n\nNote that Nessus Network Monitor has not attempted to exploit this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-05-10T00:00:00", "type": "nessus", "title": "Apache Tomcat 8.0.x < 8.0.41 NIO HTTP Connector Information Disclosure", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-8745"], "modified": "2019-05-10T00:00:00", "cpe": ["cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*"], "id": "700683.PASL", "href": "https://www.tenable.com/plugins/nnm/700683", "sourceData": "Binary data 700683.pasl", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-31T14:19:27", "description": "A bug in the error handling of the send file code for the NIO HTTP connector resulted in the current Processor object being added to the Processor cache multiple times. This in turn meant that the same Processor could be used for concurrent requests. Sharing a Processor can result in information leakage between requests including, not not limited to, session ID and the response body.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-02-15T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : tomcat7 / tomcat8 (ALAS-2017-796)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-8745"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:tomcat7", "p-cpe:/a:amazon:linux:tomcat7-admin-webapps", "p-cpe:/a:amazon:linux:tomcat7-docs-webapp", "p-cpe:/a:amazon:linux:tomcat7-el-2.2-api", "p-cpe:/a:amazon:linux:tomcat7-javadoc", "p-cpe:/a:amazon:linux:tomcat7-jsp-2.2-api", "p-cpe:/a:amazon:linux:tomcat7-lib", "p-cpe:/a:amazon:linux:tomcat7-log4j", "p-cpe:/a:amazon:linux:tomcat7-servlet-3.0-api", "p-cpe:/a:amazon:linux:tomcat7-webapps", "p-cpe:/a:amazon:linux:tomcat8", "p-cpe:/a:amazon:linux:tomcat8-admin-webapps", "p-cpe:/a:amazon:linux:tomcat8-docs-webapp", "p-cpe:/a:amazon:linux:tomcat8-el-3.0-api", "p-cpe:/a:amazon:linux:tomcat8-javadoc", "p-cpe:/a:amazon:linux:tomcat8-jsp-2.3-api", "p-cpe:/a:amazon:linux:tomcat8-lib", "p-cpe:/a:amazon:linux:tomcat8-log4j", "p-cpe:/a:amazon:linux:tomcat8-servlet-3.1-api", "p-cpe:/a:amazon:linux:tomcat8-webapps", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2017-796.NASL", "href": "https://www.tenable.com/plugins/nessus/97146", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2017-796.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97146);\n script_version(\"3.7\");\n script_cvs_date(\"Date: 2018/04/18 15:09:36\");\n\n script_cve_id(\"CVE-2016-8745\");\n script_xref(name:\"ALAS\", value:\"2017-796\");\n\n script_name(english:\"Amazon Linux AMI : tomcat7 / tomcat8 (ALAS-2017-796)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A bug in the error handling of the send file code for the NIO HTTP\nconnector resulted in the current Processor object being added to the\nProcessor cache multiple times. This in turn meant that the same\nProcessor could be used for concurrent requests. Sharing a Processor\ncan result in information leakage between requests including, not not\nlimited to, session ID and the response body.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2017-796.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Run 'yum update tomcat7' to update your system.\n\nRun 'yum update tomcat8' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-el-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-jsp-2.3-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-servlet-3.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-7.0.75-1.25.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-admin-webapps-7.0.75-1.25.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-docs-webapp-7.0.75-1.25.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-el-2.2-api-7.0.75-1.25.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-javadoc-7.0.75-1.25.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-jsp-2.2-api-7.0.75-1.25.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-lib-7.0.75-1.25.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-log4j-7.0.75-1.25.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-servlet-3.0-api-7.0.75-1.25.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-webapps-7.0.75-1.25.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-8.0.41-1.69.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-admin-webapps-8.0.41-1.69.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-docs-webapp-8.0.41-1.69.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-el-3.0-api-8.0.41-1.69.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-javadoc-8.0.41-1.69.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-jsp-2.3-api-8.0.41-1.69.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-lib-8.0.41-1.69.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-log4j-8.0.41-1.69.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-servlet-3.1-api-8.0.41-1.69.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-webapps-8.0.41-1.69.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat7 / tomcat7-admin-webapps / tomcat7-docs-webapp / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-31T14:17:58", "description": "It was discovered that incorrect error handling in the NIO HTTP connector of the Tomcat servlet and JSP engine could result in information disclosure.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-01-10T00:00:00", "type": "nessus", "title": "Debian DSA-3755-1 : tomcat8 - security update", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-8745"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:tomcat8", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3755.NASL", "href": "https://www.tenable.com/plugins/nessus/96345", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3755. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96345);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-8745\");\n script_xref(name:\"DSA\", value:\"3755\");\n\n script_name(english:\"Debian DSA-3755-1 : tomcat8 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that incorrect error handling in the NIO HTTP\nconnector of the Tomcat servlet and JSP engine could result in\ninformation disclosure.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/tomcat8\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-3755\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the tomcat8 packages.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 8.0.14-1+deb8u6.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libservlet3.1-java\", reference:\"8.0.14-1+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libservlet3.1-java-doc\", reference:\"8.0.14-1+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libtomcat8-java\", reference:\"8.0.14-1+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat8\", reference:\"8.0.14-1+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat8-admin\", reference:\"8.0.14-1+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat8-common\", reference:\"8.0.14-1+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat8-docs\", reference:\"8.0.14-1+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat8-examples\", reference:\"8.0.14-1+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat8-user\", reference:\"8.0.14-1+deb8u6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-31T14:17:58", "description": "The Apache Software Foundation reports :\n\nImportant: Information Disclosure CVE-2016-8745", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-01-10T00:00:00", "type": "nessus", "title": "FreeBSD : tomcat -- information disclosure vulnerability (e5ec2767-d529-11e6-ae1b-002590263bf5)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-8745"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:tomcat", "p-cpe:/a:freebsd:freebsd:tomcat7", "p-cpe:/a:freebsd:freebsd:tomcat8", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_E5EC2767D52911E6AE1B002590263BF5.NASL", "href": "https://www.tenable.com/plugins/nessus/96372", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96372);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-8745\");\n\n script_name(english:\"FreeBSD : tomcat -- information disclosure vulnerability (e5ec2767-d529-11e6-ae1b-002590263bf5)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Apache Software Foundation reports :\n\nImportant: Information Disclosure CVE-2016-8745\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=215865\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.49\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.74\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.40\"\n );\n # https://vuxml.freebsd.org/freebsd/e5ec2767-d529-11e6-ae1b-002590263bf5.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8ac12fe7\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tomcat8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"tomcat<6.0.49\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"tomcat7<7.0.74\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"tomcat8<8.0.40\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-31T14:17:39", "description": "It was discovered that incorrect error handling in the NIO HTTP connector of the Tomcat servlet and JSP engine could result in information disclosure.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-01-10T00:00:00", "type": "nessus", "title": "Debian DSA-3754-1 : tomcat7 - security update", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-8745"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:tomcat7", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3754.NASL", "href": "https://www.tenable.com/plugins/nessus/96344", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3754. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96344);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-8745\");\n script_xref(name:\"DSA\", value:\"3754\");\n\n script_name(english:\"Debian DSA-3754-1 : tomcat7 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that incorrect error handling in the NIO HTTP\nconnector of the Tomcat servlet and JSP engine could result in\ninformation disclosure.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/tomcat7\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-3754\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the tomcat7 packages.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 7.0.56-3+deb8u7.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libservlet3.0-java\", reference:\"7.0.56-3+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libservlet3.0-java-doc\", reference:\"7.0.56-3+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libtomcat7-java\", reference:\"7.0.56-3+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat7\", reference:\"7.0.56-3+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat7-admin\", reference:\"7.0.56-3+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat7-common\", reference:\"7.0.56-3+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat7-docs\", reference:\"7.0.56-3+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat7-examples\", reference:\"7.0.56-3+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat7-user\", reference:\"7.0.56-3+deb8u7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-02T14:48:56", "description": "Security fix for CVE-2016-8745\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-02-23T00:00:00", "type": "nessus", "title": "Fedora 25 : 1:tomcat (2017-376ae2b92c)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-8745"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:tomcat", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2017-376AE2B92C.NASL", "href": "https://www.tenable.com/plugins/nessus/97337", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-376ae2b92c.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97337);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-8745\");\n script_xref(name:\"FEDORA\", value:\"2017-376ae2b92c\");\n\n script_name(english:\"Fedora 25 : 1:tomcat (2017-376ae2b92c)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2016-8745\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-376ae2b92c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 1:tomcat package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"tomcat-8.0.41-1.fc25\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:tomcat\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-31T14:20:44", "description": "Security fix for CVE-2016-8745\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-03-02T00:00:00", "type": "nessus", "title": "Fedora 24 : 1:tomcat (2017-19c5440abe)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-8745"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:tomcat", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2017-19C5440ABE.NASL", "href": "https://www.tenable.com/plugins/nessus/97481", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-19c5440abe.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97481);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-8745\");\n script_xref(name:\"FEDORA\", value:\"2017-19c5440abe\");\n\n script_name(english:\"Fedora 24 : 1:tomcat (2017-19c5440abe)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2016-8745\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-19c5440abe\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 1:tomcat package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"tomcat-8.0.41-1.fc24\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:tomcat\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-06-01T16:39:44", "description": "According to its self-reported version number, the Apache Tomcat service running on the remote host is 6.0.16 prior to 6.0.50, 7.0.x prior to 7.0.75, 8.0.x prior to 8.0.41, 8.5.x prior to 8.5.9, or 9.0.x prior to 9.0.0.M15. It is therefore, affected by an information disclosure vulnerability in error handling during send file processing by the NIO HTTP connector, in which an error can cause the current Processor object to be added to the Processor cache multiple times. This allows the same Processor to be used for concurrent requests. An unauthenticated, remote attacker can exploit this issue, via a shared Processor, to disclose sensitive information, such as session IDs, response bodies related to another request, etc.\n\nNote that Nessus has not attempted to exploit this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2016-12-21T00:00:00", "type": "nessus", "title": "Apache Tomcat 6.0.16 < 6.0.50 / 7.0.x < 7.0.75 / 8.0.x < 8.0.41 / 8.5.x < 8.5.9 / 9.0.x < 9.0.0.M15 NIO HTTP Connector Information Disclosure", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8745"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_8_5_9.NASL", "href": "https://www.tenable.com/plugins/nessus/96003", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96003);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2016-8745\");\n script_bugtraq_id(94828);\n\n script_name(english:\"Apache Tomcat 6.0.16 < 6.0.50 / 7.0.x < 7.0.75 / 8.0.x < 8.0.41 / 8.5.x < 8.5.9 / 9.0.x < 9.0.0.M15 NIO HTTP Connector Information Disclosure\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apache Tomcat server is affected by an information\ndisclosure vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the Apache Tomcat\nservice running on the remote host is 6.0.16 prior to 6.0.50, 7.0.x\nprior to 7.0.75, 8.0.x prior to 8.0.41, 8.5.x prior to 8.5.9, or \n9.0.x prior to 9.0.0.M15. It is therefore, affected by an information \ndisclosure vulnerability in error handling during send file processing \nby the NIO HTTP connector, in which an error can cause the current \nProcessor object to be added to the Processor cache multiple times. \nThis allows the same Processor to be used for concurrent requests. \nAn unauthenticated, remote attacker can exploit this issue, via a \nshared Processor, to disclose sensitive information, such as session \nIDs, response bodies related to another request, etc.\n\nNote that Nessus has not attempted to exploit this issue but has\ninstead relied only on the application's self-reported version number.\");\n # https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.0.M15\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3a06fd01\");\n script_set_attribute(attribute:\"see_also\", value:\"https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.9\");\n script_set_attribute(attribute:\"see_also\", value:\"http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.41\");\n script_set_attribute(attribute:\"see_also\", value:\"http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.75\");\n script_set_attribute(attribute:\"see_also\", value:\"http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.50\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Tomcat version 6.0.50 / 7.0.75 / 8.0.41 / 8.5.9 / \n9.0.0.M15 or later. For the 6.0.x version branch, the vulnerability \nwas fixed in 6.0.49; however, that release candidate was not approved, \nand 6.0.50 is still pending release.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-8745\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n\n exit(0);\n}\n\ninclude(\"tomcat_version.inc\");\ntomcat_check_version(fixed:make_list(\"6.0.50\", \"7.0.75\", \"8.0.41\", \"8.5.9\", \"9.0.0.M15\"), severity:SECURITY_WARNING, granularity_regex:\"^(6(\\.0)?(\\.([0-9]|[0-1][0-5]))?|7(\\.0)?|8(\\.(0|5))?|9(\\.0)?)$\");\n\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-17T15:20:18", "description": "According to its self-reported version number, the Apache Tomcat service running on the remote host is 8.5.x prior to 8.5.9, or 9.0.x prior to 9.0.0.M15. It is therefore, affected by an information disclosure vulnerability in error handling during send file processing by the NIO HTTP connector, in which an error can cause the current Processor object to be added to the Processor cache multiple times. This allows the same Processor to be used for concurrent requests. An unauthenticated, remote attacker can exploit this issue, via a shared Processor, to disclose sensitive information, such as session IDs, response bodies related to another request, etc.\n\nNote that Nessus Network Monitor has not attempted to exploit this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-01-25T00:00:00", "type": "nessus", "title": "Apache Tomcat 8.5.x < 8.5.9 / 9.x < 9.0.0.M15 NIO HTTP Connector Information Disclosure", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-8745"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "9909.PASL", "href": "https://www.tenable.com/plugins/nnm/9909", "sourceData": "Binary data 9909.pasl", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-31T14:19:54", "description": "The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own.\n(CVE-2016-6816)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 7.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.7}, "published": "2017-02-28T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : Apache Tomcat vulnerability (K50116122)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816"], "modified": "2019-01-04T00:00:00", "cpe": ["cpe:/a:f5:big-ip_access_policy_manager", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_webaccelerator", "cpe:/h:f5:big-ip", "cpe:/h:f5:big-ip_protocol_security_manager"], "id": "F5_BIGIP_SOL50116122.NASL", "href": "https://www.tenable.com/plugins/nessus/97423", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K50116122.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97423);\n script_version(\"3.6\");\n script_cvs_date(\"Date: 2019/01/04 10:03:40\");\n\n script_cve_id(\"CVE-2016-6816\");\n\n script_name(english:\"F5 Networks BIG-IP : Apache Tomcat vulnerability (K50116122)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6,\n8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed\nthe HTTP request line permitted invalid characters. This could be\nexploited, in conjunction with a proxy that also permitted the invalid\ncharacters but with a different interpretation, to inject data into\nthe HTTP response. By manipulating the HTTP response the attacker\ncould poison a web-cache, perform an XSS attack and/or obtain\nsensitive information from requests other then their own.\n(CVE-2016-6816)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K50116122\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://tools.ietf.org/html/rfc7230#section-9.5\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K50116122.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K50116122\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"12.0.0-12.1.2\",\"11.4.0-11.6.1\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"13.0.0\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"12.0.0-12.1.2\",\"11.4.0-11.6.1\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"13.0.0\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"12.0.0-12.1.2\",\"11.4.0-11.6.1\",\"11.2.1\",\"10.2.1-10.2.4\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"13.0.0\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"12.0.0-12.1.2\",\"11.4.0-11.6.1\",\"11.2.1\",\"10.2.1-10.2.4\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"13.0.0\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"12.0.0-12.1.2\",\"11.4.0-11.6.1\",\"11.2.1\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"13.0.0\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"12.0.0-12.1.2\",\"11.4.0-11.6.1\",\"11.2.1\",\"10.2.1-10.2.4\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"13.0.0\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"12.0.0-12.1.2\",\"11.4.0-11.6.1\",\"11.2.1\",\"10.2.1-10.2.4\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"13.0.0\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"12.0.0-12.1.2\",\"11.4.0-11.6.1\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"13.0.0\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n set_kb_item(name:'www/0/XSS', value:TRUE);\n if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-11T15:18:01", "description": "The remote NewStart CGSL host, running version MAIN 4.05, has tomcat6 packages installed that are affected by multiple vulnerabilities:\n\n - It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response.\n By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)\n\n - A vulnerability was discovered in Tomcat's handling of pipelined requests when Sendfile was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. (CVE-2017-5647)\n\n - A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page. (CVE-2017-5664)\n\n - A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)\n\n - A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution.\n (CVE-2017-12617, CVE-2017-12615)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "NewStart CGSL MAIN 4.05 : tomcat6 Multiple Vulnerabilities (NS-SA-2019-0117)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816", "CVE-2016-8745", "CVE-2017-12615", "CVE-2017-12617", "CVE-2017-5647", "CVE-2017-5664"], "modified": "2023-02-10T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0117_TOMCAT6.NASL", "href": "https://www.tenable.com/plugins/nessus/127359", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0117. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127359);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/10\");\n\n script_cve_id(\n \"CVE-2016-6816\",\n \"CVE-2016-8745\",\n \"CVE-2017-5647\",\n \"CVE-2017-5664\",\n \"CVE-2017-12615\",\n \"CVE-2017-12617\"\n );\n script_bugtraq_id(98888);\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/15\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0240\");\n\n script_name(english:\"NewStart CGSL MAIN 4.05 : tomcat6 Multiple Vulnerabilities (NS-SA-2019-0117)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 4.05, has tomcat6 packages installed that are affected by multiple\nvulnerabilities:\n\n - It was discovered that the code that parsed the HTTP\n request line permitted invalid characters. This could be\n exploited, in conjunction with a proxy that also\n permitted the invalid characters but with a different\n interpretation, to inject data into the HTTP response.\n By manipulating the HTTP response the attacker could\n poison a web-cache, perform an XSS attack, or obtain\n sensitive information from requests other then their\n own. (CVE-2016-6816)\n\n - A vulnerability was discovered in Tomcat's handling of\n pipelined requests when Sendfile was used. If sendfile\n processing completed quickly, it was possible for the\n Processor to be added to the processor cache twice. This\n could lead to invalid responses or information\n disclosure. (CVE-2017-5647)\n\n - A vulnerability was discovered in the error page\n mechanism in Tomcat's DefaultServlet implementation. A\n crafted HTTP request could cause undesired side effects,\n possibly including the removal or replacement of the\n custom error page. (CVE-2017-5664)\n\n - A bug was discovered in the error handling of the send\n file code for the NIO HTTP connector. This led to the\n current Processor object being added to the Processor\n cache multiple times allowing information leakage\n between requests including, and not limited to, session\n ID and the response body. (CVE-2016-8745)\n\n - A vulnerability was discovered in Tomcat where if a\n servlet context was configured with readonly=false and\n HTTP PUT requests were allowed, an attacker could upload\n a JSP file to that context and achieve code execution.\n (CVE-2017-12617, CVE-2017-12615)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0117\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL tomcat6 packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-12617\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Apache Tomcat for Windows HTTP PUT Method File Upload\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Tomcat RCE via JSP Upload Bypass');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL MAIN 4.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 4.05');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL MAIN 4.05\": [\n \"tomcat6-6.0.24-111.el6_9\",\n \"tomcat6-el-2.1-api-6.0.24-111.el6_9\",\n \"tomcat6-jsp-2.1-api-6.0.24-111.el6_9\",\n \"tomcat6-lib-6.0.24-111.el6_9\",\n \"tomcat6-servlet-2.5-api-6.0.24-111.el6_9\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T15:05:17", "description": "According to its self-reported version number, the Apache Tomcat service running on the remote host is 6.0.x prior to 6.0.48, 7.0.x prior to 7.0.73, 8.0.x prior to 8.0.39. It is, therefore, affected by multiple vulnerabilities:\n\n - A flaw exists that is triggered when handling request lines containing certain invalid characters. An unauthenticated, remote attacker can exploit this, by injecting additional headers into responses, to conduct HTTP response splitting attacks. (CVE-2016-6816)\n\n - A remote code execution vulnerability exists in the JMX listener in JmxRemoteLifecycleListener.java due to improper deserialization of Java objects. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-8735)\n\nNote that Nessus Network Monitor has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-05-10T00:00:00", "type": "nessus", "title": "Apache Tomcat 6.0.x < 6.0.48 / 7.0.x < 7.0.73 / 8.0.x < 8.0.39 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816", "CVE-2016-8735"], "modified": "2019-05-10T00:00:00", "cpe": ["cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*"], "id": "700668.PASL", "href": "https://www.tenable.com/plugins/nnm/700668", "sourceData": "Binary data 700668.pasl", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-01T16:40:40", "description": "CVE-2016-6816 tomcat: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests\n\nCVE-2016-8735 tomcat: Remote code execution vulnerability in JmxRemoteLifecycleListener", "cvss3": {}, "published": "2016-12-16T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : tomcat6 (ALAS-2016-776)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-8735"], "modified": "2019-04-11T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:tomcat6", "p-cpe:/a:amazon:linux:tomcat6-admin-webapps", "p-cpe:/a:amazon:linux:tomcat6-docs-webapp", "p-cpe:/a:amazon:linux:tomcat6-el-2.1-api", "p-cpe:/a:amazon:linux:tomcat6-javadoc", "p-cpe:/a:amazon:linux:tomcat6-jsp-2.1-api", "p-cpe:/a:amazon:linux:tomcat6-lib", "p-cpe:/a:amazon:linux:tomcat6-servlet-2.5-api", "p-cpe:/a:amazon:linux:tomcat6-webapps", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2016-776.NASL", "href": "https://www.tenable.com/plugins/nessus/95896", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2016-776.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95896);\n script_version(\"3.8\");\n script_cvs_date(\"Date: 2019/04/11 17:23:06\");\n\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-8735\");\n script_xref(name:\"ALAS\", value:\"2016-776\");\n\n script_name(english:\"Amazon Linux AMI : tomcat6 (ALAS-2016-776)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2016-6816 tomcat: HTTP Request smuggling vulnerability due to\npermitting invalid character in HTTP requests\n\nCVE-2016-8735 tomcat: Remote code execution vulnerability in\nJmxRemoteLifecycleListener\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2016-776.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update tomcat6' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-6.0.48-1.8.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-admin-webapps-6.0.48-1.8.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-docs-webapp-6.0.48-1.8.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-el-2.1-api-6.0.48-1.8.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-javadoc-6.0.48-1.8.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-jsp-2.1-api-6.0.48-1.8.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-lib-6.0.48-1.8.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-servlet-2.5-api-6.0.48-1.8.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-webapps-6.0.48-1.8.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-13T15:49:57", "description": "CVE-2016-6816 tomcat: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests\n\nCVE-2016-8735 tomcat: Remote code execution vulnerability in JmxRemoteLifecycleListener", "cvss3": {}, "published": "2016-12-16T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : tomcat7 (ALAS-2016-777)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-8735"], "modified": "2019-04-11T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:tomcat7", "p-cpe:/a:amazon:linux:tomcat7-admin-webapps", "p-cpe:/a:amazon:linux:tomcat7-docs-webapp", "p-cpe:/a:amazon:linux:tomcat7-el-2.2-api", "p-cpe:/a:amazon:linux:tomcat7-javadoc", "p-cpe:/a:amazon:linux:tomcat7-jsp-2.2-api", "p-cpe:/a:amazon:linux:tomcat7-lib", "p-cpe:/a:amazon:linux:tomcat7-log4j", "p-cpe:/a:amazon:linux:tomcat7-servlet-3.0-api", "p-cpe:/a:amazon:linux:tomcat7-webapps", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2016-777.NASL", "href": "https://www.tenable.com/plugins/nessus/95897", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2016-777.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95897);\n script_version(\"3.8\");\n script_cvs_date(\"Date: 2019/04/11 17:23:06\");\n\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-8735\");\n script_xref(name:\"ALAS\", value:\"2016-777\");\n\n script_name(english:\"Amazon Linux AMI : tomcat7 (ALAS-2016-777)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2016-6816 tomcat: HTTP Request smuggling vulnerability due to\npermitting invalid character in HTTP requests\n\nCVE-2016-8735 tomcat: Remote code execution vulnerability in\nJmxRemoteLifecycleListener\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2016-777.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update tomcat7' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-7.0.73-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-admin-webapps-7.0.73-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-docs-webapp-7.0.73-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-el-2.2-api-7.0.73-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-javadoc-7.0.73-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-jsp-2.2-api-7.0.73-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-lib-7.0.73-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-log4j-7.0.73-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-servlet-3.0-api-7.0.73-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-webapps-7.0.73-1.23.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat7 / tomcat7-admin-webapps / tomcat7-docs-webapp / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T16:12:12", "description": "CVE-2016-6816 tomcat: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests\n\nCVE-2016-8735 tomcat: Remote code execution vulnerability in JmxRemoteLifecycleListener", "cvss3": {}, "published": "2016-12-16T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : tomcat8 (ALAS-2016-778)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-8735"], "modified": "2019-04-11T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:tomcat8", "p-cpe:/a:amazon:linux:tomcat8-admin-webapps", "p-cpe:/a:amazon:linux:tomcat8-docs-webapp", "p-cpe:/a:amazon:linux:tomcat8-el-3.0-api", "p-cpe:/a:amazon:linux:tomcat8-javadoc", "p-cpe:/a:amazon:linux:tomcat8-jsp-2.3-api", "p-cpe:/a:amazon:linux:tomcat8-lib", "p-cpe:/a:amazon:linux:tomcat8-log4j", "p-cpe:/a:amazon:linux:tomcat8-servlet-3.1-api", "p-cpe:/a:amazon:linux:tomcat8-webapps", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2016-778.NASL", "href": "https://www.tenable.com/plugins/nessus/95898", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2016-778.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95898);\n script_version(\"3.8\");\n script_cvs_date(\"Date: 2019/04/11 17:23:06\");\n\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-8735\");\n script_xref(name:\"ALAS\", value:\"2016-778\");\n\n script_name(english:\"Amazon Linux AMI : tomcat8 (ALAS-2016-778)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2016-6816 tomcat: HTTP Request smuggling vulnerability due to\npermitting invalid character in HTTP requests\n\nCVE-2016-8735 tomcat: Remote code execution vulnerability in\nJmxRemoteLifecycleListener\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2016-778.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update tomcat8' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-el-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-jsp-2.3-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-servlet-3.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-8.0.39-1.67.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-admin-webapps-8.0.39-1.67.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-docs-webapp-8.0.39-1.67.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-el-3.0-api-8.0.39-1.67.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-javadoc-8.0.39-1.67.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-jsp-2.3-api-8.0.39-1.67.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-lib-8.0.39-1.67.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-log4j-8.0.39-1.67.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-servlet-3.1-api-8.0.39-1.67.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-webapps-8.0.39-1.67.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat8 / tomcat8-admin-webapps / tomcat8-docs-webapp / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:18:31", "description": "The Apache Software Foundation reports :\n\nImportant: Remote Code Execution CVE-2016-8735\n\nImportant: Information Disclosure CVE-2016-6816", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-01-10T00:00:00", "type": "nessus", "title": "FreeBSD : tomcat -- multiple vulnerabilities (0b9af110-d529-11e6-ae1b-002590263bf5)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816", "CVE-2016-8735"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:tomcat", "p-cpe:/a:freebsd:freebsd:tomcat7", "p-cpe:/a:freebsd:freebsd:tomcat8", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_0B9AF110D52911E6AE1B002590263BF5.NASL", "href": "https://www.tenable.com/plugins/nessus/96364", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96364);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-8735\");\n\n script_name(english:\"FreeBSD : tomcat -- multiple vulnerabilities (0b9af110-d529-11e6-ae1b-002590263bf5)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Apache Software Foundation reports :\n\nImportant: Remote Code Execution CVE-2016-8735\n\nImportant: Information Disclosure CVE-2016-6816\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214599\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39\"\n );\n # https://vuxml.freebsd.org/freebsd/0b9af110-d529-11e6-ae1b-002590263bf5.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1f94679a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tomcat8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"tomcat<6.0.48\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"tomcat7<7.0.73\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"tomcat8<8.0.39\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:26:23", "description": "This update for tomcat fixes the following issues :\n\n - CVE-2017-5647 Pipelined requests could lead to information disclosure (bsc#1033448)\n\n - CVE-2017-5648 Untrusted application could retain listener leading to information disclosure (bsc#1033447)\n\n - CVE-2016-8745 shared Processor on Connector code could lead to information disclosure (bsc#1015119)\n\nThis update was imported from the SUSE:SLE-12-SP1:Update and SUSE:SLE-12-SP2:Update update projects.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2017-05-16T00:00:00", "type": "nessus", "title": "openSUSE Security Update : tomcat (openSUSE-2017-586)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-8745", "CVE-2017-5647", "CVE-2017-5648"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:tomcat", "p-cpe:/a:novell:opensuse:tomcat-admin-webapps", "p-cpe:/a:novell:opensuse:tomcat-docs-webapp", "p-cpe:/a:novell:opensuse:tomcat-el-3_0-api", "p-cpe:/a:novell:opensuse:tomcat-embed", "p-cpe:/a:novell:opensuse:tomcat-javadoc", "p-cpe:/a:novell:opensuse:tomcat-jsp-2_3-api", "p-cpe:/a:novell:opensuse:tomcat-jsvc", "p-cpe:/a:novell:opensuse:tomcat-lib", "p-cpe:/a:novell:opensuse:tomcat-servlet-3_1-api", "p-cpe:/a:novell:opensuse:tomcat-webapps", "cpe:/o:novell:opensuse:42.1", "cpe:/o:novell:opensuse:42.2"], "id": "OPENSUSE-2017-586.NASL", "href": "https://www.tenable.com/plugins/nessus/100204", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-586.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100204);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-8745\", \"CVE-2017-5647\", \"CVE-2017-5648\");\n\n script_name(english:\"openSUSE Security Update : tomcat (openSUSE-2017-586)\");\n script_summary(english:\"Check for the openSUSE-2017-586 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for tomcat fixes the following issues :\n\n - CVE-2017-5647 Pipelined requests could lead to\n information disclosure (bsc#1033448)\n\n - CVE-2017-5648 Untrusted application could retain\n listener leading to information disclosure (bsc#1033447)\n\n - CVE-2016-8745 shared Processor on Connector code could\n lead to information disclosure (bsc#1015119)\n\nThis update was imported from the SUSE:SLE-12-SP1:Update and\nSUSE:SLE-12-SP2:Update update projects.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1015119\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1033447\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1033448\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-el-3_0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-embed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-jsp-2_3-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-servlet-3_1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1|SUSE42\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1 / 42.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"tomcat-8.0.43-17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"tomcat-admin-webapps-8.0.43-17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"tomcat-docs-webapp-8.0.43-17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"tomcat-el-3_0-api-8.0.43-17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"tomcat-embed-8.0.43-17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"tomcat-javadoc-8.0.43-17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"tomcat-jsp-2_3-api-8.0.43-17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"tomcat-jsvc-8.0.43-17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"tomcat-lib-8.0.43-17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"tomcat-servlet-3_1-api-8.0.43-17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"tomcat-webapps-8.0.43-17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"tomcat-8.0.43-6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"tomcat-admin-webapps-8.0.43-6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"tomcat-docs-webapp-8.0.43-6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"tomcat-el-3_0-api-8.0.43-6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"tomcat-embed-8.0.43-6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"tomcat-javadoc-8.0.43-6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"tomcat-jsp-2_3-api-8.0.43-6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"tomcat-jsvc-8.0.43-6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"tomcat-lib-8.0.43-6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"tomcat-servlet-3_1-api-8.0.43-6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"tomcat-webapps-8.0.43-6.7.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-08-19T12:38:51", "description": "This updates includes a rebase from tomcat 8.0.38 up to 8.0.39 which resolves multiple CVEs :\n\n - \\#1397493 - CVE-2016-6816 CVE-2016-6817 CVE-2016-8735 tomcat: various flaws\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-12-15T00:00:00", "type": "nessus", "title": "Fedora 25 : 1:tomcat (2016-98cca07999)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-6817", "CVE-2016-8735"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:tomcat", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2016-98CCA07999.NASL", "href": "https://www.tenable.com/plugins/nessus/95829", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-98cca07999.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95829);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-6817\", \"CVE-2016-8735\");\n script_xref(name:\"FEDORA\", value:\"2016-98cca07999\");\n\n script_name(english:\"Fedora 25 : 1:tomcat (2016-98cca07999)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This updates includes a rebase from tomcat 8.0.38 up to 8.0.39 which\nresolves multiple CVEs :\n\n - \\#1397493 - CVE-2016-6816 CVE-2016-6817 CVE-2016-8735\n tomcat: various flaws\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-98cca07999\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 1:tomcat package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"tomcat-8.0.39-1.fc25\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:tomcat\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:39:07", "description": "This updates includes a rebase from tomcat 8.0.38 up to 8.0.39 which resolves multiple CVEs :\n\n - \\#1397493 - CVE-2016-6816 CVE-2016-6817 CVE-2016-8735 tomcat: various flaws\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-12-15T00:00:00", "type": "nessus", "title": "Fedora 23 : 1:tomcat (2016-9c33466fbb)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-6817", "CVE-2016-8735"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:tomcat", "cpe:/o:fedoraproject:fedora:23"], "id": "FEDORA_2016-9C33466FBB.NASL", "href": "https://www.tenable.com/plugins/nessus/95830", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-9c33466fbb.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95830);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-6817\", \"CVE-2016-8735\");\n script_xref(name:\"FEDORA\", value:\"2016-9c33466fbb\");\n\n script_name(english:\"Fedora 23 : 1:tomcat (2016-9c33466fbb)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This updates includes a rebase from tomcat 8.0.38 up to 8.0.39 which\nresolves multiple CVEs :\n\n - \\#1397493 - CVE-2016-6816 CVE-2016-6817 CVE-2016-8735\n tomcat: various flaws\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-9c33466fbb\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 1:tomcat package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"tomcat-8.0.39-1.fc23\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:tomcat\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T16:12:04", "description": "This updates includes a rebase from tomcat 8.0.38 up to 8.0.39 which resolves multiple CVEs :\n\n - \\#1397493 - CVE-2016-6816 CVE-2016-6817 CVE-2016-8735 tomcat: various flaws\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-12-16T00:00:00", "type": "nessus", "title": "Fedora 24 : 1:tomcat (2016-a98c560116)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-6817", "CVE-2016-8735"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:tomcat", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2016-A98C560116.NASL", "href": "https://www.tenable.com/plugins/nessus/95904", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-a98c560116.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95904);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-6817\", \"CVE-2016-8735\");\n script_xref(name:\"FEDORA\", value:\"2016-a98c560116\");\n\n script_name(english:\"Fedora 24 : 1:tomcat (2016-a98c560116)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This updates includes a rebase from tomcat 8.0.38 up to 8.0.39 which\nresolves multiple CVEs :\n\n - \\#1397493 - CVE-2016-6816 CVE-2016-6817 CVE-2016-8735\n tomcat: various flaws\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-a98c560116\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 1:tomcat package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"tomcat-8.0.39-1.fc24\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:tomcat\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-02T17:02:39", "description": "According to its self-reported version number, the Apache Tomcat service running on the remote host is 6.0.x prior to 6.0.48, 7.0.x prior to 7.0.73, 8.0.x prior to 8.0.39, 8.5.x prior to 8.5.8, or 9.0.x prior to 9.0.0.M13. It is, therefore, affected by multiple vulnerabilities :\n\n - A flaw exists that is triggered when handling request lines containing certain invalid characters. An unauthenticated, remote attacker can exploit this, by injecting additional headers into responses, to conduct HTTP response splitting attacks. (CVE-2016-6816)\n\n - A denial of service vulnerability exists in the HTTP/2 parser due to an infinite loop caused by improper parsing of overly large headers. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to cause a denial of service condition.\n Note that this vulnerability only affects 8.5.x versions. (CVE-2016-6817)\n\n - A remote code execution vulnerability exists in the JMX listener in JmxRemoteLifecycleListener.java due to improper deserialization of Java objects. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-8735)\n\nNote that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2016-12-01T00:00:00", "type": "nessus", "title": "Apache Tomcat 6.0.x < 6.0.48 / 7.0.x < 7.0.73 / 8.0.x < 8.0.39 / 8.5.x < 8.5.8 / 9.0.x < 9.0.0.M13 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-6817", "CVE-2016-8735"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_8_5_8.NASL", "href": "https://www.tenable.com/plugins/nessus/95438", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95438);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-6817\", \"CVE-2016-8735\");\n script_bugtraq_id(94097, 94461, 94463);\n\n script_name(english:\"Apache Tomcat 6.0.x < 6.0.48 / 7.0.x < 7.0.73 / 8.0.x < 8.0.39 / 8.5.x < 8.5.8 / 9.0.x < 9.0.0.M13 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apache Tomcat server is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the Apache Tomcat\nservice running on the remote host is 6.0.x prior to 6.0.48, 7.0.x\nprior to 7.0.73, 8.0.x prior to 8.0.39, 8.5.x prior to 8.5.8, or\n9.0.x prior to 9.0.0.M13. It is, therefore, affected by multiple \nvulnerabilities :\n\n - A flaw exists that is triggered when handling request\n lines containing certain invalid characters. An \n unauthenticated, remote attacker can exploit this, by\n injecting additional headers into responses, to conduct\n HTTP response splitting attacks. (CVE-2016-6816)\n\n - A denial of service vulnerability exists in the HTTP/2\n parser due to an infinite loop caused by improper\n parsing of overly large headers. An unauthenticated,\n remote attacker can exploit this, via a specially\n crafted request, to cause a denial of service condition.\n Note that this vulnerability only affects 8.5.x\n versions. (CVE-2016-6817)\n\n - A remote code execution vulnerability exists in the JMX\n listener in JmxRemoteLifecycleListener.java due to\n improper deserialization of Java objects. An\n unauthenticated, remote attacker can exploit this to\n execute arbitrary code. (CVE-2016-8735)\n\nNote that Nessus has not attempted to exploit these issues but has\ninstead relied only on the application's self-reported version number.\");\n # https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1e8a81e1\");\n # https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1c7e7b23\");\n # https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?833cb56a\");\n # https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.8\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?87d6ed56\");\n # http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.0.M13\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5f7bb039\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Tomcat version 6.0.48 / 7.0.73 / 8.0.39 / 8.5.8 / 9.0.0.M13 or\nlater.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-8735\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n\n exit(0);\n}\n\ninclude('tomcat_version.inc');\n\ntomcat_check_version(fixed:make_list(\"6.0.48\", \"7.0.73\", \"8.0.39\", \"8.5.8\", \"9.0.0.M13\"), severity:SECURITY_HOLE, granularity_regex:\"^(6(\\.0)?|7(\\.0)?|8(\\.(0|5))?|9(\\.0)?)$\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-18T15:27:03", "description": "According to its self-reported version number, the Apache Tomcat service running on the remote host is 8.5.x prior to 8.5.8 or 9.0.x prior to 9.0.0.M13. It is, therefore, affected by multiple vulnerabilities:\n\n - A flaw exists that is triggered when handling request lines containing certain invalid characters. An unauthenticated, remote attacker can exploit this, by injecting additional headers into responses, to conduct HTTP response splitting attacks. (CVE-2016-6816)\n\n- A denial of service vulnerability exists in the HTTP/2 parser due to an infinite loop caused by improper parsing of overly large headers. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to cause a denial of service condition.\nNote that this vulnerability only affects 8.5.x versions. (CVE-2016-6817)\n\n - A remote code execution vulnerability exists in the JMX listener in JmxRemoteLifecycleListener.java due to improper deserialization of Java objects. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-8735)\n\n - A denial of service vulnerability exists in the HTTP/2 parser due to an infinite loop caused by improper parsing of overly large headers. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to cause a denial of service condition. Note that this vulnerability only affects 8.5.x versions. (CVE-2016-6817)\n\nNote that Nessus Network Monitor has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 7.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.7}, "published": "2017-01-24T00:00:00", "type": "nessus", "title": "Apache Tomcat 8.5.x < 8.5.8 / 9.0.0.x < 9.0.0.M13 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816", "CVE-2016-6817", "CVE-2016-8735"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "9906.PASL", "href": "https://www.tenable.com/plugins/nnm/9906", "sourceData": "Binary data 9906.pasl", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-13T14:36:58", "description": "USN-3177-1 fixed vulnerabilities in Tomcat. The update introduced a regression in environments where Tomcat is started with a security manager. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nIt was discovered that the Tomcat realm implementations incorrectly handled passwords when a username didn't exist. A remote attacker could possibly use this issue to enumerate usernames. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.\n(CVE-2016-0762)\n\nAlvaro Munoz and Alexander Mirosh discovered that Tomcat incorrectly limited use of a certain utility method. A malicious application could possibly use this to bypass Security Manager restrictions. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.\n(CVE-2016-5018)\n\nIt was discovered that Tomcat did not protect applications from untrusted data in the HTTP_PROXY environment variable.\nA remote attacker could possibly use this issue to redirect outbound traffic to an arbitrary proxy server. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-5388)\n\nIt was discovered that Tomcat incorrectly controlled reading system properties. A malicious application could possibly use this to bypass Security Manager restrictions. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6794)\n\nIt was discovered that Tomcat incorrectly controlled certain configuration parameters. A malicious application could possibly use this to bypass Security Manager restrictions.\nThis issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6796)\n\nIt was discovered that Tomcat incorrectly limited access to global JNDI resources. A malicious application could use this to access any global JNDI resource without an explicit ResourceLink. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6797)\n\nRegis Leroy discovered that Tomcat incorrectly filtered certain invalid characters from the HTTP request line. A remote attacker could possibly use this issue to inject data into HTTP responses. (CVE-2016-6816)\n\nPierre Ernst discovered that the Tomcat JmxRemoteLifecycleListener did not implement a recommended fix. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2016-8735)\n\nIt was discovered that Tomcat incorrectly handled error handling in the send file code. A remote attacker could possibly use this issue to access information from other requests. (CVE-2016-8745)\n\nPaul Szabo discovered that the Tomcat package incorrectly handled upgrades and removals. A local attacker could possibly use this issue to obtain root privileges.\n(CVE-2016-9774, CVE-2016-9775).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-02-03T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS / 14.04 LTS : tomcat6, tomcat7 regression (USN-3177-2) (httpoxy)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0762", "CVE-2016-5018", "CVE-2016-5388", "CVE-2016-6794", "CVE-2016-6796", "CVE-2016-6797", "CVE-2016-6816", "CVE-2016-8735", "CVE-2016-8745", "CVE-2016-9774", "CVE-2016-9775"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libtomcat6-java", "p-cpe:/a:canonical:ubuntu_linux:libtomcat7-java", "p-cpe:/a:canonical:ubuntu_linux:tomcat6", "p-cpe:/a:canonical:ubuntu_linux:tomcat7", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3177-2.NASL", "href": "https://www.tenable.com/plugins/nessus/96978", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3177-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(96978);\n script_version(\"3.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2016-0762\", \"CVE-2016-5018\", \"CVE-2016-5388\", \"CVE-2016-6794\", \"CVE-2016-6796\", \"CVE-2016-6797\", \"CVE-2016-6816\", \"CVE-2016-8735\", \"CVE-2016-8745\", \"CVE-2016-9774\", \"CVE-2016-9775\");\n script_xref(name:\"USN\", value:\"3177-2\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS : tomcat6, tomcat7 regression (USN-3177-2) (httpoxy)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"USN-3177-1 fixed vulnerabilities in Tomcat. The update introduced a\nregression in environments where Tomcat is started with a security\nmanager. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nIt was discovered that the Tomcat realm implementations incorrectly\nhandled passwords when a username didn't exist. A remote attacker\ncould possibly use this issue to enumerate usernames. This issue only\napplied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.\n(CVE-2016-0762)\n\nAlvaro Munoz and Alexander Mirosh discovered that Tomcat\nincorrectly limited use of a certain utility method. A\nmalicious application could possibly use this to bypass\nSecurity Manager restrictions. This issue only applied to\nUbuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.\n(CVE-2016-5018)\n\nIt was discovered that Tomcat did not protect applications\nfrom untrusted data in the HTTP_PROXY environment variable.\nA remote attacker could possibly use this issue to redirect\noutbound traffic to an arbitrary proxy server. This issue\nonly applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and\nUbuntu 16.04 LTS. (CVE-2016-5388)\n\nIt was discovered that Tomcat incorrectly controlled reading\nsystem properties. A malicious application could possibly\nuse this to bypass Security Manager restrictions. This issue\nonly applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and\nUbuntu 16.04 LTS. (CVE-2016-6794)\n\nIt was discovered that Tomcat incorrectly controlled certain\nconfiguration parameters. A malicious application could\npossibly use this to bypass Security Manager restrictions.\nThis issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04\nLTS and Ubuntu 16.04 LTS. (CVE-2016-6796)\n\nIt was discovered that Tomcat incorrectly limited access to\nglobal JNDI resources. A malicious application could use\nthis to access any global JNDI resource without an explicit\nResourceLink. This issue only applied to Ubuntu 12.04 LTS,\nUbuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6797)\n\nRegis Leroy discovered that Tomcat incorrectly filtered\ncertain invalid characters from the HTTP request line. A\nremote attacker could possibly use this issue to inject data\ninto HTTP responses. (CVE-2016-6816)\n\nPierre Ernst discovered that the Tomcat\nJmxRemoteLifecycleListener did not implement a recommended\nfix. A remote attacker could possibly use this issue to\nexecute arbitrary code. (CVE-2016-8735)\n\nIt was discovered that Tomcat incorrectly handled error\nhandling in the send file code. A remote attacker could\npossibly use this issue to access information from other\nrequests. (CVE-2016-8745)\n\nPaul Szabo discovered that the Tomcat package incorrectly\nhandled upgrades and removals. A local attacker could\npossibly use this issue to obtain root privileges.\n(CVE-2016-9774, CVE-2016-9775).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3177-2/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libtomcat6-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libtomcat7-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/03\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libtomcat6-java\", pkgver:\"6.0.35-1ubuntu3.10\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"tomcat6\", pkgver:\"6.0.35-1ubuntu3.10\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libtomcat7-java\", pkgver:\"7.0.52-1ubuntu0.9\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"tomcat7\", pkgver:\"7.0.52-1ubuntu0.9\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtomcat6-java / libtomcat7-java / tomcat6 / tomcat7\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-14T14:35:56", "description": "It was discovered that the Tomcat realm implementations incorrectly handled passwords when a username didn't exist. A remote attacker could possibly use this issue to enumerate usernames. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.\n(CVE-2016-0762)\n\nAlvaro Munoz and Alexander Mirosh discovered that Tomcat incorrectly limited use of a certain utility method. A malicious application could possibly use this to bypass Security Manager restrictions. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-5018)\n\nIt was discovered that Tomcat did not protect applications from untrusted data in the HTTP_PROXY environment variable. A remote attacker could possibly use this issue to redirect outbound traffic to an arbitrary proxy server. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-5388)\n\nIt was discovered that Tomcat incorrectly controlled reading system properties. A malicious application could possibly use this to bypass Security Manager restrictions. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6794)\n\nIt was discovered that Tomcat incorrectly controlled certain configuration parameters. A malicious application could possibly use this to bypass Security Manager restrictions. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.\n(CVE-2016-6796)\n\nIt was discovered that Tomcat incorrectly limited access to global JNDI resources. A malicious application could use this to access any global JNDI resource without an explicit ResourceLink. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.\n(CVE-2016-6797)\n\nRegis Leroy discovered that Tomcat incorrectly filtered certain invalid characters from the HTTP request line. A remote attacker could possibly use this issue to inject data into HTTP responses.\n(CVE-2016-6816)\n\nPierre Ernst discovered that the Tomcat JmxRemoteLifecycleListener did not implement a recommended fix. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2016-8735)\n\nIt was discovered that Tomcat incorrectly handled error handling in the send file code. A remote attacker could possibly use this issue to access information from other requests. (CVE-2016-8745)\n\nPaul Szabo discovered that the Tomcat package incorrectly handled upgrades and removals. A local attacker could possibly use this issue to obtain root privileges. (CVE-2016-9774, CVE-2016-9775).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-01-24T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : tomcat6, tomcat7, tomcat8 vulnerabilities (USN-3177-1) (httpoxy)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0762", "CVE-2016-5018", "CVE-2016-5388", "CVE-2016-6794", "CVE-2016-6796", "CVE-2016-6797", "CVE-2016-6816", "CVE-2016-8735", "CVE-2016-8745", "CVE-2016-9774", "CVE-2016-9775"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libtomcat6-java", "p-cpe:/a:canonical:ubuntu_linux:libtomcat7-java", "p-cpe:/a:canonical:ubuntu_linux:libtomcat8-java", "p-cpe:/a:canonical:ubuntu_linux:tomcat6", "p-cpe:/a:canonical:ubuntu_linux:tomcat7", "p-cpe:/a:canonical:ubuntu_linux:tomcat8", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:16.10"], "id": "UBUNTU_USN-3177-1.NASL", "href": "https://www.tenable.com/plugins/nessus/96720", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3177-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(96720);\n script_version(\"3.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2016-0762\", \"CVE-2016-5018\", \"CVE-2016-5388\", \"CVE-2016-6794\", \"CVE-2016-6796\", \"CVE-2016-6797\", \"CVE-2016-6816\", \"CVE-2016-8735\", \"CVE-2016-8745\", \"CVE-2016-9774\", \"CVE-2016-9775\");\n script_xref(name:\"USN\", value:\"3177-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : tomcat6, tomcat7, tomcat8 vulnerabilities (USN-3177-1) (httpoxy)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that the Tomcat realm implementations incorrectly\nhandled passwords when a username didn't exist. A remote attacker\ncould possibly use this issue to enumerate usernames. This issue only\napplied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.\n(CVE-2016-0762)\n\nAlvaro Munoz and Alexander Mirosh discovered that Tomcat incorrectly\nlimited use of a certain utility method. A malicious application could\npossibly use this to bypass Security Manager restrictions. This issue\nonly applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04\nLTS. (CVE-2016-5018)\n\nIt was discovered that Tomcat did not protect applications from\nuntrusted data in the HTTP_PROXY environment variable. A remote\nattacker could possibly use this issue to redirect outbound traffic to\nan arbitrary proxy server. This issue only applied to Ubuntu 12.04\nLTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-5388)\n\nIt was discovered that Tomcat incorrectly controlled reading system\nproperties. A malicious application could possibly use this to bypass\nSecurity Manager restrictions. This issue only applied to Ubuntu 12.04\nLTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6794)\n\nIt was discovered that Tomcat incorrectly controlled certain\nconfiguration parameters. A malicious application could possibly use\nthis to bypass Security Manager restrictions. This issue only applied\nto Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.\n(CVE-2016-6796)\n\nIt was discovered that Tomcat incorrectly limited access to global\nJNDI resources. A malicious application could use this to access any\nglobal JNDI resource without an explicit ResourceLink. This issue only\napplied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.\n(CVE-2016-6797)\n\nRegis Leroy discovered that Tomcat incorrectly filtered certain\ninvalid characters from the HTTP request line. A remote attacker could\npossibly use this issue to inject data into HTTP responses.\n(CVE-2016-6816)\n\nPierre Ernst discovered that the Tomcat JmxRemoteLifecycleListener did\nnot implement a recommended fix. A remote attacker could possibly use\nthis issue to execute arbitrary code. (CVE-2016-8735)\n\nIt was discovered that Tomcat incorrectly handled error handling in\nthe send file code. A remote attacker could possibly use this issue to\naccess information from other requests. (CVE-2016-8745)\n\nPaul Szabo discovered that the Tomcat package incorrectly handled\nupgrades and removals. A local attacker could possibly use this issue\nto obtain root privileges. (CVE-2016-9774, CVE-2016-9775).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3177-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libtomcat6-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libtomcat7-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libtomcat8-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:tomcat8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/24\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|16\\.04|16\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 16.04 / 16.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libtomcat6-java\", pkgver:\"6.0.35-1ubuntu3.9\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"tomcat6\", pkgver:\"6.0.35-1ubuntu3.9\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libtomcat7-java\", pkgver:\"7.0.52-1ubuntu0.8\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"tomcat7\", pkgver:\"7.0.52-1ubuntu0.8\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libtomcat8-java\", pkgver:\"8.0.32-1ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"tomcat8\", pkgver:\"8.0.32-1ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"libtomcat8-java\", pkgver:\"8.0.37-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"tomcat8\", pkgver:\"8.0.37-1ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtomcat6-java / libtomcat7-java / libtomcat8-java / tomcat6 / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-01T16:39:47", "description": "Multiple security vulnerabilities were discovered in the Tomcat servlet and JSP engine, as well as in its Debian-specific maintainer scripts. Those flaws allowed for privilege escalation, information disclosure, and remote code execution.\n\nAs part of this update, several regressions stemming from incomplete fixes for previous vulnerabilities were also fixed.", "cvss3": {}, "published": "2016-12-20T00:00:00", "type": "nessus", "title": "Debian DSA-3739-1 : tomcat8 - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-8735", "CVE-2016-9774", "CVE-2016-9775"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:tomcat8", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3739.NASL", "href": "https://www.tenable.com/plugins/nessus/96018", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3739. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96018);\n script_version(\"3.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-8735\", \"CVE-2016-9774\", \"CVE-2016-9775\");\n script_xref(name:\"DSA\", value:\"3739\");\n\n script_name(english:\"Debian DSA-3739-1 : tomcat8 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security vulnerabilities were discovered in the Tomcat\nservlet and JSP engine, as well as in its Debian-specific maintainer\nscripts. Those flaws allowed for privilege escalation, information\ndisclosure, and remote code execution.\n\nAs part of this update, several regressions stemming from incomplete\nfixes for previous vulnerabilities were also fixed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802312\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845385\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845393\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/tomcat8\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2016/dsa-3739\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the tomcat8 packages.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 8.0.14-1+deb8u5.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libservlet3.1-java\", reference:\"8.0.14-1+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libservlet3.1-java-doc\", reference:\"8.0.14-1+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libtomcat8-java\", reference:\"8.0.14-1+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat8\", reference:\"8.0.14-1+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat8-admin\", reference:\"8.0.14-1+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat8-common\", reference:\"8.0.14-1+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat8-docs\", reference:\"8.0.14-1+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat8-examples\", reference:\"8.0.14-1+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat8-user\", reference:\"8.0.14-1+deb8u5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-01T16:40:38", "description": "Multiple security vulnerabilities were discovered in the Tomcat servlet and JSP engine, as well as in its Debian-specific maintainer scripts. Those flaws allowed for privilege escalation, information disclosure, and remote code execution.\n\nAs part of this update, several regressions stemming from incomplete fixes for previous vulnerabilities were also fixed.", "cvss3": {}, "published": "2016-12-20T00:00:00", "type": "nessus", "title": "Debian DSA-3738-1 : tomcat7 - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-8735", "CVE-2016-9774", "CVE-2016-9775"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:tomcat7", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3738.NASL", "href": "https://www.tenable.com/plugins/nessus/96017", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3738. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96017);\n script_version(\"3.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-8735\", \"CVE-2016-9774\", \"CVE-2016-9775\");\n script_xref(name:\"DSA\", value:\"3738\");\n\n script_name(english:\"Debian DSA-3738-1 : tomcat7 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security vulnerabilities were discovered in the Tomcat\nservlet and JSP engine, as well as in its Debian-specific maintainer\nscripts. Those flaws allowed for privilege escalation, information\ndisclosure, and remote code execution.\n\nAs part of this update, several regressions stemming from incomplete\nfixes for previous vulnerabilities were also fixed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802312\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845385\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845393\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/tomcat7\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2016/dsa-3738\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the tomcat7 packages.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 7.0.56-3+deb8u6.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libservlet3.0-java\", reference:\"7.0.56-3+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libservlet3.0-java-doc\", reference:\"7.0.56-3+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libtomcat7-java\", reference:\"7.0.56-3+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat7\", reference:\"7.0.56-3+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat7-admin\", reference:\"7.0.56-3+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat7-common\", reference:\"7.0.56-3+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat7-docs\", reference:\"7.0.56-3+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat7-examples\", reference:\"7.0.56-3+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat7-user\", reference:\"7.0.56-3+deb8u6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:19:41", "description": "An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nRed Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7.\n\nThis release of Red Hat JBoss Enterprise Application Platform 6.4.13 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.12, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es) :\n\n* It was discovered that the jboss init script performed unsafe file handling which could result in local privilege escalation.\n(CVE-2016-8656)\n\n* It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own. (CVE-2016-6816)\n\n* An EAP feature to download server log files allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's browser to request the log files consuming enough resources that normal server functioning could be impaired. (CVE-2016-8627)\n\n* It was discovered that when configuring RBAC and marking information as sensitive, users with a Monitor role are able to view the sensitive information. (CVE-2016-7061)\n\nThe CVE-2016-8627 issue was discovered by Darran Lofthouse and Brian Stansberry (Red Hat).", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-02-06T00:00:00", "type": "nessus", "title": "RHEL 5 : JBoss EAP (RHSA-2017:0246)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816", "CVE-2016-7061", "CVE-2016-8627", "CVE-2016-8656"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:apache-cxf", "p-cpe:/a:redhat:enterprise_linux:hornetq", "p-cpe:/a:redhat:enterprise_linux:infinispan", "p-cpe:/a:redhat:enterprise_linux:infinispan-cachestore-jdbc", "p-cpe:/a:redhat:enterprise_linux:infinispan-cachestore-remote", "p-cpe:/a:redhat:enterprise_linux:infinispan-client-hotrod", "p-cpe:/a:redhat:enterprise_linux:infinispan-core", "p-cpe:/a:redhat:enterprise_linux:jboss-as-appclient", "p-cpe:/a:redhat:enterprise_linux:jboss-as-cli", "p-cpe:/a:redhat:enterprise_linux:jboss-as-client-all", "p-cpe:/a:redhat:enterprise_linux:jboss-as-clustering", "p-cpe:/a:redhat:enterprise_linux:jboss-as-cmp", "p-cpe:/a:redhat:enterprise_linux:jboss-as-configadmin", "p-cpe:/a:redhat:enterprise_linux:jboss-as-connector", "p-cpe:/a:redhat:enterprise_linux:jboss-as-console", "p-cpe:/a:redhat:enterprise_linux:jboss-as-controller", "p-cpe:/a:redhat:enterprise_linux:jboss-as-controller-client", "p-cpe:/a:redhat:enterprise_linux:jboss-as-core-security", "p-cpe:/a:redhat:enterprise_linux:jboss-as-deployment-repository", "p-cpe:/a:redhat:enterprise_linux:jboss-as-deployment-scanner", "p-cpe:/a:redhat:enterprise_linux:jboss-as-domain-http", "p-cpe:/a:redhat:enterprise_linux:jboss-as-domain-management", "p-cpe:/a:redhat:enterprise_linux:jboss-as-ee", "p-cpe:/a:redhat:enterprise_linux:jboss-as-ee-deployment", "p-cpe:/a:redhat:enterprise_linux:jboss-as-ejb3", "p-cpe:/a:redhat:enterprise_linux:jboss-as-embedded", "p-cpe:/a:redhat:enterprise_linux:jboss-as-host-controller", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jacorb", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jaxr", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jaxrs", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jdr", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jmx", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jpa", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jsf", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jsr77", "p-cpe:/a:redhat:enterprise_linux:jboss-as-logging", "p-cpe:/a:redhat:enterprise_linux:jboss-as-mail", "p-cpe:/a:redhat:enterprise_linux:jboss-as-management-client-content", "p-cpe:/a:redhat:enterprise_linux:jboss-as-messaging", "p-cpe:/a:redhat:enterprise_linux:jboss-as-modcluster", "p-cpe:/a:redhat:enterprise_linux:jboss-as-naming", "p-cpe:/a:redhat:enterprise_linux:jboss-as-network", "p-cpe:/a:redhat:enterprise_linux:jboss-as-osgi", "p-cpe:/a:redhat:enterprise_linux:jboss-as-osgi-configadmin", "p-cpe:/a:redhat:enterprise_linux:jboss-as-osgi-service", "p-cpe:/a:redhat:enterprise_linux:jboss-as-picketlink", "p-cpe:/a:redhat:enterprise_linux:jboss-as-platform-mbean", "p-cpe:/a:redhat:enterprise_linux:jboss-as-pojo", "p-cpe:/a:redhat:enterprise_linux:jboss-as-process-controller", "p-cpe:/a:redhat:enterprise_linux:jboss-as-protocol", "p-cpe:/a:redhat:enterprise_linux:jboss-as-remoting", "p-cpe:/a:redhat:enterprise_linux:jboss-as-sar", "p-cpe:/a:redhat:enterprise_linux:jboss-as-security", "p-cpe:/a:redhat:enterprise_linux:jboss-as-server", "p-cpe:/a:redhat:enterprise_linux:jboss-as-system-jmx", "p-cpe:/a:redhat:enterprise_linux:jboss-as-threads", "p-cpe:/a:redhat:enterprise_linux:jboss-as-transactions", "p-cpe:/a:redhat:enterprise_linux:jboss-as-version", "p-cpe:/a:redhat:enterprise_linux:jboss-as-web", "p-cpe:/a:redhat:enterprise_linux:jboss-as-webservices", "p-cpe:/a:redhat:enterprise_linux:jboss-as-weld", "p-cpe:/a:redhat:enterprise_linux:jboss-as-xts", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb-client", "p-cpe:/a:redhat:enterprise_linux:jboss-hal", "p-cpe:/a:redhat:enterprise_linux:jbossas-appclient", "p-cpe:/a:redhat:enterprise_linux:jbossas-bundles", "p-cpe:/a:redhat:enterprise_linux:jbossas-core", "p-cpe:/a:redhat:enterprise_linux:jbossas-domain", "p-cpe:/a:redhat:enterprise_linux:jbossas-javadocs", "p-cpe:/a:redhat:enterprise_linux:jbossas-modules-eap", "p-cpe:/a:redhat:enterprise_linux:jbossas-product-eap", "p-cpe:/a:redhat:enterprise_linux:jbossas-standalone", "p-cpe:/a:redhat:enterprise_linux:jbossas-welcome-content-eap", "p-cpe:/a:redhat:enterprise_linux:jbossweb", "p-cpe:/a:redhat:enterprise_linux:resteasy", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2017-0246.NASL", "href": "https://www.tenable.com/plugins/nessus/97010", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:0246. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97010);\n script_version(\"3.11\");\n script_cvs_date(\"Date: 2019/10/24 15:35:42\");\n\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-7061\", \"CVE-2016-8627\", \"CVE-2016-8656\");\n script_xref(name:\"RHSA\", value:\"2017:0246\");\n\n script_name(english:\"RHEL 5 : JBoss EAP (RHSA-2017:0246)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update is now available for Red Hat JBoss Enterprise Application\nPlatform 6.4 for RHEL 5.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nRed Hat JBoss Enterprise Application Platform 6 is a platform for Java\napplications based on JBoss Application Server 7.\n\nThis release of Red Hat JBoss Enterprise Application Platform 6.4.13\nserves as a replacement for Red Hat JBoss Enterprise Application\nPlatform 6.4.12, and includes bug fixes and enhancements, which are\ndocumented in the Release Notes document linked to in the References.\n\nSecurity Fix(es) :\n\n* It was discovered that the jboss init script performed unsafe file\nhandling which could result in local privilege escalation.\n(CVE-2016-8656)\n\n* It was discovered that the code that parsed the HTTP request line\npermitted invalid characters. This could be exploited, in conjunction\nwith a proxy that also permitted the invalid characters but with a\ndifferent interpretation, to inject data into the HTTP response. By\nmanipulating the HTTP response the attacker could poison a web-cache,\nperform an XSS attack and/or obtain sensitive information from\nrequests other then their own. (CVE-2016-6816)\n\n* An EAP feature to download server log files allows logs to be\navailable via GET requests making them vulnerable to cross-origin\nattacks. An attacker could trigger the user's browser to request the\nlog files consuming enough resources that normal server functioning\ncould be impaired. (CVE-2016-8627)\n\n* It was discovered that when configuring RBAC and marking information\nas sensitive, users with a Monitor role are able to view the sensitive\ninformation. (CVE-2016-7061)\n\nThe CVE-2016-8627 issue was discovered by Darran Lofthouse and Brian\nStansberry (Red Hat).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/documentation/en-US/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:0246\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6816\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-7061\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-8627\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-8656\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apache-cxf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hornetq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:infinispan\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:infinispan-cachestore-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:infinispan-cachestore-remote\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:infinispan-client-hotrod\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:infinispan-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-appclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-client-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-clustering\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-cmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-configadmin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-connector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-console\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-controller\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-controller-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-core-security\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-deployment-repository\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-deployment-scanner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-domain-http\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-domain-management\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-ee\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-ee-deployment\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-ejb3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-host-controller\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-jacorb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-jaxr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-jaxrs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-jdr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-jmx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-jpa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-jsf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-jsr77\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-logging\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-mail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-management-client-content\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-messaging\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-modcluster\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-naming\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-osgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-osgi-configadmin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-osgi-service\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-picketlink\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-platform-mbean\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-pojo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-process-controller\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-protocol\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-remoting\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-sar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-security\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-system-jmx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-threads\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-transactions\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-version\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-webservices\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-weld\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-xts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-hal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-appclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-domain\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-javadocs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-modules-eap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-product-eap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-standalone\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-welcome-content-eap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:resteasy\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:0246\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL5\", rpm:\"jbossas-welcome-content-eap\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"JBoss EAP\");\n\n if (rpm_check(release:\"RHEL5\", reference:\"apache-cxf-2.7.18-5.SP4_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"hornetq-2.3.25-18.SP16_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"infinispan-5.2.20-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"infinispan-cachestore-jdbc-5.2.20-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"infinispan-cachestore-remote-5.2.20-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"infinispan-client-hotrod-5.2.20-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"infinispan-core-5.2.20-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-appclient-7.5.13-2.Final_redhat_2.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-cli-7.5.13-2.Final_redhat_2.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-client-all-7.5.13-2.Final_redhat_2.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-clustering-7.5.13-2.Final_redhat_2.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-cmp-7.5.13-2.Final_redhat_2.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-configadmin-7.5.13-2.Final_redhat_2.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-connector-7.5.13-2.Final_redhat_2.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-console-2.5.15-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-controller-7.5.13-2.Final_redhat_2.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-controller-client-7.5.13-2.Final_redhat_2.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-core-security-7.5.13-2.Final_redhat_2.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-deployment-repository-7.5.13-2.Final_redhat_2.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-deployment-scanner-7.5.13-2.Final_redhat_2.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-domain-http-7.5.13-2.Final_redhat_2.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-domain-management-7.5.13-2.Final_redhat_2.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-ee-7.5.13-2.Final_redhat_2.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-ee-deployment-7.5.13-2.Final_redhat_2.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-ejb3-7.5.13-2.Final_redhat_2.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-embedded-7.5.13-2.Final_redhat_2.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-host-controller-7.5.13-2.Final_redhat_2.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-jacorb-7.5.13-2.Final_redhat_2.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-jaxr-7.5.13-2.Final_redhat_2.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-jaxrs-7.5.13-2.Final_redhat_2.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-jdr-7.5.13-2.Final_redhat_2.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-jmx-7.5.13-2.Final_redhat_2.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-jpa-7.5.13-2.Final_redhat_2.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-jsf-7.5.13-2.Final_redhat_2.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-jsr77-7.5.13-2.Final_redhat_2.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-logging-7.5.13-2.Final_redhat_2.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-mail-7.5.13-2.Final_redhat_2.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-management-client-content-7.5.13-2.Final_redhat_2.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-messaging-7.5.13-2.Final_redhat_2.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-modcluster-7.5.13-2.Final_redhat_2.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-naming-7.5.13-2.Final_redhat_2.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-network-7.5.13-2.Final_redhat_2.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-osgi-7.5.13-2.Final_redhat_2.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-osgi-configadmin-7.5.13-2.Final_redhat_2.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-osgi-service-7.5.13-2.Final_redhat_2.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-picketlink-7.5.13-2.Final_redhat_2.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-platform-mbean-7.5.13-2.Final_redhat_2.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-pojo-7.5.13-2.Final_redhat_2.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-process-controller-7.5.13-2.Final_redhat_2.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-protocol-7.5.13-2.Final_redhat_2.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-remoting-7.5.13-2.Final_redhat_2.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-sar-7.5.13-2.Final_redhat_2.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-security-7.5.13-2.Final_redhat_2.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-server-7.5.13-2.Final_redhat_2.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-system-jmx-7.5.13-2.Final_redhat_2.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-threads-7.5.13-2.Final_redhat_2.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-transactions-7.5.13-2.Final_redhat_2.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-version-7.5.13-2.Final_redhat_2.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-web-7.5.13-2.Final_redhat_2.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-webservices-7.5.13-2.Final_redhat_2.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-weld-7.5.13-2.Final_redhat_2.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-as-xts-7.5.13-2.Final_redhat_2.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-ejb-client-1.0.38-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-hal-2.5.15-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossas-appclient-7.5.13-2.Final_redhat_2.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossas-bundles-7.5.13-2.Final_redhat_2.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossas-core-7.5.13-2.Final_redhat_2.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossas-domain-7.5.13-5.Final_redhat_2.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossas-javadocs-7.5.13-3.Final_redhat_2.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossas-modules-eap-7.5.13-2.Final_redhat_2.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossas-product-eap-7.5.13-2.Final_redhat_2.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossas-standalone-7.5.13-5.Final_redhat_2.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossas-welcome-content-eap-7.5.13-2.Final_redhat_2.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jbossweb-7.5.20-1.Final_redhat_1.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"resteasy-2.3.16-1.Final_redhat_1.1.ep6.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache-cxf / hornetq / infinispan / infinispan-cachestore-jdbc / etc\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:20:01", "description": "An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nRed Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7.\n\nThis release of Red Hat JBoss Enterprise Application Platform 6.4.13 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.12, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es) :\n\n* It was discovered that the jboss init script performed unsafe file handling which could result in local privilege escalation.\n(CVE-2016-8656)\n\n* It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own. (CVE-2016-6816)\n\n* An EAP feature to download server log files allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's browser to request the log files consuming enough resources that normal server functioning could be impaired. (CVE-2016-8627)\n\n* It was discovered that when configuring RBAC and marking information as sensitive, users with a Monitor role are able to view the sensitive information. (CVE-2016-7061)\n\nThe CVE-2016-8627 issue was discovered by Darran Lofthouse and Brian Stansberry (Red Hat).", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-02-06T00:00:00", "type": "nessus", "title": "RHEL 6 : JBoss EAP (RHSA-2017:0244)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816", "CVE-2016-7061", "CVE-2016-8627", "CVE-2016-8656"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:apache-cxf", "p-cpe:/a:redhat:enterprise_linux:hornetq", "p-cpe:/a:redhat:enterprise_linux:infinispan", "p-cpe:/a:redhat:enterprise_linux:infinispan-cachestore-jdbc", "p-cpe:/a:redhat:enterprise_linux:infinispan-cachestore-remote", "p-cpe:/a:redhat:enterprise_linux:infinispan-client-hotrod", "p-cpe:/a:redhat:enterprise_linux:infinispan-core", "p-cpe:/a:redhat:enterprise_linux:jboss-as-appclient", "p-cpe:/a:redhat:enterprise_linux:jboss-as-cli", "p-cpe:/a:redhat:enterprise_linux:jboss-as-client-all", "p-cpe:/a:redhat:enterprise_linux:jboss-as-clustering", "p-cpe:/a:redhat:enterprise_linux:jboss-as-cmp", "p-cpe:/a:redhat:enterprise_linux:jboss-as-configadmin", "p-cpe:/a:redhat:enterprise_linux:jboss-as-connector", "p-cpe:/a:redhat:enterprise_linux:jboss-as-console", "p-cpe:/a:redhat:enterprise_linux:jboss-as-controller", "p-cpe:/a:redhat:enterprise_linux:jboss-as-controller-client", "p-cpe:/a:redhat:enterprise_linux:jboss-as-core-security", "p-cpe:/a:redhat:enterprise_linux:jboss-as-deployment-repository", "p-cpe:/a:redhat:enterprise_linux:jboss-as-deployment-scanner", "p-cpe:/a:redhat:enterprise_linux:jboss-as-domain-http", "p-cpe:/a:redhat:enterprise_linux:jboss-as-domain-management", "p-cpe:/a:redhat:enterprise_linux:jboss-as-ee", "p-cpe:/a:redhat:enterprise_linux:jboss-as-ee-deployment", "p-cpe:/a:redhat:enterprise_linux:jboss-as-ejb3", "p-cpe:/a:redhat:enterprise_linux:jboss-as-embedded", "p-cpe:/a:redhat:enterprise_linux:jboss-as-host-controller", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jacorb", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jaxr", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jaxrs", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jdr", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jmx", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jpa", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jsf", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jsr77", "p-cpe:/a:redhat:enterprise_linux:jboss-as-logging", "p-cpe:/a:redhat:enterprise_linux:jboss-as-mail", "p-cpe:/a:redhat:enterprise_linux:jboss-as-management-client-content", "p-cpe:/a:redhat:enterprise_linux:jboss-as-messaging", "p-cpe:/a:redhat:enterprise_linux:jboss-as-modcluster", "p-cpe:/a:redhat:enterprise_linux:jboss-as-naming", "p-cpe:/a:redhat:enterprise_linux:jboss-as-network", "p-cpe:/a:redhat:enterprise_linux:jboss-as-osgi", "p-cpe:/a:redhat:enterprise_linux:jboss-as-osgi-configadmin", "p-cpe:/a:redhat:enterprise_linux:jboss-as-osgi-service", "p-cpe:/a:redhat:enterprise_linux:jboss-as-picketlink", "p-cpe:/a:redhat:enterprise_linux:jboss-as-platform-mbean", "p-cpe:/a:redhat:enterprise_linux:jboss-as-pojo", "p-cpe:/a:redhat:enterprise_linux:jboss-as-process-controller", "p-cpe:/a:redhat:enterprise_linux:jboss-as-protocol", "p-cpe:/a:redhat:enterprise_linux:jboss-as-remoting", "p-cpe:/a:redhat:enterprise_linux:jboss-as-sar", "p-cpe:/a:redhat:enterprise_linux:jboss-as-security", "p-cpe:/a:redhat:enterprise_linux:jboss-as-server", "p-cpe:/a:redhat:enterprise_linux:jboss-as-system-jmx", "p-cpe:/a:redhat:enterprise_linux:jboss-as-threads", "p-cpe:/a:redhat:enterprise_linux:jboss-as-transactions", "p-cpe:/a:redhat:enterprise_linux:jboss-as-version", "p-cpe:/a:redhat:enterprise_linux:jboss-as-web", "p-cpe:/a:redhat:enterprise_linux:jboss-as-webservices", "p-cpe:/a:redhat:enterprise_linux:jboss-as-weld", "p-cpe:/a:redhat:enterprise_linux:jboss-as-xts", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb-client", "p-cpe:/a:redhat:enterprise_linux:jboss-hal", "p-cpe:/a:redhat:enterprise_linux:jbossas-appclient", "p-cpe:/a:redhat:enterprise_linux:jbossas-bundles", "p-cpe:/a:redhat:enterprise_linux:jbossas-core", "p-cpe:/a:redhat:enterprise_linux:jbossas-domain", "p-cpe:/a:redhat:enterprise_linux:jbossas-javadocs", "p-cpe:/a:redhat:enterprise_linux:jbossas-modules-eap", "p-cpe:/a:redhat:enterprise_linux:jbossas-product-eap", "p-cpe:/a:redhat:enterprise_linux:jbossas-standalone", "p-cpe:/a:redhat:enterprise_linux:jbossas-welcome-content-eap", "p-cpe:/a:redhat:enterprise_linux:jbossweb", "p-cpe:/a:redhat:enterprise_linux:resteasy", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2017-0244.NASL", "href": "https://www.tenable.com/plugins/nessus/97009", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:0244. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97009);\n script_version(\"3.12\");\n script_cvs_date(\"Date: 2019/10/24 15:35:42\");\n\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-7061\", \"CVE-2016-8627\", \"CVE-2016-8656\");\n script_xref(name:\"RHSA\", value:\"2017:0244\");\n\n script_name(english:\"RHEL 6 : JBoss EAP (RHSA-2017:0244)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update is now available for Red Hat JBoss Enterprise Application\nPlatform 6.4 for RHEL 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nRed Hat JBoss Enterprise Application Platform 6 is a platform for Java\napplications based on JBoss Application Server 7.\n\nThis release of Red Hat JBoss Enterprise Application Platform 6.4.13\nserves as a replacement for Red Hat JBoss Enterprise Application\nPlatform 6.4.12, and includes bug fixes and enhancements, which are\ndocumented in the Release Notes document linked to in the References.\n\nSecurity Fix(es) :\n\n* It was discovered that the jboss init script performed unsafe file\nhandling which could result in local privilege escalation.\n(CVE-2016-8656)\n\n* It was discovered that the code that parsed the HTTP request line\npermitted invalid characters. This could be exploited, in conjunction\nwith a proxy that also permitted the invalid characters but with a\ndifferent interpretation, to inject data into the HTTP response. By\nmanipulating the HTTP response the attacker could poison a web-cache,\nperform an XSS attack and/or obtain sensitive information from\nrequests other then their own. (CVE-2016-6816)\n\n* An EAP feature to download server log files allows logs to be\navailable via GET requests making them vulnerable to cross-origin\nattacks. An attacker could trigger the user's browser to request the\nlog files consuming enough resources that normal server functioning\ncould be impaired. (CVE-2016-8627)\n\n* It was discovered that when configuring RBAC and marking information\nas sensitive, users with a Monitor role are able to view the sensitive\ninformation. (CVE-2016-7061)\n\nThe CVE-2016-8627 issue was discovered by Darran Lofthouse and Brian\nStansberry (Red Hat).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/documentation/en-US/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:0244\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6816\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-7061\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-8627\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-8656\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apache-cxf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hornetq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:infinispan\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:infinispan-cachestore-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:infinispan-cachestore-remote\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:infinispan-client-hotrod\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:infinispan-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-appclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-client-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-clustering\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-cmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-configadmin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-connector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-console\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-controller\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-controller-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-core-security\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-deployment-repository\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-deployment-scanner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-domain-http\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-domain-management\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-ee\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-ee-deployment\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-ejb3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-host-controller\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-jacorb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-jaxr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-jaxrs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-jdr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-jmx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-jpa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-jsf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-jsr77\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-logging\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-mail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-management-client-content\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-messaging\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-modcluster\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-naming\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-osgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-osgi-configadmin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-osgi-service\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-picketlink\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-platform-mbean\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-pojo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-process-controller\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-protocol\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-remoting\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-sar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-security\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-system-jmx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-threads\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-transactions\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-version\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-webservices\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-weld\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-xts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-hal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-appclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-domain\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-javadocs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-modules-eap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-product-eap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-standalone\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-welcome-content-eap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:resteasy\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:0244\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL6\", rpm:\"jbossas-welcome-content-eap\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"JBoss EAP\");\n\n if (rpm_check(release:\"RHEL6\", reference:\"apache-cxf-2.7.18-5.SP4_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"hornetq-2.3.25-18.SP16_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"infinispan-5.2.20-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"infinispan-cachestore-jdbc-5.2.20-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"infinispan-cachestore-remote-5.2.20-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"infinispan-client-hotrod-5.2.20-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"infinispan-core-5.2.20-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-appclient-7.5.13-2.Final_redhat_2.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-cli-7.5.13-2.Final_redhat_2.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-client-all-7.5.13-2.Final_redhat_2.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-clustering-7.5.13-2.Final_redhat_2.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-cmp-7.5.13-2.Final_redhat_2.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-configadmin-7.5.13-2.Final_redhat_2.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-connector-7.5.13-2.Final_redhat_2.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-console-2.5.15-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-controller-7.5.13-2.Final_redhat_2.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-controller-client-7.5.13-2.Final_redhat_2.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-core-security-7.5.13-2.Final_redhat_2.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-deployment-repository-7.5.13-2.Final_redhat_2.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-deployment-scanner-7.5.13-2.Final_redhat_2.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-domain-http-7.5.13-2.Final_redhat_2.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-domain-management-7.5.13-2.Final_redhat_2.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-ee-7.5.13-2.Final_redhat_2.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-ee-deployment-7.5.13-2.Final_redhat_2.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-ejb3-7.5.13-2.Final_redhat_2.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-embedded-7.5.13-2.Final_redhat_2.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-host-controller-7.5.13-2.Final_redhat_2.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-jacorb-7.5.13-2.Final_redhat_2.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-jaxr-7.5.13-2.Final_redhat_2.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-jaxrs-7.5.13-2.Final_redhat_2.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-jdr-7.5.13-2.Final_redhat_2.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-jmx-7.5.13-2.Final_redhat_2.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-jpa-7.5.13-2.Final_redhat_2.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-jsf-7.5.13-2.Final_redhat_2.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-jsr77-7.5.13-2.Final_redhat_2.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-logging-7.5.13-2.Final_redhat_2.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-mail-7.5.13-2.Final_redhat_2.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-management-client-content-7.5.13-2.Final_redhat_2.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-messaging-7.5.13-2.Final_redhat_2.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-modcluster-7.5.13-2.Final_redhat_2.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-naming-7.5.13-2.Final_redhat_2.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-network-7.5.13-2.Final_redhat_2.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-osgi-7.5.13-2.Final_redhat_2.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-osgi-configadmin-7.5.13-2.Final_redhat_2.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-osgi-service-7.5.13-2.Final_redhat_2.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-picketlink-7.5.13-2.Final_redhat_2.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-platform-mbean-7.5.13-2.Final_redhat_2.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-pojo-7.5.13-2.Final_redhat_2.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-process-controller-7.5.13-2.Final_redhat_2.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-protocol-7.5.13-2.Final_redhat_2.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-remoting-7.5.13-2.Final_redhat_2.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-sar-7.5.13-2.Final_redhat_2.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-security-7.5.13-2.Final_redhat_2.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-server-7.5.13-2.Final_redhat_2.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-system-jmx-7.5.13-2.Final_redhat_2.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-threads-7.5.13-2.Final_redhat_2.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-transactions-7.5.13-2.Final_redhat_2.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-version-7.5.13-2.Final_redhat_2.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-web-7.5.13-2.Final_redhat_2.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-webservices-7.5.13-2.Final_redhat_2.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-weld-7.5.13-2.Final_redhat_2.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-as-xts-7.5.13-2.Final_redhat_2.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-ejb-client-1.0.38-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-hal-2.5.15-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossas-appclient-7.5.13-2.Final_redhat_2.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossas-bundles-7.5.13-2.Final_redhat_2.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossas-core-7.5.13-2.Final_redhat_2.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossas-domain-7.5.13-5.Final_redhat_2.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossas-javadocs-7.5.13-3.Final_redhat_2.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossas-modules-eap-7.5.13-2.Final_redhat_2.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossas-product-eap-7.5.13-2.Final_redhat_2.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossas-standalone-7.5.13-5.Final_redhat_2.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossas-welcome-content-eap-7.5.13-2.Final_redhat_2.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbossweb-7.5.20-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"resteasy-2.3.16-1.Final_redhat_1.1.ep6.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache-cxf / hornetq / infinispan / infinispan-cachestore-jdbc / etc\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:49:33", "description": "An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nRed Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7.\n\nThis release of Red Hat JBoss Enterprise Application Platform 6.4.13 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.12, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es) :\n\n* It was discovered that the jboss init script performed unsafe file handling which could result in local privilege escalation.\n(CVE-2016-8656)\n\n* It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own. (CVE-2016-6816)\n\n* An EAP feature to download server log files allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's browser to request the log files consuming enough resources that normal server functioning could be impaired. (CVE-2016-8627)\n\n* It was discovered that when configuring RBAC and marking information as sensitive, users with a Monitor role are able to view the sensitive information. (CVE-2016-7061)\n\nThe CVE-2016-8627 issue was discovered by Darran Lofthouse (Red Hat) and Brian Stansberry (Red Hat).", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-09-04T00:00:00", "type": "nessus", "title": "RHEL 7 : JBoss EAP (RHSA-2017:0245)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816", "CVE-2016-7061", "CVE-2016-8627", "CVE-2016-8656"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:apache-cxf", "p-cpe:/a:redhat:enterprise_linux:hornetq", "p-cpe:/a:redhat:enterprise_linux:infinispan", "p-cpe:/a:redhat:enterprise_linux:infinispan-cachestore-jdbc", "p-cpe:/a:redhat:enterprise_linux:infinispan-cachestore-remote", "p-cpe:/a:redhat:enterprise_linux:infinispan-client-hotrod", "p-cpe:/a:redhat:enterprise_linux:infinispan-core", "p-cpe:/a:redhat:enterprise_linux:jboss-as-appclient", "p-cpe:/a:redhat:enterprise_linux:jboss-as-cli", "p-cpe:/a:redhat:enterprise_linux:jboss-as-client-all", "p-cpe:/a:redhat:enterprise_linux:jboss-as-clustering", "p-cpe:/a:redhat:enterprise_linux:jboss-as-cmp", "p-cpe:/a:redhat:enterprise_linux:jboss-as-configadmin", "p-cpe:/a:redhat:enterprise_linux:jboss-as-connector", "p-cpe:/a:redhat:enterprise_linux:jboss-as-console", "p-cpe:/a:redhat:enterprise_linux:jboss-as-controller", "p-cpe:/a:redhat:enterprise_linux:jboss-as-controller-client", "p-cpe:/a:redhat:enterprise_linux:jboss-as-core-security", "p-cpe:/a:redhat:enterprise_linux:jboss-as-deployment-repository", "p-cpe:/a:redhat:enterprise_linux:jboss-as-deployment-scanner", "p-cpe:/a:redhat:enterprise_linux:jboss-as-domain-http", "p-cpe:/a:redhat:enterprise_linux:jboss-as-domain-management", "p-cpe:/a:redhat:enterprise_linux:jboss-as-ee", "p-cpe:/a:redhat:enterprise_linux:jboss-as-ee-deployment", "p-cpe:/a:redhat:enterprise_linux:jboss-as-ejb3", "p-cpe:/a:redhat:enterprise_linux:jboss-as-embedded", "p-cpe:/a:redhat:enterprise_linux:jboss-as-host-controller", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jacorb", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jaxr", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jaxrs", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jdr", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jmx", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jpa", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jsf", "p-cpe:/a:redhat:enterprise_linux:jboss-as-jsr77", "p-cpe:/a:redhat:enterprise_linux:jboss-as-logging", "p-cpe:/a:redhat:enterprise_linux:jboss-as-mail", "p-cpe:/a:redhat:enterprise_linux:jboss-as-management-client-content", "p-cpe:/a:redhat:enterprise_linux:jboss-as-messaging", "p-cpe:/a:redhat:enterprise_linux:jboss-as-modcluster", "p-cpe:/a:redhat:enterprise_linux:jboss-as-naming", "p-cpe:/a:redhat:enterprise_linux:jboss-as-network", "p-cpe:/a:redhat:enterprise_linux:jboss-as-osgi", "p-cpe:/a:redhat:enterprise_linux:jboss-as-osgi-configadmin", "p-cpe:/a:redhat:enterprise_linux:jboss-as-osgi-service", "p-cpe:/a:redhat:enterprise_linux:jboss-as-picketlink", "p-cpe:/a:redhat:enterprise_linux:jboss-as-platform-mbean", "p-cpe:/a:redhat:enterprise_linux:jboss-as-pojo", "p-cpe:/a:redhat:enterprise_linux:jboss-as-process-controller", "p-cpe:/a:redhat:enterprise_linux:jboss-as-protocol", "p-cpe:/a:redhat:enterprise_linux:jboss-as-remoting", "p-cpe:/a:redhat:enterprise_linux:jboss-as-sar", "p-cpe:/a:redhat:enterprise_linux:jboss-as-security", "p-cpe:/a:redhat:enterprise_linux:jboss-as-server", "p-cpe:/a:redhat:enterprise_linux:jboss-as-system-jmx", "p-cpe:/a:redhat:enterprise_linux:jboss-as-threads", "p-cpe:/a:redhat:enterprise_linux:jboss-as-transactions", "p-cpe:/a:redhat:enterprise_linux:jboss-as-version", "p-cpe:/a:redhat:enterprise_linux:jboss-as-web", "p-cpe:/a:redhat:enterprise_linux:jboss-as-webservices", "p-cpe:/a:redhat:enterprise_linux:jboss-as-weld", "p-cpe:/a:redhat:enterprise_linux:jboss-as-xts", "p-cpe:/a:redhat:enterprise_linux:jboss-ejb-client", "p-cpe:/a:redhat:enterprise_linux:jboss-hal", "p-cpe:/a:redhat:enterprise_linux:jbossas-appclient", "p-cpe:/a:redhat:enterprise_linux:jbossas-bundles", "p-cpe:/a:redhat:enterprise_linux:jbossas-core", "p-cpe:/a:redhat:enterprise_linux:jbossas-domain", "p-cpe:/a:redhat:enterprise_linux:jbossas-javadocs", "p-cpe:/a:redhat:enterprise_linux:jbossas-modules-eap", "p-cpe:/a:redhat:enterprise_linux:jbossas-product-eap", "p-cpe:/a:redhat:enterprise_linux:jbossas-standalone", "p-cpe:/a:redhat:enterprise_linux:jbossas-welcome-content-eap", "p-cpe:/a:redhat:enterprise_linux:jbossweb", "p-cpe:/a:redhat:enterprise_linux:resteasy", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2017-0245.NASL", "href": "https://www.tenable.com/plugins/nessus/112252", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:0245. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(112252);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/10/24 15:35:42\");\n\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-7061\", \"CVE-2016-8627\", \"CVE-2016-8656\");\n script_xref(name:\"RHSA\", value:\"2017:0245\");\n\n script_name(english:\"RHEL 7 : JBoss EAP (RHSA-2017:0245)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update is now available for Red Hat JBoss Enterprise Application\nPlatform 6.4 for RHEL 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nRed Hat JBoss Enterprise Application Platform 6 is a platform for Java\napplications based on JBoss Application Server 7.\n\nThis release of Red Hat JBoss Enterprise Application Platform 6.4.13\nserves as a replacement for Red Hat JBoss Enterprise Application\nPlatform 6.4.12, and includes bug fixes and enhancements, which are\ndocumented in the Release Notes document linked to in the References.\n\nSecurity Fix(es) :\n\n* It was discovered that the jboss init script performed unsafe file\nhandling which could result in local privilege escalation.\n(CVE-2016-8656)\n\n* It was discovered that the code that parsed the HTTP request line\npermitted invalid characters. This could be exploited, in conjunction\nwith a proxy that also permitted the invalid characters but with a\ndifferent interpretation, to inject data into the HTTP response. By\nmanipulating the HTTP response the attacker could poison a web-cache,\nperform an XSS attack and/or obtain sensitive information from\nrequests other then their own. (CVE-2016-6816)\n\n* An EAP feature to download server log files allows logs to be\navailable via GET requests making them vulnerable to cross-origin\nattacks. An attacker could trigger the user's browser to request the\nlog files consuming enough resources that normal server functioning\ncould be impaired. (CVE-2016-8627)\n\n* It was discovered that when configuring RBAC and marking information\nas sensitive, users with a Monitor role are able to view the sensitive\ninformation. (CVE-2016-7061)\n\nThe CVE-2016-8627 issue was discovered by Darran Lofthouse (Red Hat)\nand Brian Stansberry (Red Hat).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/documentation/en-US/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:0245\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6816\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-7061\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-8627\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-8656\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apache-cxf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hornetq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:infinispan\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:infinispan-cachestore-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:infinispan-cachestore-remote\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:infinispan-client-hotrod\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:infinispan-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-appclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-client-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-clustering\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-cmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-configadmin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-connector\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-console\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-controller\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-controller-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-core-security\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-deployment-repository\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-deployment-scanner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-domain-http\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-domain-management\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-ee\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-ee-deployment\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-ejb3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-host-controller\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-jacorb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-jaxr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-jaxrs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-jdr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-jmx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-jpa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-jsf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-jsr77\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-logging\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-mail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-management-client-content\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-messaging\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-modcluster\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-naming\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-osgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-osgi-configadmin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-osgi-service\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-picketlink\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-platform-mbean\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-pojo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-process-controller\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-protocol\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-remoting\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-sar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-security\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-system-jmx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-threads\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-transactions\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-version\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-webservices\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-weld\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-as-xts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ejb-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-hal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-appclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-domain\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-javadocs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-modules-eap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-product-eap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-standalone\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossas-welcome-content-eap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:resteasy\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:0245\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL7\", rpm:\"jbossas-welcome-content-eap\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"JBoss EAP\");\n\n if (rpm_check(release:\"RHEL7\", reference:\"apache-cxf-2.7.18-5.SP4_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"hornetq-2.3.25-18.SP16_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"infinispan-5.2.20-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"infinispan-cachestore-jdbc-5.2.20-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"infinispan-cachestore-remote-5.2.20-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"infinispan-client-hotrod-5.2.20-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"infinispan-core-5.2.20-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-appclient-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-cli-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-client-all-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-clustering-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-cmp-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-configadmin-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-connector-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-console-2.5.15-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-controller-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-controller-client-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-core-security-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-deployment-repository-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-deployment-scanner-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-domain-http-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-domain-management-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-ee-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-ee-deployment-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-ejb3-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-embedded-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-host-controller-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-jacorb-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-jaxr-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-jaxrs-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-jdr-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-jmx-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-jpa-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-jsf-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-jsr77-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-logging-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-mail-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-management-client-content-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-messaging-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-modcluster-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-naming-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-network-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-osgi-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-osgi-configadmin-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-osgi-service-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-picketlink-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-platform-mbean-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-pojo-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-process-controller-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-protocol-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-remoting-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-sar-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-security-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-server-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-system-jmx-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-threads-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-transactions-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-version-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-web-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-webservices-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-weld-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-as-xts-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-ejb-client-1.0.38-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jboss-hal-2.5.15-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jbossas-appclient-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jbossas-bundles-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jbossas-core-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jbossas-domain-7.5.13-5.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jbossas-javadocs-7.5.13-3.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jbossas-modules-eap-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jbossas-product-eap-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jbossas-standalone-7.5.13-5.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jbossas-welcome-content-eap-7.5.13-2.Final_redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jbossweb-7.5.20-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"resteasy-2.3.16-1.Final_redhat_1.1.ep6.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache-cxf / hornetq / infinispan / infinispan-cachestore-jdbc / etc\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:19:25", "description": "An update for jboss-ec2-eap is now available for Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe jboss-ec2-eap package provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services (AWS) Elastic Compute Cloud (EC2).\n\nWith this update, the jboss-ec2-eap package has been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 6.4.12.\n\nSecurity Fix(es) :\n\n* It was discovered that the jboss init script performed unsafe file handling which could result in local privilege escalation.\n(CVE-2016-8656)\n\n* It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own. (CVE-2016-6816)\n\n* An EAP feature to download server log files allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's browser to request the log files consuming enough resources that normal server functioning could be impaired. (CVE-2016-8627)\n\n* It was discovered that when configuring RBAC and marking information as sensitive, users with a Monitor role are able to view the sensitive information. (CVE-2016-7061)\n\nThe CVE-2016-8627 issue was discovered by Darran Lofthouse and Brian Stansberry (Red Hat).", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-02-03T00:00:00", "type": "nessus", "title": "RHEL 6 : jboss-ec2-eap (RHSA-2017:0250)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816", "CVE-2016-7061", "CVE-2016-8627", "CVE-2016-8656"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:jboss-ec2-eap", "p-cpe:/a:redhat:enterprise_linux:jboss-ec2-eap-samples", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2017-0250.NASL", "href": "https://www.tenable.com/plugins/nessus/96973", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:0250. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(96973);\n script_version(\"3.14\");\n script_cvs_date(\"Date: 2019/10/24 15:35:42\");\n\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-7061\", \"CVE-2016-8627\", \"CVE-2016-8656\");\n script_xref(name:\"RHSA\", value:\"2017:0250\");\n\n script_name(english:\"RHEL 6 : jboss-ec2-eap (RHSA-2017:0250)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for jboss-ec2-eap is now available for Red Hat JBoss\nEnterprise Application Platform 6.4 for RHEL 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe jboss-ec2-eap package provide scripts for Red Hat JBoss Enterprise\nApplication Platform running on the Amazon Web Services (AWS) Elastic\nCompute Cloud (EC2).\n\nWith this update, the jboss-ec2-eap package has been updated to ensure\ncompatibility with Red Hat JBoss Enterprise Application Platform\n6.4.12.\n\nSecurity Fix(es) :\n\n* It was discovered that the jboss init script performed unsafe file\nhandling which could result in local privilege escalation.\n(CVE-2016-8656)\n\n* It was discovered that the code that parsed the HTTP request line\npermitted invalid characters. This could be exploited, in conjunction\nwith a proxy that also permitted the invalid characters but with a\ndifferent interpretation, to inject data into the HTTP response. By\nmanipulating the HTTP response the attacker could poison a web-cache,\nperform an XSS attack and/or obtain sensitive information from\nrequests other then their own. (CVE-2016-6816)\n\n* An EAP feature to download server log files allows logs to be\navailable via GET requests making them vulnerable to cross-origin\nattacks. An attacker could trigger the user's browser to request the\nlog files consuming enough resources that normal server functioning\ncould be impaired. (CVE-2016-8627)\n\n* It was discovered that when configuring RBAC and marking information\nas sensitive, users with a Monitor role are able to view the sensitive\ninformation. (CVE-2016-7061)\n\nThe CVE-2016-8627 issue was discovered by Darran Lofthouse and Brian\nStansberry (Red Hat).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/documentation/en-US/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:0250\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6816\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-7061\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-8627\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-8656\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected jboss-ec2-eap and / or jboss-ec2-eap-samples\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ec2-eap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-ec2-eap-samples\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:0250\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-ec2-eap-7.5.13-1.Final_redhat_2.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-ec2-eap-samples-7.5.13-1.Final_redhat_2.ep6.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"jboss-ec2-eap / jboss-ec2-eap-samples\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-08T15:00:42", "description": "An update is now available for Red Hat JBoss Web Server 3 for RHEL 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nRed Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 3.1.0 serves as a replacement for Red Hat JBoss Web Server 3.0.3, and includes enhancements.\n\nSecurity Fix(es) :\n\n* It was reported that the Tomcat init script performed unsafe file handling, which could result in local privilege escalation.\n(CVE-2016-1240)\n\n* It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. (CVE-2016-6325)\n\n* The JmxRemoteLifecycleListener was not updated to take account of Oracle's fix for CVE-2016-3427. JMXRemoteLifecycleListener is only included in EWS 2.x and JWS 3.x source distributions. If you deploy a Tomcat instance built from source, using the EWS 2.x, or JWS 3.x distributions, an attacker could use this flaw to launch a remote code execution attack on your deployed instance. (CVE-2016-8735)\n\n* A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long.\n(CVE-2016-3092)\n\n* It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)\n\n* A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)\n\n* The Realm implementations did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder. (CVE-2016-0762)\n\n* It was discovered that a malicious web application could bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications. (CVE-2016-5018)\n\n* It was discovered that when a SecurityManager is configured Tomcat's system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible. (CVE-2016-6794)\n\n* It was discovered that a malicious web application could bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. (CVE-2016-6796)\n\n* It was discovered that it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not. (CVE-2016-6797)\n\nThe CVE-2016-6325 issue was discovered by Red Hat Product Security.\n\nEnhancement(s) :\n\n* This enhancement update adds the Red Hat JBoss Web Server 3.1.0 packages to Red Hat Enterprise Linux 7. These packages provide a number of enhancements over the previous version of Red Hat JBoss Web Server. (JIRA#JWS-268)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-03-08T00:00:00", "type": "nessus", "title": "RHEL 7 : Red Hat JBoss Web Server 3.1.0 (RHSA-2017:0456)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0762", "CVE-2016-1240", "CVE-2016-3092", "CVE-2016-3427", "CVE-2016-5018", "CVE-2016-6325", "CVE-2016-6794", "CVE-2016-6796", "CVE-2016-6797", "CVE-2016-6816", "CVE-2016-8735", "CVE-2016-8745"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:hibernate4-c3p0-eap6", "p-cpe:/a:redhat:enterprise_linux:hibernate4-core-eap6", "p-cpe:/a:redhat:enterprise_linux:hibernate4-eap6", "p-cpe:/a:redhat:enterprise_linux:hibernate4-entitymanager-eap6", "p-cpe:/a:redhat:enterprise_linux:hibernate4-envers-eap6", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apache-commons-daemon", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apache-commons-daemon-jsvc", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-runtime", "p-cpe:/a:redhat:enterprise_linux:mod_cluster", "p-cpe:/a:redhat:enterprise_linux:mod_cluster-tomcat7", "p-cpe:/a:redhat:enterprise_linux:mod_cluster-tomcat8", "p-cpe:/a:redhat:enterprise_linux:tomcat-native", "p-cpe:/a:redhat:enterprise_linux:tomcat-native-debuginfo", "p-cpe:/a:redhat:enterprise_linux:tomcat-vault", "p-cpe:/a:redhat:enterprise_linux:tomcat7", "p-cpe:/a:redhat:enterprise_linux:tomcat7-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat7-docs-webapp", "p-cpe:/a:redhat:enterprise_linux:tomcat7-el-2.2-api", "p-cpe:/a:redhat:enterprise_linux:tomcat7-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat7-jsp-2.2-api", "p-cpe:/a:redhat:enterprise_linux:tomcat7-jsvc", "p-cpe:/a:redhat:enterprise_linux:tomcat7-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat7-log4j", "p-cpe:/a:redhat:enterprise_linux:tomcat7-selinux", "p-cpe:/a:redhat:enterprise_linux:tomcat7-servlet-3.0-api", "p-cpe:/a:redhat:enterprise_linux:tomcat7-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat8", "p-cpe:/a:redhat:enterprise_linux:tomcat8-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat8-docs-webapp", "p-cpe:/a:redhat:enterprise_linux:tomcat8-el-2.2-api", "p-cpe:/a:redhat:enterprise_linux:tomcat8-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat8-jsp-2.3-api", "p-cpe:/a:redhat:enterprise_linux:tomcat8-jsvc", "p-cpe:/a:redhat:enterprise_linux:tomcat8-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat8-log4j", "p-cpe:/a:redhat:enterprise_linux:tomcat8-selinux", "p-cpe:/a:redhat:enterprise_linux:tomcat8-servlet-3.1-api", "p-cpe:/a:redhat:enterprise_linux:tomcat8-webapps", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2017-0456.NASL", "href": "https://www.tenable.com/plugins/nessus/97596", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:0456. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97596);\n script_version(\"3.11\");\n script_cvs_date(\"Date: 2019/10/24 15:35:42\");\n\n script_cve_id(\"CVE-2016-0762\", \"CVE-2016-1240\", \"CVE-2016-3092\", \"CVE-2016-5018\", \"CVE-2016-6325\", \"CVE-2016-6794\", \"CVE-2016-6796\", \"CVE-2016-6797\", \"CVE-2016-6816\", \"CVE-2016-8735\", \"CVE-2016-8745\");\n script_xref(name:\"RHSA\", value:\"2017:0456\");\n\n script_name(english:\"RHEL 7 : Red Hat JBoss Web Server 3.1.0 (RHSA-2017:0456)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update is now available for Red Hat JBoss Web Server 3 for RHEL 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the\nApache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat\nConnector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and\nthe Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 3.1.0 serves as a replacement\nfor Red Hat JBoss Web Server 3.0.3, and includes enhancements.\n\nSecurity Fix(es) :\n\n* It was reported that the Tomcat init script performed unsafe file\nhandling, which could result in local privilege escalation.\n(CVE-2016-1240)\n\n* It was discovered that the Tomcat packages installed certain\nconfiguration files read by the Tomcat initialization script as\nwriteable to the tomcat group. A member of the group or a malicious\nweb application deployed on Tomcat could use this flaw to escalate\ntheir privileges. (CVE-2016-6325)\n\n* The JmxRemoteLifecycleListener was not updated to take account of\nOracle's fix for CVE-2016-3427. JMXRemoteLifecycleListener is only\nincluded in EWS 2.x and JWS 3.x source distributions. If you deploy a\nTomcat instance built from source, using the EWS 2.x, or JWS 3.x\ndistributions, an attacker could use this flaw to launch a remote code\nexecution attack on your deployed instance. (CVE-2016-8735)\n\n* A denial of service vulnerability was identified in Commons\nFileUpload that occurred when the length of the multipart boundary was\njust below the size of the buffer (4096 bytes) used to read the\nuploaded file if the boundary was the typical tens of bytes long.\n(CVE-2016-3092)\n\n* It was discovered that the code that parsed the HTTP request line\npermitted invalid characters. This could be exploited, in conjunction\nwith a proxy that also permitted the invalid characters but with a\ndifferent interpretation, to inject data into the HTTP response. By\nmanipulating the HTTP response the attacker could poison a web-cache,\nperform an XSS attack, or obtain sensitive information from requests\nother then their own. (CVE-2016-6816)\n\n* A bug was discovered in the error handling of the send file code for\nthe NIO HTTP connector. This led to the current Processor object being\nadded to the Processor cache multiple times allowing information\nleakage between requests including, and not limited to, session ID and\nthe response body. (CVE-2016-8745)\n\n* The Realm implementations did not process the supplied password if\nthe supplied user name did not exist. This made a timing attack\npossible to determine valid user names. Note that the default\nconfiguration includes the LockOutRealm which makes exploitation of\nthis vulnerability harder. (CVE-2016-0762)\n\n* It was discovered that a malicious web application could bypass a\nconfigured SecurityManager via a Tomcat utility method that was\naccessible to web applications. (CVE-2016-5018)\n\n* It was discovered that when a SecurityManager is configured Tomcat's\nsystem property replacement feature for configuration files could be\nused by a malicious web application to bypass the SecurityManager and\nread system properties that should not be visible. (CVE-2016-6794)\n\n* It was discovered that a malicious web application could bypass a\nconfigured SecurityManager via manipulation of the configuration\nparameters for the JSP Servlet. (CVE-2016-6796)\n\n* It was discovered that it was possible for a web application to\naccess any global JNDI resource whether an explicit ResourceLink had\nbeen configured or not. (CVE-2016-6797)\n\nThe CVE-2016-6325 issue was discovered by Red Hat Product Security.\n\nEnhancement(s) :\n\n* This enhancement update adds the Red Hat JBoss Web Server 3.1.0\npackages to Red Hat Enterprise Linux 7. These packages provide a\nnumber of enhancements over the previous version of Red Hat JBoss Web\nServer. (JIRA#JWS-268)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:0456\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0762\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1240\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-3092\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5018\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6325\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6794\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6796\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6797\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6816\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-8735\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-8745\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate4-c3p0-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate4-core-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate4-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate4-entitymanager-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate4-envers-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apache-commons-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apache-commons-daemon-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-runtime\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-tomcat8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-native-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-vault\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-jsp-2.3-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-servlet-3.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:0456\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", reference:\"hibernate4-c3p0-eap6-4.2.23-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"hibernate4-core-eap6-4.2.23-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"hibernate4-eap6-4.2.23-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"hibernate4-entitymanager-eap6-4.2.23-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"hibernate4-envers-eap6-4.2.23-1.Final_redhat_1.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jbcs-httpd24-apache-commons-daemon-1.0.15-1.redhat_2.1.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-apache-commons-daemon-jsvc-1.0.15-17.redhat_2.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1.0.15-17.redhat_2.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jbcs-httpd24-runtime-1-3.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"mod_cluster-1.3.5-2.Final_redhat_2.1.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"mod_cluster-tomcat7-1.3.5-2.Final_redhat_2.1.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"mod_cluster-tomcat8-1.3.5-2.Final_redhat_2.1.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"tomcat-native-1.2.8-9.redhat_9.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"tomcat-native-debuginfo-1.2.8-9.redhat_9.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-vault-1.0.8-9.Final_redhat_2.1.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-7.0.70-16.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-admin-webapps-7.0.70-16.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-docs-webapp-7.0.70-16.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-el-2.2-api-7.0.70-16.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-javadoc-7.0.70-16.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-jsp-2.2-api-7.0.70-16.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-jsvc-7.0.70-16.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-lib-7.0.70-16.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-log4j-7.0.70-16.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-selinux-7.0.70-16.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-servlet-3.0-api-7.0.70-16.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-webapps-7.0.70-16.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat8-8.0.36-17.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat8-admin-webapps-8.0.36-17.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat8-docs-webapp-8.0.36-17.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat8-el-2.2-api-8.0.36-17.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat8-javadoc-8.0.36-17.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat8-jsp-2.3-api-8.0.36-17.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat8-jsvc-8.0.36-17.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat8-lib-8.0.36-17.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat8-log4j-8.0.36-17.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat8-selinux-8.0.36-17.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat8-servlet-3.1-api-8.0.36-17.ep7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat8-webapps-8.0.36-17.ep7.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"hibernate4-c3p0-eap6 / hibernate4-core-eap6 / hibernate4-eap6 / etc\");\n }\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-08T14:59:52", "description": "An update is now available for Red Hat JBoss Web Server 3 for RHEL 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nRed Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 3.1.0 serves as a replacement for Red Hat JBoss Web Server 3.0.3, and includes enhancements.\n\nSecurity Fix(es) :\n\n* It was reported that the Tomcat init script performed unsafe file handling, which could result in local privilege escalation.\n(CVE-2016-1240)\n\n* It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. (CVE-2016-6325)\n\n* The JmxRemoteLifecycleListener was not updated to take account of Oracle's fix for CVE-2016-3427. JMXRemoteLifecycleListener is only included in EWS 2.x and JWS 3.x source distributions. If you deploy a Tomcat instance built from source, using the EWS 2.x, or JWS 3.x distributions, an attacker could use this flaw to launch a remote code execution attack on your deployed instance. (CVE-2016-8735)\n\n* A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long.\n(CVE-2016-3092)\n\n* It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)\n\n* A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)\n\n* The Realm implementations did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder. (CVE-2016-0762)\n\n* It was discovered that a malicious web application could bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications. (CVE-2016-5018)\n\n* It was discovered that when a SecurityManager is configured Tomcat's system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible. (CVE-2016-6794)\n\n* It was discovered that a malicious web application could bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. (CVE-2016-6796)\n\n* It was discovered that it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not. (CVE-2016-6797)\n\nThe CVE-2016-6325 issue was discovered by Red Hat Product Security.\n\nEnhancement(s) :\n\nThis enhancement update adds the Red Hat JBoss Web Server 3.1.0 packages to Red Hat Enterprise Linux 6. These packages provide a number of enhancements over the previous version of Red Hat JBoss Web Server. (JIRA#JWS-267)\n\nUsers of Red Hat JBoss Web Server are advised to upgrade to these updated packages, which add this enhancement.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-03-08T00:00:00", "type": "nessus", "title": "RHEL 6 : Red Hat JBoss Web Server 3.1.0 (RHSA-2017:0455)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0762", "CVE-2016-1240", "CVE-2016-3092", "CVE-2016-3427", "CVE-2016-5018", "CVE-2016-6325", "CVE-2016-6794", "CVE-2016-6796", "CVE-2016-6797", "CVE-2016-6816", "CVE-2016-8735", "CVE-2016-8745"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:hibernate4-c3p0-eap6", "p-cpe:/a:redhat:enterprise_linux:hibernate4-core-eap6", "p-cpe:/a:redhat:enterprise_linux:hibernate4-eap6", "p-cpe:/a:redhat:enterprise_linux:hibernate4-entitymanager-eap6", "p-cpe:/a:redhat:enterprise_linux:hibernate4-envers-eap6", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apache-commons-daemon", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apache-commons-daemon-jsvc", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-runtime", "p-cpe:/a:redhat:enterprise_linux:mod_cluster", "p-cpe:/a:redhat:enterprise_linux:mod_cluster-tomcat7", "p-cpe:/a:redhat:enterprise_linux:mod_cluster-tomcat8", "p-cpe:/a:redhat:enterprise_linux:tomcat-native", "p-cpe:/a:redhat:enterprise_linux:tomcat-native-debuginfo", "p-cpe:/a:redhat:enterprise_linux:tomcat-vault", "p-cpe:/a:redhat:enterprise_linux:tomcat7", "p-cpe:/a:redhat:enterprise_linux:tomcat7-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat7-docs-webapp", "p-cpe:/a:redhat:enterprise_linux:tomcat7-el-2.2-api", "p-cpe:/a:redhat:enterprise_linux:tomcat7-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat7-jsp-2.2-api", "p-cpe:/a:redhat:enterprise_linux:tomcat7-jsvc", "p-cpe:/a:redhat:enterprise_linux:tomcat7-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat7-log4j", "p-cpe:/a:redhat:enterprise_linux:tomcat7-selinux", "p-cpe:/a:redhat:enterprise_linux:tomcat7-servlet-3.0-api", "p-cpe:/a:redhat:enterprise_linux:tomcat7-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat8", "p-cpe:/a:redhat:enterprise_linux:tomcat8-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat8-docs-webapp", "p-cpe:/a:redhat:enterprise_linux:tomcat8-el-2.2-api", "p-cpe:/a:redhat:enterprise_linux:tomcat8-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat8-jsp-2.3-api", "p-cpe:/a:redhat:enterprise_linux:tomcat8-jsvc", "p-cpe:/a:redhat:enterprise_linux:tomcat8-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat8-log4j", "p-cpe:/a:redhat:enterprise_linux:tomcat8-selinux", "p-cpe:/a:redhat:enterprise_linux:tomcat8-servlet-3.1-api", "p-cpe:/a:redhat:enterprise_linux:tomcat8-webapps", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2017-0455.NASL", "href": "https://www.tenable.com/plugins/nessus/97595", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:0455. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97595);\n script_version(\"3.11\");\n script_cvs_date(\"Date: 2019/10/24 15:35:42\");\n\n script_cve_id(\"CVE-2016-0762\", \"CVE-2016-1240\", \"CVE-2016-3092\", \"CVE-2016-5018\", \"CVE-2016-6325\", \"CVE-2016-6794\", \"CVE-2016-6796\", \"CVE-2016-6797\", \"CVE-2016-6816\", \"CVE-2016-8735\", \"CVE-2016-8745\");\n script_xref(name:\"RHSA\", value:\"2017:0455\");\n\n script_name(english:\"RHEL 6 : Red Hat JBoss Web Server 3.1.0 (RHSA-2017:0455)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update is now available for Red Hat JBoss Web Server 3 for RHEL 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the\nApache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat\nConnector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and\nthe Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 3.1.0 serves as a replacement\nfor Red Hat JBoss Web Server 3.0.3, and includes enhancements.\n\nSecurity Fix(es) :\n\n* It was reported that the Tomcat init script performed unsafe file\nhandling, which could result in local privilege escalation.\n(CVE-2016-1240)\n\n* It was discovered that the Tomcat packages installed certain\nconfiguration files read by the Tomcat initialization script as\nwriteable to the tomcat group. A member of the group or a malicious\nweb application deployed on Tomcat could use this flaw to escalate\ntheir privileges. (CVE-2016-6325)\n\n* The JmxRemoteLifecycleListener was not updated to take account of\nOracle's fix for CVE-2016-3427. JMXRemoteLifecycleListener is only\nincluded in EWS 2.x and JWS 3.x source distributions. If you deploy a\nTomcat instance built from source, using the EWS 2.x, or JWS 3.x\ndistributions, an attacker could use this flaw to launch a remote code\nexecution attack on your deployed instance. (CVE-2016-8735)\n\n* A denial of service vulnerability was identified in Commons\nFileUpload that occurred when the length of the multipart boundary was\njust below the size of the buffer (4096 bytes) used to read the\nuploaded file if the boundary was the typical tens of bytes long.\n(CVE-2016-3092)\n\n* It was discovered that the code that parsed the HTTP request line\npermitted invalid characters. This could be exploited, in conjunction\nwith a proxy that also permitted the invalid characters but with a\ndifferent interpretation, to inject data into the HTTP response. By\nmanipulating the HTTP response the attacker could poison a web-cache,\nperform an XSS attack, or obtain sensitive information from requests\nother then their own. (CVE-2016-6816)\n\n* A bug was discovered in the error handling of the send file code for\nthe NIO HTTP connector. This led to the current Processor object being\nadded to the Processor cache multiple times allowing information\nleakage between requests including, and not limited to, session ID and\nthe response body. (CVE-2016-8745)\n\n* The Realm implementations did not process the supplied password if\nthe supplied user name did not exist. This made a timing attack\npossible to determine valid user names. Note that the default\nconfiguration includes the LockOutRealm which makes exploitation of\nthis vulnerability harder. (CVE-2016-0762)\n\n* It was discovered that a malicious web application could bypass a\nconfigured SecurityManager via a Tomcat utility method that was\naccessible to web applications. (CVE-2016-5018)\n\n* It was discovered that when a SecurityManager is configured Tomcat's\nsystem property replacement feature for configuration files could be\nused by a malicious web application to bypass the SecurityManager and\nread system properties that should not be visible. (CVE-2016-6794)\n\n* It was discovered that a malicious web application could bypass a\nconfigured SecurityManager via manipulation of the configuration\nparameters for the JSP Servlet. (CVE-2016-6796)\n\n* It was discovered that it was possible for a web application to\naccess any global JNDI resource whether an explicit ResourceLink had\nbeen configured or not. (CVE-2016-6797)\n\nThe CVE-2016-6325 issue was discovered by Red Hat Product Security.\n\nEnhancement(s) :\n\nThis enhancement update adds the Red Hat JBoss Web Server 3.1.0\npackages to Red Hat Enterprise Linux 6. These packages provide a\nnumber of enhancements over the previous version of Red Hat JBoss Web\nServer. (JIRA#JWS-267)\n\nUsers of Red Hat JBoss Web Server are advised to upgrade to these\nupdated packages, which add this enhancement.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:0455\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0762\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1240\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-3092\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5018\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6325\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6794\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6796\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6797\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6816\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-8735\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-8745\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate4-c3p0-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate4-core-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate4-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate4-entitymanager-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hibernate4-envers-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apache-commons-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apache-commons-daemon-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-runtime\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-tomcat8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-native-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-vault\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-jsp-2.3-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-servlet-3.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat8-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:0455\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"hibernate4-c3p0-eap6-4.2.23-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"hibernate4-core-eap6-4.2.23-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"hibernate4-eap6-4.2.23-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"hibernate4-entitymanager-eap6-4.2.23-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"hibernate4-envers-eap6-4.2.23-1.Final_redhat_1.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbcs-httpd24-apache-commons-daemon-1.0.15-1.redhat_2.1.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-apache-commons-daemon-jsvc-1.0.15-17.redhat_2.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-apache-commons-daemon-jsvc-1.0.15-17.redhat_2.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1.0.15-17.redhat_2.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1.0.15-17.redhat_2.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbcs-httpd24-runtime-1-3.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"mod_cluster-1.3.5-2.Final_redhat_2.1.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"mod_cluster-tomcat7-1.3.5-2.Final_redhat_2.1.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"mod_cluster-tomcat8-1.3.5-2.Final_redhat_2.1.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"tomcat-native-1.2.8-9.redhat_9.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"tomcat-native-1.2.8-9.redhat_9.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"tomcat-native-debuginfo-1.2.8-9.redhat_9.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"tomcat-native-debuginfo-1.2.8-9.redhat_9.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat-vault-1.0.8-9.Final_redhat_2.1.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-7.0.70-16.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-admin-webapps-7.0.70-16.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-docs-webapp-7.0.70-16.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-el-2.2-api-7.0.70-16.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-javadoc-7.0.70-16.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-jsp-2.2-api-7.0.70-16.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-jsvc-7.0.70-16.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-lib-7.0.70-16.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-log4j-7.0.70-16.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-selinux-7.0.70-16.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-servlet-3.0-api-7.0.70-16.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-webapps-7.0.70-16.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat8-8.0.36-17.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat8-admin-webapps-8.0.36-17.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat8-docs-webapp-8.0.36-17.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat8-el-2.2-api-8.0.36-17.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat8-javadoc-8.0.36-17.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat8-jsp-2.3-api-8.0.36-17.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat8-jsvc-8.0.36-17.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat8-lib-8.0.36-17.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat8-log4j-8.0.36-17.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat8-selinux-8.0.36-17.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat8-servlet-3.1-api-8.0.36-17.ep7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat8-webapps-8.0.36-17.ep7.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"hibernate4-c3p0-eap6 / hibernate4-core-eap6 / hibernate4-eap6 / etc\");\n }\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T12:39:04", "description": "This update for Tomcat provides the following fixes :\n\nFeature changes :\n\nThe embedded Apache Commons DBCP component was updated to version 2.0.\n(bsc#1010893 fate#321029)\n\nSecurity fixes :\n\n - CVE-2016-0762: Realm Timing Attack (bsc#1007854)\n\n - CVE-2016-5018: Security Manager Bypass (bsc#1007855)\n\n - CVE-2016-6794: System Property Disclosure (bsc#1007857)\n\n - CVE-2016-6796: Manager Bypass (bsc#1007858)\n\n - CVE-2016-6797: Unrestricted Access to Global Resources (bsc#1007853)\n\n - CVE-2016-8735: Remote code execution vulnerability in JmxRemoteLifecycleListener (bsc#1011805)\n\n - CVE-2016-6816: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests (bsc#1011812)\n\nBugs fixed :\n\n - Fixed StringIndexOutOfBoundsException in WebAppClassLoaderBase.filter(). (bsc#974407)\n\n - Fixed a deployment error in the examples webapp by changing the context.xml format to the new one introduced by Tomcat 8. (bsc#1004728)\n\n - Enabled optional setenv.sh script. See section '(3.4) Using the 'setenv' script' in http://tomcat.apache.org/tomcat-8.0-doc/RUNNING.txt.\n (bsc#1002639)\n\n - Fixed regression caused by CVE-2016-6816.\n\nThis update supplies the new packages apache-commons-pool2 and apache-commons-dbcp in version 2 to allow tomcat to use the DBCP 2.0 interface.\n\nThis update was imported from the SUSE:SLE-12-SP1:Update update project.", "cvss3": {}, "published": "2016-12-14T00:00:00", "type": "nessus", "title": "openSUSE Security Update : tomcat (openSUSE-2016-1455)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0762", "CVE-2016-5018", "CVE-2016-6794", "CVE-2016-6796", "CVE-2016-6797", "CVE-2016-6816", "CVE-2016-8735"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:apache-commons-dbcp", "p-cpe:/a:novell:opensuse:apache-commons-dbcp-javadoc", "p-cpe:/a:novell:opensuse:apache-commons-pool2", "p-cpe:/a:novell:opensuse:apache-commons-pool2-javadoc", "p-cpe:/a:novell:opensuse:tomcat", "p-cpe:/a:novell:opensuse:tomcat-admin-webapps", "p-cpe:/a:novell:opensuse:tomcat-docs-webapp", "p-cpe:/a:novell:opensuse:tomcat-el-3_0-api", "p-cpe:/a:novell:opensuse:tomcat-embed", "p-cpe:/a:novell:opensuse:tomcat-javadoc", "p-cpe:/a:novell:opensuse:tomcat-jsp-2_3-api", "p-cpe:/a:novell:opensuse:tomcat-jsvc", "p-cpe:/a:novell:opensuse:tomcat-lib", "p-cpe:/a:novell:opensuse:tomcat-servlet-3_1-api", "p-cpe:/a:novell:opensuse:tomcat-webapps", "cpe:/o:novell:opensuse:42.1"], "id": "OPENSUSE-2016-1455.NASL", "href": "https://www.tenable.com/plugins/nessus/95790", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1455.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95790);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-0762\", \"CVE-2016-5018\", \"CVE-2016-6794\", \"CVE-2016-6796\", \"CVE-2016-6797\", \"CVE-2016-6816\", \"CVE-2016-8735\");\n\n script_name(english:\"openSUSE Security Update : tomcat (openSUSE-2016-1455)\");\n script_summary(english:\"Check for the openSUSE-2016-1455 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for Tomcat provides the following fixes :\n\nFeature changes :\n\nThe embedded Apache Commons DBCP component was updated to version 2.0.\n(bsc#1010893 fate#321029)\n\nSecurity fixes :\n\n - CVE-2016-0762: Realm Timing Attack (bsc#1007854)\n\n - CVE-2016-5018: Security Manager Bypass (bsc#1007855)\n\n - CVE-2016-6794: System Property Disclosure (bsc#1007857)\n\n - CVE-2016-6796: Manager Bypass (bsc#1007858)\n\n - CVE-2016-6797: Unrestricted Access to Global Resources\n (bsc#1007853)\n\n - CVE-2016-8735: Remote code execution vulnerability in\n JmxRemoteLifecycleListener (bsc#1011805)\n\n - CVE-2016-6816: HTTP Request smuggling vulnerability due\n to permitting invalid character in HTTP requests\n (bsc#1011812)\n\nBugs fixed :\n\n - Fixed StringIndexOutOfBoundsException in\n WebAppClassLoaderBase.filter(). (bsc#974407)\n\n - Fixed a deployment error in the examples webapp by\n changing the context.xml format to the new one\n introduced by Tomcat 8. (bsc#1004728)\n\n - Enabled optional setenv.sh script. See section '(3.4)\n Using the 'setenv' script' in\n http://tomcat.apache.org/tomcat-8.0-doc/RUNNING.txt.\n (bsc#1002639)\n\n - Fixed regression caused by CVE-2016-6816.\n\nThis update supplies the new packages apache-commons-pool2 and\napache-commons-dbcp in version 2 to allow tomcat to use the DBCP 2.0\ninterface.\n\nThis update was imported from the SUSE:SLE-12-SP1:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://tomcat.apache.org/tomcat-8.0-doc/RUNNING.txt.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1002639\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1004728\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007853\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007854\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007855\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007857\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007858\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010893\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1011805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1011812\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=974407\"\n );\n # https://features.opensuse.org/321029\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://features.opensuse.org/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache-commons-dbcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache-commons-dbcp-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache-commons-pool2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache-commons-pool2-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-el-3_0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-embed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-jsp-2_3-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-servlet-3_1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"apache-commons-dbcp-2.1.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"apache-commons-dbcp-javadoc-2.1.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"apache-commons-pool2-2.4.2-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"apache-commons-pool2-javadoc-2.4.2-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"tomcat-8.0.32-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"tomcat-admin-webapps-8.0.32-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"tomcat-docs-webapp-8.0.32-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"tomcat-el-3_0-api-8.0.32-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"tomcat-embed-8.0.32-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"tomcat-javadoc-8.0.32-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"tomcat-jsp-2_3-api-8.0.32-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"tomcat-jsvc-8.0.32-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"tomcat-lib-8.0.32-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"tomcat-servlet-3_1-api-8.0.32-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"tomcat-webapps-8.0.32-11.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache-commons-dbcp / apache-commons-dbcp-javadoc / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:39:04", "description": "This update for tomcat fixes the following issues :\n\nFeature changes :\n\nThe embedded Apache Commons DBCP component was updated to version 2.0.\n(bsc#1010893 fate#321029)\n\nSecurity fixes :\n\n - CVE-2016-0762: Realm Timing Attack (bsc#1007854)\n\n - CVE-2016-5018: Security Manager Bypass (bsc#1007855)\n\n - CVE-2016-6794: System Property Disclosure (bsc#1007857)\n\n - CVE-2016-6796: Security Manager Bypass (bsc#1007858)\n\n - CVE-2016-6797: Unrestricted Access to Global Resources (bsc#1007853)\n\n - CVE-2016-8735: Remote code execution vulnerability in JmxRemoteLifecycleListener (bsc#1011805)\n\n - CVE-2016-6816: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests (bsc#1011812)\n\nBug fixes :\n\n - Enabled optional setenv.sh script. See section '(3.4) Using the 'setenv' script' in http://tomcat.apache.org/tomcat-8.0-doc/RUNNING.txt.\n (bsc#1002639)\n\nThis update supplies the new packages apache-commons-pool2 and apache-commons-dbcp in version 2 to allow tomcat to use the DBCP 2.0 interface.\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update project.", "cvss3": {}, "published": "2016-12-14T00:00:00", "type": "nessus", "title": "openSUSE Security Update : tomcat (openSUSE-2016-1456)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0762", "CVE-2016-5018", "CVE-2016-6794", "CVE-2016-6796", "CVE-2016-6797", "CVE-2016-6816", "CVE-2016-8735"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:apache-commons-dbcp", "p-cpe:/a:novell:opensuse:apache-commons-dbcp-javadoc", "p-cpe:/a:novell:opensuse:apache-commons-pool2", "p-cpe:/a:novell:opensuse:apache-commons-pool2-javadoc", "p-cpe:/a:novell:opensuse:tomcat", "p-cpe:/a:novell:opensuse:tomcat-admin-webapps", "p-cpe:/a:novell:opensuse:tomcat-docs-webapp", "p-cpe:/a:novell:opensuse:tomcat-el-3_0-api", "p-cpe:/a:novell:opensuse:tomcat-embed", "p-cpe:/a:novell:opensuse:tomcat-javadoc", "p-cpe:/a:novell:opensuse:tomcat-jsp-2_3-api", "p-cpe:/a:novell:opensuse:tomcat-jsvc", "p-cpe:/a:novell:opensuse:tomcat-lib", "p-cpe:/a:novell:opensuse:tomcat-servlet-3_1-api", "p-cpe:/a:novell:opensuse:tomcat-webapps", "cpe:/o:novell:opensuse:42.2"], "id": "OPENSUSE-2016-1456.NASL", "href": "https://www.tenable.com/plugins/nessus/95791", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1456.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95791);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-0762\", \"CVE-2016-5018\", \"CVE-2016-6794\", \"CVE-2016-6796\", \"CVE-2016-6797\", \"CVE-2016-6816\", \"CVE-2016-8735\");\n\n script_name(english:\"openSUSE Security Update : tomcat (openSUSE-2016-1456)\");\n script_summary(english:\"Check for the openSUSE-2016-1456 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for tomcat fixes the following issues :\n\nFeature changes :\n\nThe embedded Apache Commons DBCP component was updated to version 2.0.\n(bsc#1010893 fate#321029)\n\nSecurity fixes :\n\n - CVE-2016-0762: Realm Timing Attack (bsc#1007854)\n\n - CVE-2016-5018: Security Manager Bypass (bsc#1007855)\n\n - CVE-2016-6794: System Property Disclosure (bsc#1007857)\n\n - CVE-2016-6796: Security Manager Bypass (bsc#1007858)\n\n - CVE-2016-6797: Unrestricted Access to Global Resources\n (bsc#1007853)\n\n - CVE-2016-8735: Remote code execution vulnerability in\n JmxRemoteLifecycleListener (bsc#1011805)\n\n - CVE-2016-6816: HTTP Request smuggling vulnerability due\n to permitting invalid character in HTTP requests\n (bsc#1011812)\n\nBug fixes :\n\n - Enabled optional setenv.sh script. See section '(3.4)\n Using the 'setenv' script' in\n http://tomcat.apache.org/tomcat-8.0-doc/RUNNING.txt.\n (bsc#1002639)\n\nThis update supplies the new packages apache-commons-pool2 and\napache-commons-dbcp in version 2 to allow tomcat to use the DBCP 2.0\ninterface.\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://tomcat.apache.org/tomcat-8.0-doc/RUNNING.txt.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1002639\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007853\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007854\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007855\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007857\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007858\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010893\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1011805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1011812\"\n );\n # https://features.opensuse.org/321029\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://features.opensuse.org/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache-commons-dbcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache-commons-dbcp-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache-commons-pool2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache-commons-pool2-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-el-3_0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-embed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-jsp-2_3-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-servlet-3_1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"apache-commons-dbcp-2.1.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"apache-commons-dbcp-javadoc-2.1.1-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"apache-commons-pool2-2.4.2-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"apache-commons-pool2-javadoc-2.4.2-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"tomcat-8.0.36-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"tomcat-admin-webapps-8.0.36-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"tomcat-docs-webapp-8.0.36-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"tomcat-el-3_0-api-8.0.36-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"tomcat-embed-8.0.36-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"tomcat-javadoc-8.0.36-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"tomcat-jsp-2_3-api-8.0.36-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"tomcat-jsvc-8.0.36-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"tomcat-lib-8.0.36-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"tomcat-servlet-3_1-api-8.0.36-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"tomcat-webapps-8.0.36-4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache-commons-dbcp / apache-commons-dbcp-javadoc / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:38:49", "description": "Multiple security vulnerabilities have been discovered in the Tomcat servlet and JSP engine, which may result in possible timing attacks to determine valid user names, bypass of the SecurityManager, disclosure of system properties, unrestricted access to global resources, arbitrary file overwrites, and potentially escalation of privileges.\n\nIn addition this update further hardens Tomcat's init and maintainer scripts to prevent possible privilege escalations. Thanks to Paul Szabo for the report.\n\nThis is probably the last security update of Tomcat 6 which will reach its end-of-life exactly in one month. We strongly recommend to switch to another supported version such as Tomcat 7 at your earliest convenience.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 6.0.45+dfsg-1~deb7u3.\n\nWe recommend that you upgrade your tomcat6 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-12-02T00:00:00", "type": "nessus", "title": "Debian DLA-728-1 : tomcat6 security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0762", "CVE-2016-5018", "CVE-2016-6794", "CVE-2016-6796", "CVE-2016-6797", "CVE-2016-6816", "CVE-2016-8735"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libservlet2.4-java", "p-cpe:/a:debian:debian_linux:libservlet2.5-java", "p-cpe:/a:debian:debian_linux:libservlet2.5-java-doc", "p-cpe:/a:debian:debian_linux:libtomcat6-java", "p-cpe:/a:debian:debian_linux:tomcat6", "p-cpe:/a:debian:debian_linux:tomcat6-admin", "p-cpe:/a:debian:debian_linux:tomcat6-common", "p-cpe:/a:debian:debian_linux:tomcat6-docs", "p-cpe:/a:debian:debian_linux:tomcat6-examples", "p-cpe:/a:debian:debian_linux:tomcat6-extras", "p-cpe:/a:debian:debian_linux:tomcat6-user", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-728.NASL", "href": "https://www.tenable.com/plugins/nessus/95454", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-728-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95454);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-0762\", \"CVE-2016-5018\", \"CVE-2016-6794\", \"CVE-2016-6796\", \"CVE-2016-6797\", \"CVE-2016-6816\", \"CVE-2016-8735\");\n\n script_name(english:\"Debian DLA-728-1 : tomcat6 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security vulnerabilities have been discovered in the Tomcat\nservlet and JSP engine, which may result in possible timing attacks to\ndetermine valid user names, bypass of the SecurityManager, disclosure\nof system properties, unrestricted access to global resources,\narbitrary file overwrites, and potentially escalation of privileges.\n\nIn addition this update further hardens Tomcat's init and maintainer\nscripts to prevent possible privilege escalations. Thanks to Paul\nSzabo for the report.\n\nThis is probably the last security update of Tomcat 6 which will reach\nits end-of-life exactly in one month. We strongly recommend to switch\nto another supported version such as Tomcat 7 at your earliest\nconvenience.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n6.0.45+dfsg-1~deb7u3.\n\nWe recommend that you upgrade your tomcat6 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2016/12/msg00001.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/tomcat6\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libservlet2.4-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libservlet2.5-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libservlet2.5-java-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libtomcat6-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat6-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat6-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat6-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat6-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat6-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat6-user\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libservlet2.4-java\", reference:\"6.0.45+dfsg-1~deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libservlet2.5-java\", reference:\"6.0.45+dfsg-1~deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libservlet2.5-java-doc\", reference:\"6.0.45+dfsg-1~deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libtomcat6-java\", reference:\"6.0.45+dfsg-1~deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat6\", reference:\"6.0.45+dfsg-1~deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat6-admin\", reference:\"6.0.45+dfsg-1~deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat6-common\", reference:\"6.0.45+dfsg-1~deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat6-docs\", reference:\"6.0.45+dfsg-1~deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat6-examples\", reference:\"6.0.45+dfsg-1~deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat6-extras\", reference:\"6.0.45+dfsg-1~deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat6-user\", reference:\"6.0.45+dfsg-1~deb7u3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-01T16:40:39", "description": "Multiple security vulnerabilities have been discovered in the Tomcat servlet and JSP engine, which may result in possible timing attacks to determine valid user names, bypass of the SecurityManager, disclosure of system properties, unrestricted access to global resources, arbitrary file overwrites, and potentially escalation of privileges.\n\nIn addition this update further hardens Tomcat's init and maintainer scripts to prevent possible privilege escalations. Thanks to Paul Szabo for the report.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 7.0.28-4+deb7u7.\n\nWe recommend that you upgrade your tomcat7 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-12-02T00:00:00", "type": "nessus", "title": "Debian DLA-729-1 : tomcat7 security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0762", "CVE-2016-5018", "CVE-2016-6794", "CVE-2016-6796", "CVE-2016-6797", "CVE-2016-6816", "CVE-2016-8735"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libservlet3.0-java", "p-cpe:/a:debian:debian_linux:libservlet3.0-java-doc", "p-cpe:/a:debian:debian_linux:libtomcat7-java", "p-cpe:/a:debian:debian_linux:tomcat7", "p-cpe:/a:debian:debian_linux:tomcat7-admin", "p-cpe:/a:debian:debian_linux:tomcat7-common", "p-cpe:/a:debian:debian_linux:tomcat7-docs", "p-cpe:/a:debian:debian_linux:tomcat7-examples", "p-cpe:/a:debian:debian_linux:tomcat7-user", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-729.NASL", "href": "https://www.tenable.com/plugins/nessus/95455", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-729-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95455);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-0762\", \"CVE-2016-5018\", \"CVE-2016-6794\", \"CVE-2016-6796\", \"CVE-2016-6797\", \"CVE-2016-6816\", \"CVE-2016-8735\");\n\n script_name(english:\"Debian DLA-729-1 : tomcat7 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security vulnerabilities have been discovered in the Tomcat\nservlet and JSP engine, which may result in possible timing attacks to\ndetermine valid user names, bypass of the SecurityManager, disclosure\nof system properties, unrestricted access to global resources,\narbitrary file overwrites, and potentially escalation of privileges.\n\nIn addition this update further hardens Tomcat's init and maintainer\nscripts to prevent possible privilege escalations. Thanks to Paul\nSzabo for the report.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n7.0.28-4+deb7u7.\n\nWe recommend that you upgrade your tomcat7 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2016/12/msg00002.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/tomcat7\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libservlet3.0-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libservlet3.0-java-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libtomcat7-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat7-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat7-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat7-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat7-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat7-user\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libservlet3.0-java\", reference:\"7.0.28-4+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libservlet3.0-java-doc\", reference:\"7.0.28-4+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libtomcat7-java\", reference:\"7.0.28-4+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat7\", reference:\"7.0.28-4+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat7-admin\", reference:\"7.0.28-4+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat7-common\", reference:\"7.0.28-4+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat7-docs\", reference:\"7.0.28-4+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat7-examples\", reference:\"7.0.28-4+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat7-user\", reference:\"7.0.28-4+deb7u7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2021-07-30T06:24:32", "description": "[0:6.0.24-105]\n- Related: rhbz#1402664 CVE-2016-6816 Adding system property from asfbz-60594 to allow use of some un-encoded characters\n- Related: rhbz#1402664 CVE-2016-6816 Resolving a security regression (2017-6056) caused by CVE-2016-6816\n[0:6.0.24-104]\n- Related: rhbz#1402664 build. reverting ExcludeArch to fix composes\n[0:6.0.24-102]\n- Resolves: rhbz#1413589 CVE-2016-8745 tomcat6: tomcat: information disclosure due to incorrect Processor sharing\n- Resolves: rhbz#1402664 CVE-2016-6816 tomcat6: tomcat: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-03-15T00:00:00", "type": "oraclelinux", "title": "tomcat6 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816", "CVE-2016-8745"], "modified": "2017-03-15T00:00:00", "id": "ELSA-2017-0527", "href": "http://linux.oracle.com/errata/ELSA-2017-0527.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-30T06:24:30", "description": "[0:7.0.69-11]\n- Resolves: rhbz#1413591 CVE-2016-8745 tomcat: information disclosure due to incorrect Processor sharing\n- Resolves: rhbz#1402662 CVE-2016-6816 tomcat: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-04-12T00:00:00", "type": "oraclelinux", "title": "tomcat security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816", "CVE-2016-8745"], "modified": "2017-04-12T00:00:00", "id": "ELSA-2017-0935", "href": "http://linux.oracle.com/errata/ELSA-2017-0935.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2021-10-19T18:38:26", "description": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n* It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request error when request contains characters that are not permitted by the HTTP specification to appear not encoded, even though they were previously accepted. The newly introduced system property tomcat.util.http.parser.HttpParser.requestTargetAllow can be used to configure Tomcat to accept curly braces ({ and }) and the pipe symbol (|) in not encoded form, as these are often used in URLs without being properly encoded. \n\n* A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-03-15T12:06:21", "type": "redhat", "title": "(RHSA-2017:0527) Moderate: tomcat6 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816", "CVE-2016-8745"], "modified": "2018-06-06T16:24:17", "id": "RHSA-2017:0527", "href": "https://access.redhat.com/errata/RHSA-2017:0527", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-21T04:45:37", "description": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n* It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request error when request contains characters that are not permitted by the HTTP specification to appear not encoded, even though they were previously accepted. The newly introduced system property tomcat.util.http.parser.HttpParser.requestTargetAllow can be used to configure Tomcat to accept curly braces ({ and }) and the pipe symbol (|) in not encoded form, as these are often used in URLs without being properly encoded. \n\n* A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-04-12T13:36:04", "type": "redhat", "title": "(RHSA-2017:0935) Moderate: tomcat security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816", "CVE-2016-8745"], "modified": "2018-04-11T23:33:04", "id": "RHSA-2017:0935", "href": "https://access.redhat.com/errata/RHSA-2017:0935", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-21T04:46:08", "description": "Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7.\n\nThis release of Red Hat JBoss Enterprise Application Platform 6.4.13 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.12, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* It was discovered that the jboss init script performed unsafe file handling which could result in local privilege escalation. (CVE-2016-8656)\n\n* It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own. (CVE-2016-6816)\n\n* An EAP feature to download server log files allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's browser to request the log files consuming enough resources that normal server functioning could be impaired. (CVE-2016-8627)\n\n* It was discovered that when configuring RBAC and marking information as sensitive, users with a Monitor role are able to view the sensitive information. (CVE-2016-7061)\n\nThe CVE-2016-8627 issue was discovered by Darran Lofthouse and Brian Stansberry (Red Hat).", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-02-02T20:16:32", "type": "redhat", "title": "(RHSA-2017:0246) Important: Red Hat JBoss Enterprise Application Platform security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816", "CVE-2016-7061", "CVE-2016-8627", "CVE-2016-8656"], "modified": "2017-02-02T20:22:42", "id": "RHSA-2017:0246", "href": "https://access.redhat.com/errata/RHSA-2017:0246", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-19T20:35:40", "description": "The jboss-ec2-eap package provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services (AWS) Elastic Compute Cloud (EC2).\n\nWith this update, the jboss-ec2-eap package has been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 6.4.12.\n\nSecurity Fix(es):\n\n* It was discovered that the jboss init script performed unsafe file handling which could result in local privilege escalation. (CVE-2016-8656)\n\n* It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own. (CVE-2016-6816)\n\n* An EAP feature to download server log files allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's browser to request the log files consuming enough resources that normal server functioning could be impaired. (CVE-2016-8627)\n\n* It was discovered that when configuring RBAC and marking information as sensitive, users with a Monitor role are able to view the sensitive information. (CVE-2016-7061)\n\nThe CVE-2016-8627 issue was discovered by Darran Lofthouse and Brian Stansberry (Red Hat).", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-02-02T20:54:34", "type": "redhat", "title": "(RHSA-2017:0250) Important: jboss-ec2-eap security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816", "CVE-2016-7061", "CVE-2016-8627", "CVE-2016-8656"], "modified": "2018-06-06T22:39:04", "id": "RHSA-2017:0250", "href": "https://access.redhat.com/errata/RHSA-2017:0250", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-21T04:43:53", "description": "Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7.\n\nThis release of Red Hat JBoss Enterprise Application Platform 6.4.13 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.12, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* It was discovered that the jboss init script performed unsafe file handling which could result in local privilege escalation. (CVE-2016-8656)\n\n* It was discovered that the code that parsed the HTTP request line permitted invalid charact
tomcat7 - security update
