(RHSA-2015:0765) Important: Red Hat JBoss Data Virtualization 6.0.0 security update

2015-03-31T16:57:22

Description

Red Hat JBoss Data Virtualization is a lean data integration solution that provides easy, real-time, and unified data access across disparate sources to multiple applications and users. JBoss Data Virtualization makes data spread across physically distinct systems-such as multiple databases, XML files, and even Hadoop systems-appear as a set of tables in a local database. This roll up patch serves as a cumulative upgrade for Red Hat JBoss Data Virtualization 6.0.0. It includes various bug fixes, which are listed in the README file included with the patch files. The following security issues are also fixed with this release, descriptions of which can be found on the respective CVE pages linked in the References section. CVE-2012-6153 Apache HttpComponents client: SSL hostname verification bypass, incomplete CVE-2012-5783 fix CVE-2014-3577 Apache HttpComponents client: SSL hostname verification bypass, incomplete CVE-2012-6153 fix CVE-2014-3530 PicketLink: XXE via insecure DocumentBuilderFactory usage CVE-2013-4002 Xerces-J2 OpenJDK: XML parsing Denial of Service (JAXP, 8017298) CVE-2013-5855 Mojarra JSF: XSS due to insufficient escaping of user-supplied content in outputText tags and EL expressions CVE-2014-0075 Tomcat/JBossWeb: Limited DoS in chunked transfer encoding input filter CVE-2014-0099 Tomcat/JBossWeb: Request smuggling via malicious content length header CVE-2014-3481 JBoss AS JAX-RS: Information disclosure via XML eXternal Entity (XXE) CVE-2014-3490 RESTEasy: XXE via parameter entities CVE-2014-0096 Tomcat/JBossWeb: XXE vulnerability via user supplied XSLTs CVE-2014-0119 Tomcat/JBossWeb: XML parser hijack by malicious web application CVE-2014-0193 netty: DoS via memory exhaustion during data aggregation CVE-2014-0227 Tomcat/JBossWeb: Limited DoS in chunked transfer encoding input filter Red Hat would like to thank James Roper of Typesafe for reporting CVE-2014-0193, and Alexander Papadakis for reporting CVE-2014-3530. The CVE-2012-6153 issue was discovered by Florian Weimer of Red Hat Product Security, the CVE-2014-0075 and CVE-2014-3490 issues were discovered by David Jorm of Red Hat Product Security, and the CVE-2014-3481 issue was discovered by the Red Hat JBoss Enterprise Application Platform QE team. All users of Red Hat JBoss Data Virtualization 6.0.0 as provided from the Red Hat Customer Portal are advised to apply this roll up patch.

{"id": "RHSA-2015:0765", "vendorId": null, "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2015:0765) Important: Red Hat JBoss Data Virtualization 6.0.0 security update", "description": "Red Hat JBoss Data Virtualization is a lean data integration solution that\nprovides easy, real-time, and unified data access across disparate sources\nto multiple applications and users. JBoss Data Virtualization makes data\nspread across physically distinct systems-such as multiple databases, XML\nfiles, and even Hadoop systems-appear as a set of tables in a local\ndatabase.\n\nThis roll up patch serves as a cumulative upgrade for Red Hat JBoss Data\nVirtualization 6.0.0. It includes various bug fixes, which are listed in\nthe README file included with the patch files.\n\nThe following security issues are also fixed with this release,\ndescriptions of which can be found on the respective CVE pages linked in\nthe References section.\n\nCVE-2012-6153 Apache HttpComponents client: SSL hostname verification\nbypass, incomplete CVE-2012-5783 fix\n\nCVE-2014-3577 Apache HttpComponents client: SSL hostname verification\nbypass, incomplete CVE-2012-6153 fix\n\nCVE-2014-3530 PicketLink: XXE via insecure DocumentBuilderFactory usage\n\nCVE-2013-4002 Xerces-J2 OpenJDK: XML parsing Denial of Service (JAXP,\n8017298)\n\nCVE-2013-5855 Mojarra JSF: XSS due to insufficient escaping of\nuser-supplied content in outputText tags and EL expressions\n\nCVE-2014-0075 Tomcat/JBossWeb: Limited DoS in chunked transfer encoding\ninput filter\n\nCVE-2014-0099 Tomcat/JBossWeb: Request smuggling via malicious content\nlength header\n\nCVE-2014-3481 JBoss AS JAX-RS: Information disclosure via XML eXternal\nEntity (XXE)\n\nCVE-2014-3490 RESTEasy: XXE via parameter entities\n\nCVE-2014-0096 Tomcat/JBossWeb: XXE vulnerability via user supplied XSLTs\n\nCVE-2014-0119 Tomcat/JBossWeb: XML parser hijack by malicious web\napplication\n\nCVE-2014-0193 netty: DoS via memory exhaustion during data aggregation\n\nCVE-2014-0227 Tomcat/JBossWeb: Limited DoS in chunked transfer encoding input filter \n\nRed Hat would like to thank James Roper of Typesafe for reporting\nCVE-2014-0193, and Alexander Papadakis for reporting CVE-2014-3530.\nThe CVE-2012-6153 issue was discovered by Florian Weimer of Red Hat Product\nSecurity, the CVE-2014-0075 and CVE-2014-3490 issues were discovered by\nDavid Jorm of Red Hat Product Security, and the CVE-2014-3481 issue was\ndiscovered by the Red Hat JBoss Enterprise Application Platform QE team.\n\nAll users of Red Hat JBoss Data Virtualization 6.0.0 as provided from the\nRed Hat Customer Portal are advised to apply this roll up patch.", "published": "2015-03-31T16:57:22", "modified": "2019-02-20T12:21:42", "epss": [{"cve": "CVE-2012-5783", "epss": 0.00238, "percentile": 0.60409, "modified": "2023-05-24"}, {"cve": "CVE-2012-6153", "epss": 0.00154, "percentile": 0.50461, "modified": "2023-05-25"}, {"cve": "CVE-2013-4002", "epss": 0.01104, "percentile": 0.82358, "modified": "2023-05-25"}, {"cve": "CVE-2013-5855", "epss": 0.00421, "percentile": 0.70501, "modified": "2023-05-25"}, {"cve": "CVE-2014-0075", "epss": 0.03372, "percentile": 0.89985, "modified": "2023-05-25"}, {"cve": "CVE-2014-0096", "epss": 0.00129, "percentile": 0.46362, "modified": "2023-05-25"}, {"cve": "CVE-2014-0099", "epss": 0.00472, "percentile": 0.72099, "modified": "2023-05-25"}, {"cve": "CVE-2014-0119", "epss": 0.00162, "percentile": 0.51573, "modified": "2023-05-25"}, {"cve": "CVE-2014-0193", "epss": 0.06425, "percentile": 0.92579, "modified": "2023-05-25"}, {"cve": "CVE-2014-0227", "epss": 0.95368, "percentile": 0.99007, "modified": "2023-05-25"}, {"cve": "CVE-2014-3481", "epss": 0.00759, "percentile": 0.78519, "modified": "2023-05-25"}, {"cve": "CVE-2014-3490", "epss": 0.01322, "percentile": 0.83982, "modified": "2023-05-25"}, {"cve": "CVE-2014-3530", "epss": 0.00963, "percentile": 0.81075, "modified": "2023-05-25"}, {"cve": "CVE-2014-3577", "epss": 0.00392, "percentile": 0.69466, "modified": "2023-05-25"}], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 7.5}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {}, "href": "https://access.redhat.com/errata/RHSA-2015:0765", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2012-5783", "CVE-2012-6153", "CVE-2013-4002", "CVE-2013-5855", "CVE-2014-0075", "CVE-2014-0096", "CVE-2014-0099", "CVE-2014-0119", "CVE-2014-0193", "CVE-2014-0227", "CVE-2014-3481", "CVE-2014-3490", "CVE-2014-3530", "CVE-2014-3577"], "immutableFields": [], "lastseen": "2023-05-26T10:21:29", "viewCount": 8, "enchantments": {"score": {"value": 7.4, "vector": "NONE"}, "dependencies": {"references": [{"type": "amazon", "idList": ["ALAS-2013-169", "ALAS-2013-235", "ALAS-2013-246", "ALAS-2014-410", "ALAS-2014-436", "ALAS-2015-525", "ALAS-2015-526", "ALAS-2015-527"]}, {"type": "atlassian", "idList": ["ATLASSIAN:CONF-37991", "ATLASSIAN:CONFSERVER-37991", "ATLASSIAN:CWD-4355", "CWD-4355"]}, {"type": "centos", "idList": ["CESA-2013:0270", "CESA-2013:1447", "CESA-2013:1451", "CESA-2013:1505", "CESA-2014:0865", "CESA-2014:1011", "CESA-2014:1034", "CESA-2014:1038", "CESA-2014:1146", "CESA-2014:1166", "CESA-2014:1319", "CESA-2015:0983", "CESA-2015:0991"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2014-1901", "CPAI-2015-0210"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:390173E5A22BDA87FAB841184E06944D"]}, {"type": "cve", "idList": ["CVE-2012-5783", "CVE-2012-6153", "CVE-2013-4002", "CVE-2013-5855", "CVE-2014-0075", "CVE-2014-0096", "CVE-2014-0099", "CVE-2014-0119", "CVE-2014-0193", "CVE-2014-0227", "CVE-2014-3481", "CVE-2014-3490", "CVE-2014-3530", "CVE-2014-3577", "CVE-2017-1000396", "CVE-2017-1000397", "CVE-2017-1000402"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2110-1:96368", "DEBIAN:DLA-222-1:38FAF", "DEBIAN:DLA-232-1:8CB78", "DEBIAN:DSA-3447-1:BF5C1", "DEBIAN:DSA-3447-1:CE269", "DEBIAN:DSA-3530-1:6A530", "DEBIAN:DSA-3552-1:E23CF"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2012-5783", "DEBIANCVE:CVE-2012-6153", "DEBIANCVE:CVE-2013-5855", "DEBIANCVE:CVE-2014-0075", "DEBIANCVE:CVE-2014-0096", "DEBIANCVE:CVE-2014-0099", "DEBIANCVE:CVE-2014-0119", "DEBIANCVE:CVE-2014-0193", "DEBIANCVE:CVE-2014-0227", "DEBIANCVE:CVE-2014-3577"]}, {"type": "f5", "idList": ["F5:K15364328", "F5:K15432", "F5:K16344", "F5:K16872", "SOL15364328", "SOL15426", "SOL15428", "SOL15429", "SOL15432", "SOL15737", "SOL15741", "SOL16344", "SOL16872"]}, {"type": "fedora", "idList": ["FEDORA:0E00C6090BD2", "FEDORA:25A9A23A22", "FEDORA:25F4A2151F", "FEDORA:2C8F660875AF", "FEDORA:309E1233DF", "FEDORA:38DE2220D8", "FEDORA:53E1D20E9E", "FEDORA:5B904214E6", "FEDORA:5D10B2170F", "FEDORA:6C2F3226BB", "FEDORA:BDAF321057", "FEDORA:D75E16087AA0", "FEDORA:EE17520E26"]}, {"type": "freebsd", "idList": ["81FC1076-1286-11E4-BEBD-000C2980A9F3", "9BAD457E-B396-4452-8773-15BEC67E1CEB", "AC18046C-9B08-11E6-8011-005056925DB4"]}, {"type": "gentoo", "idList": ["GLSA-201406-32", "GLSA-201412-29"]}, {"type": "github", "idList": ["GHSA-2C9Q-QWRC-F486", "GHSA-2X83-R56G-CV47", "GHSA-3832-9276-X7GF", "GHSA-3M3R-82GC-53MJ", "GHSA-42J3-498Q-M6VP", "GHSA-475F-74WP-PQV5", "GHSA-7J4H-8WPF-RQFH", "GHSA-CFH5-3GHH-WFJX", "GHSA-FQ9F-9WV9-RFMG", "GHSA-PJ45-8VHC-MH2F", "GHSA-PRC3-7F44-W48J", "GHSA-QJPQ-5PQ3-43RR", "GHSA-QPRX-Q2R7-3RX6", "GHSA-XH5X-J8JF-PCPX"]}, {"type": "ibm", "idList": ["01CFF49A8E945385D7DAF195723AF2400A442375CCE77F93B4CF72774A757E1D", "01E57EA4FD7356FB5E72935EEB154521615A9345224BEDE9B60CA47FD8E5D4E3", "025F46D70BF12E5E7A17B0B9163D46438945859C3636C38FE34BA49936F47B5C", "026861C8F37CB442AEB06F08CB67784AB6226E1C2C5830E2D4227D71E9453C5B", "027E5478A26C8AE814D366BCF7E00B0A415810B1BB3DB8B0FE38BF967C56F05E", "031AB80137983FA206B8FD452A65FA0ADD155D250DA679ADC4DC628C2E106C7E", "06409D16EC8F4BD816A8BBD1FE8C8AD118CCACF9B37F73C1BC2C7794B32167B9", "0A6BBC4DFBB5FEFCEDCBE9F7C11994171A57DC8ECA368D2E6508C015BE0285CA", "0BBFF5ACCE3BB85B4B009BE1151FB259BD27E60CC9166A10FE3D48B5D6499E15", "0BFA95615C47A8731EA2BE8892AD132D9865D65EF45F22364FDFDE9DF1A13C48", "0D1060E5ABDA13ED7B41723370E8EECD9653B01BFAB3E94725DA29BBF5C49458", "0D4811CF16080329FAED2F0F50384DF021CD54EDE21A91677DCCA510ADF9344B", "0F8C9B43069C04EF8D42F75FA8D42A5837D2A01F1B45F132DD6CE116C7562B83", "10770D12191A8AE9369E34D348349D2BA4155BE98B552E072EF5E6E20AD6C297", "109B2E937B3A410E66933C6F6054D7A86640DE62C0F3587F9E376863C105A750", "136DDBB187CA30DA1F912D98168C94224C5097A9B2069F211A06D131A899737E", "15D4D14B41D3C3255E8F557AA0EE3EF0491215FFA7ABAFAF541A6B29C5E8C4BC", "1B6B6F798AFCB29081D407FF7387CA748CFEEF00BC950E79BD8FDF3533DED480", "1F7A45CD4D73686FA6C9591207830D1B405EB9704E1C5F2BE5F439A0FE018D74", "2144A98C6B99B7EB85CE452D9F97E1A8E1038FF69C8DCB9BC1AFE8B706268DC5", "229A4B43FE77515F8665EB39BE40365AEA78A7E6905A77143AA0029AE91AE79C", "269ED09DF8DEC59D6D5C76BBBEC1A3E9EB81FC2A6B977AF71E1341BCCE84CE32", "2941D52E6F881D5993E9C3236CA0451D0293C5A3807E5ADDCD4325AE37D01131", "2B824167DC3985A17D4B9DD3CF5905F8AAE0DB7D3312C2CC8E1D8F708BFCC90D", "2C89CFD58F3D4EE971D17C1294FCDAF90987B18CD1793833204AB66E2BE29729", "2D361C1BBDEE23DCFC1E6C5412CD189D08B44927377CE22B91F2955FFD17F14D", "2D7C485C705EF6647EC2ADDB5048FDAE46343DAD18C74DA4CF56006EB314660D", "2DE091CA07117F67C4FD3C61010878CC6DC8E520AC7DB498E6AE9A95138728A3", "2E91EF7A9948535BD27257CCBF7A6470F5ADBFCFAE1D0B1F706C76B9FF03241A", "2F56561079E67B55F3A367BA0BCE3ED5A5C9952A67209F84A3DABB0FCE15DFB8", "326912EF4D6CFE46E00FE614008D772B4764A4B092781FECBA0BF97F534B6499", "332EB7C24BEDDB6A08EB1D2E56168DBF8FB7B8EE1E89939D477827DEB2BC62FA", "33E772FE581A9D6941CAFA467B27570A2BFAEDE9621378A1CC43B798A00E48C5", "33FF9BBFA013E40A06E5B0AB55B876DFB2EA6711862322A00D2EC4A4BC79A5F7", "3530DF8DA972875E9B1FD6F767CF9BCE12DD28AEEAAF4F127105D1281DCB6CC5", "36925FCD99306C01EA66932905F954FF401591329BEF9AA70C7DE926FE9CD481", "3760CC22031AD86ACCE33D7AB55CA1DBFBE4BA8A42EE27EBA4D0BD274E30D8D1", "37E84D76257762D12F144C420A6FA36A16C6055B49D7AE073144BE16FFF7F0A0", "39E0A8E42AF49F2179F0B050D210E6D8104FD0358E58AD9DC5049A5A5791989D", "3AE8B7045D3F6049DF983F14126D0E4FAAF567E5AEA283E61BDCAB7EE7E255EF", "3B659ECA0A3490E43A993E28F17C28259C30674E3C1D43656C4A5B37F135FF29", "3D8540513E9389E52505EF4CCF99C1FC5DC8928BFA49128170D48087D1264725", "3D9D5C7B09E22D87A8FE0FE187F0AF4F7F297ED37E3326CEFC50EC5D149D3374", "3E12BA2CA4DE8574522B4094594F36E64FC844217879773183FA9455EC8D7C55", "3F50B90AA067D7B221DE01833CF094A0A4B8DFCEFA2F20192B47FCC636918D02", "418A4C8D1E8F2E8A923DFE2C36570B4A5EF7B515E050C0F19513AF3DAE7D2628", "41A2B080355DFAE7EADFECB4D5D6C7105784D83B969140D731128E3E9EDA0757", "41AAC16DD55649610A7533A1CCFF752B9439D695AF4B531F93AD71CE90511A9B", "41CB9666A88AE67D4A0558674B8CFDA62F160B6DDCBA3C10576515447887CF12", "41E52F75A6D7D5643A154BDF7E47439DD72AD5A21A6077C530F676B951CB6EAA", "425388ECE1ADC07929410BEE459751DFD6F958476D182A188AADBC4797B87839", "426DC9FAD64F716E8463EF1B0FFD5E38D7ADE11BB58C57E0667356ABA3124D6E", "43DA4697F34CF5D5A6799540E74541895D58CA735AF6018C2189B56DA5C5FD59", "43FBEEFC31F99AEB119439D6EF39666A16FB655D9FC959B3333EE94D3E086527", "45DA32C663BE23D1E9021CFBC616628C9999944B0A29CBEC2FB3DFC16618B5B6", "46655D215605654C233A0192D520520517C2577FCBAFD46B6A2A95C51164157C", "4777F5C1553B23793B9C264645B77DC8564BD5ADDE40E26C0417DA938016C274", "4940B87F5703F7E9544553B0D7BB9C6D4A345E898CB001AE7808330D33AEF23C", "4A40A8584AAA0568BA4769257A7F6F47501E3580494467FB6A90C65631820786", "4AFD3A67A4B8CE9D6C9AB20CDD1C452DFC4D819A3B4B02701ED03F83C223CCA9", "4BD525650ACDA69E5A72CD1CF82ABA591CB8C348C2EB3003E0E6F4F148199C9E", "4BDE70E43A19F50FF60A2F5CB6ED1C095A92727557F41F17F3F3059A4D00A95B", "4EA16C484A11E833B1DEB803D6ABABC8ED4970EE9E61B2165CE99AF8625D8A2C", "527C030C003106EDF08727B98AC10682E8DE0D0F67A43A4BBB5A977ECA249116", "52B201EAD7D8FBAAE3AB5280B9E773559F7305E89BBE33D8F5F38C7C4DE82834", "539FD5A344951CB3146EC1C6256AC3A91344217924BD86DB5242BF2BD9D82C91", "5474D79847A3FCE81B76D3A3025062B823503D87AA571209B4C33FF248E4D056", "56B285EA37730B4746FB389027A082A9235462A58A5870D69D30CB85EDCC250C", "5BBDE78129FEC8626D9A3FA259F12B0C48A3E43B97DC04EDCAF9F91129AA8643", "5C2C022A36BF4D39A392DF7316D1681BAABF11A9ABC32DAE467DB316B3FD1A3B", "5C80F4F5636A0868AC75F2C89F64F0E39575DA7CB728A81C3DC2784A9401D771", "624AD41EB5F36F069D460B4F08DC247A206F306C8741AC3066CA77ECEFA5B07C", "630F07BCFBA91233BBB559ED997B4656AF3D22DB4D916E90B078150D1E4475A5", "635552E99951D8D5AEBD584BBE0C8D1EBBAE770AEE83BA96CDC88B692C2A1891", "64D4A0EFDA44FD634988AA343C6F11362362D7A9EF20EE97010E4B801142F7D3", "66190F86169601FFE437A37A0B9AD09EA1B8961389683892ADA7DE4D3DFADC50", "672ED98E9AB8BD15ACA2079635029450D742DBDD7246A12534BFFA7D54E83F8A", "69C147CB642B39AA3250947FC1868ED542CC9C2C3BED4BA821CAD9BA0F178E84", "69C4BA7EBA2FBED8F26777795FD33E6380CFCB2F86DF70D928F147B0F1622932", "6B7DCA3771436A0F45D4564BA66669C2242AA5C9B9F759BE5A29B65838666ACF", "6E31851D9DE0A52F22E528C5E433ECB539CEED68D32D67ED5929B43E327DFF84", "6E576C2CB4D4BBA1032374CAD5E52D25D35C49BA3CF8B212C76E104CF2FFB067", "6EB0DF5B8D2A9CE0A54E20B9831C291C9DF55686C969612BB8B51326B44694DA", "734FDE9A6D820A5332D7EEFB5A4C4F802ED630CF06944C3F401C528C04ACB9F8", "73FC5ECD1151D9AEBD55620913E8369C80A9C8FB69C433075AC1A654ACD4D2F1", "76ED8A969B89E917406E6428B20653B4CA4683B94EF0C818185ED8F868517B34", "774CD0CC266135AB1675926645BDE7EC4B8D9325050C2B4CC8CDB5B064BC5431", "79F87BA72892577A0BC3F38CF5FEDB0E85D288E3A0106ABF797792995FC7E5A6", "7C2E3EBD59844B33604F823D03303C3D61BA5B706D9B3DBCB94DE8170A315138", "7E0744D5936EDC5F018B0850D801B665D388060D6A81B986BC7AD81C9A78C0EE", "7E79C8722B51CD34772D4E6422F113B07D7EBC673CFF21F6F2933AB8FEC145E8", "807F02BF5D04D1D709B1D383A56D073A3E2ABB5E058B819FF145C9C80E083AF4", "81D5F6F41E5617EDA7FF694BBE43496FC48B7577BB4C9C238127ECCCB1D40118", "83DE818C5932FD800E5449ABA82FA7FDCAC7A0E2B41C5C07CC9E5CC56A3B9296", "8491CF1F3DD8116411BD720BFCBC2272BEB04446394152CADFC6BA73F4D21149", "858896131EA815FB74E9BDD335996EEADB31086755EBD223F4051866A0275C41", "86857E58370683CD6F1A7EFD8594D930D4071245BF08AD93E4E74F3BD64C8921", "86C605E3543D3B83BA0A25B4F9686B938438FDAB955B33BD0721D21AA9B6A946", "8843F7CE503D218A7104A239B8A08FB7C4002FAE68063C4FBC08A231C930164F", "8A242C548ADF3E615FE6BA32C7E6F5B2DB8B1FA250ABF2329DC20A0FB32D3700", "8A2F935DC3D0F2E173B8E4E2D35A15ED0CF4A2296381FDAEDD880D3DF62A3B87", "8A701D48F4091EA51049536F85130BE7D77B829160E8E35B5466F949D90A6C04", "8D964A6D85AB92A093A54D98B52835DA52D646F29F4FB8F77B0F37827E6FEFB1", "8E52B580FD40A2463235A900C053978088551052E8CED206AAA5FACA17727B55", "8EFB8A654D3536DD4481500A7680D75E0B2A04D2F63C829CAE130B12A35D7ED3", "8F7E9BC38CC1D5886DD8998C93E683C9367649830B463A9A5032011B60846A4C", "8FB0EF2BC912FEF8086EDA6A85F6EADBA8F6FD58431B3D97965CB05312955112", "916289CD5D9C8E5E33D7DE91CC4F8F7F5D561CF5D9EE0270AA10F98B4F8E11B1", "928B26714FC24270FC86337E21BBA3EB76F0E528762596275CC586405FE80B05", "941BE6546248546895E985D918A392B54ED0C65B26F1D77CFD98B3C980077115", "94E13AF146BBB1F07C8C15D84D0BA56926DB7F008F4C7E0D14A9D403A19C14B8", "96302C1466344A1E09AD9F8BD313E146404CBA442EC8A168D06F9F19721F34E8", "967AF0313531BD8CF81DC92E2E738F2495CD203B6C45CECCE9EA3C65C8D50675", "96AA6E96C459B552487D37879C1210BD7926BC641E7FD69543382941733FFB5F", "96B854658FB25B1C41C7953D07DFA40702863F7DF3DA2149F3BC57ED6B4B5CAA", "9740C6D788C18AEDC395271BE7D8BC1250A1DFEC3E97EA850467EC7128330AFB", "9D9A01E02514803E9E0E5DD88830752E1595E1F1CC50F35B26CA6DC44AE2E184", "A06C985E81BB1BB1AA90DFD4F5BA6E0FFAF51669D2A5D4D6AE0FBF98103633F4", "A0E132541F97F127BF3DABB601EC05883771B88A1D5AF81623DA70B88A6C446C", "A380C4CD3FFEF0D1AD28C9019320AF0085267A1FC55FD33D40E61A6A71DFDFF1", "A58C823EBA17BCA1EF2E03A022AD459615777F04304CD5155A2E49671A228600", "A8027975CD04187C329072482069EDA4C120BA42B61748874AB53CA265CE950D", "A866252B75E912D0B0730469904A7C2D30F443084DF2C8AC2265ED850925178B", "A8A1B567F944BADF2C3904883B086755440DF569158EEB6B0C8C2202276A6F6E", "A9B608450EE2B2505174F8F497D891A822A15EB84A1C302BA28DE13FA45B34D4", "AA22EFCACFD16355E687E8C078529B92CA82110199F1C005FEEA90AEFCF5126F", "AAE68AA2EFC385FF3EBD4382FB866664D480CC7F1DD4B169227644E77ADC4B20", "AAFF9E87667B35D62A52D77B8E5C3A000AE2419974F7C14545C23704BDDC171B", "ACF951883A0ED678D1734A49BCC0A109E5194A4C26097ED854BCC8C8D5D2FF97", "AD52780ADB1AA1A63A95666586BE3E3CBD0D8D672011DB568982D69F38937402", "AD8E660250C2C89BB2D58BF124515BD0BFFA5E94B9B8B65817709BA231BB81C4", "AE6D1B5FD790E4EB67811073CAA87734E8796D6A47CED4BA9A466C750931055B", "AEC0722767EA21CDE0F10129C001F976425E48E7F302D7C24108AFF251D12D6D", "AF3CBD718F3297D87FDA4616011F4CD425D9EBE3BB2880108811A5CAEF018EB6", "AFE19A054333AA295FD3827F2033517CC7AEB5612BF8DB73D513BF11446C18D6", "B0710CCD7EB89A5C49D6C1E3D822E60C1DA51A788060B7BC1A3E28F811AE5890", "B2E591E5ED5ABE4C60A5F4856AF04C0299F9839E9526D3F3660DADBBE5A36A24", "B2EA2FBA4D280351FEA7F9EC1921C448D44F4D9EC613590A87A15467F7D34153", "B569A853D72B998931834B4E507ABAC9BFD3A8D8EC956A6081EB37817B823603", "B5810DD31544DECD338CCD71F5C05C78B267068FE3FD01928B5545B05BEE5FA0", "B62A0DF1BA325616E310706F59A3DD07DD7DC7356D343963E6F99C6D89411ED3", "B6D98686FB4CE3794F12AA810C56116765161F3CB64E9212B301423AF70BBA48", "B7B5A2F4EAC8C54D2F0C9FDCCC4CAA2137D3B197178381FE3F072B00002E30BB", "B8C124EE4E419DE7F41A9CB0246E9FF21300C4C9A2734EF999830B9906B65133", "B8DC16D7984D0BBBA4C1AF32274D163BB6450605EB784C1C3FB1AA833F622DDD", "BA5FC59AD4CA540F948C75EA478904F8A2D0A949B970697DAED42B661E911F37", "BAFE1432B61D78F2B29438C3606D2D46643F4DA3DFC6DD0FB0C4962ECD44C150", "BB533902BA4EBB47C76135065C028B64E9AE235E3599722B647CCA07B04C8611", "BECC6F55C479899394C948B41D1583923FD81FCFF2601C2F611481DF3DC4A086", "BF02F346F8040935042888E37E57388C99CFE5C1481423006521CE138806F10B", "C1882EF0507C13F3B13D2F71439616E5B927333FFAF7FDCB93F807BC6BCDB22E", "C1F769D030FC2C40F30870B89602B6E37C63D9738974975088F5749826F8EED3", "C3B567818F0068A4E76BF412FA5CD0354D004804480FA49A2095407B12E1C65E", "C8BE73C4E7057D8E5549AED30F58BE7C02D764368946F222F073AD95FC7463AB", "C9DF9C64EA1901A4A73100734E733E276B2C17AF4A3093D142E5F13C918BC741", "C9ECB6A07E020B4F51B5A75CA641A4C9D5FF4604F410B4F4F79CC5B7C23A3A21", "CAFB095B3406AF2192C514E1DCBD9BDB8E1617F8C1D2D8B7AF74C17E99F59356", "CB8C3B738F38745C5B57C0DA3F05DADCF513EF6086091B71D291C2300F0DCD7D", "CCFECD3DB0FE27D3FFA94FA02DB02FA929F230E12AD62B226E45F86E49E553DA", "CD8418BB02EB6826E569D98384F70297E22D3E490B1DA1768CD8EEF2AA731E2A", "CFF78161323725A8FD12DF13E41FC085C16BC5DB4DD0560B538661E5E827574B", "D022529FE320A8F43D11C49701F88EA64C97C42B2D7C123E2D786C4D8DE81CA2", "D09ABF92F9241537F2411A406C8EBC7E6385C510450FCBD8E4BEA2A58ED1A1F8", "D2E48469AB3A6F2B1FEAEFDF00F68B8BC2F210C7E3BBABA5556DFDE4C6DB7ECD", "D44CA6EF8BD7019FA550CA0950704781857304C8E0CD782812D3165AFD1C6B39", "D519EDF621C43AA30CAE493215E1F07C4C139FE3A02526AFB3F745E25DECEA7B", "D66B903250F05C7E6F628063E46BB788B758ACF5470BDBDCE9A7DDCF98ED3362", "D69CAB0B695FDB3F4A13D03095C9000050A31CA1EEA0F9ED3CBD01DC6FA43F1A", "D6A44428CCED7D4414F45995089E4B50263CC2289068653B4C25B2BD80252892", "D7390B667F4610840B7DBEE48217CEDFF56BC7B9577E1551835932F49BE6F920", "D8364619CBEE24F5374C5900204720B8892538BCBAF940A1D49FD87DDBC8DCB2", "D9B0611A8528A63B8202AA688252759B26930DB9480FE7C48ABDCE8B48665B48", "DA1C836B75E42E2FB996F536143556E210EC992AA28EE772F420C8E630A9779F", "DB866DC8DC23646847AE5E9E25C02B2DF2A195A414B2734DCAA102E637957BAF", "DCC9649506788D084E3F04BBCEF6771A166E4FA63D4D9E7BB7918699340BFC39", "DD5BF5116E5741EB672335643731F4B54ACDBD92F34C019A128C14DD0EF87E44", "DEAFA2DB54593AA80919E191E6F6089E8FC07DD6414224DF7420DF6F55DF4BC8", "DFC186E0BC4C38FE63E8100B59AEA0B01E674D693A8B6BBFEFD8481F100D92D3", "E04F9DE1174EFB4A26CD756DF59E4C46606A4BD4063992B465E76804515C6833", "E05BB8F45DC047A2895F7AC85F4B8A9F55D22D985F0D4F65E95F3141873851DC", "E298AFAE6C10545EEFE2EDCB1E58ACEB81769C82FC173BB89206A046496B5501", "E305911F48B8615A61C080463D2FB319AA8513550446D28BC525EFF4F078588F", "E472DE505C96419516AEFE62313E85E4E907BADF9E49C6E7E7D5A4719C5D4565", "E56D6671818C95A5F19AEF15A7AD87A26C3C7AC0AC041B6BA86DC7AE5D43AB6F", "E56E2B116EDD9B36BA0E0A6BEA7E46A462817EFD720A53E8AAFDF37AE51F6FF6", "E593E12AB7D6E26E07598ADF3963FAD201BAABDA173B0C2AE81C1AAB831FBC26", "E865AEC861081DF4FF67DBF0B04D3E134D71A5914681CD7C13E100D35E6CDBA7", "E92BF7B99962FB16CEF2791538750652168DC6B3E67B515B830DD2E9A7E83E17", "E9DA194448794AF1B23D93C4E29F91BF89DFB6B4B3FE0F10E5AC715596720FB9", "ED3F93879D9EA52ACA672D1FC614DA612590B9D39156C7569BA8BF51AA634A4F", "F06557E676BEE33840ABDCBC8B63800AEF257D21E96813D19608264A0DF5ED04", "F0F96C18862EEEEDF9301E76044A85FB84B53D1A833A5D765181DE02638E1E8A", "F10B278BFBFA868C361722B3DE18CDFFBEA415174A88751DEB4AB93FA4D5705C", "F15BA9EC0C1FC4624C7DDC90D046A7A3558B86CF13B121A8778B5BA8562491DC", "F2BA717220AF86DFDA34E3C889BE92B672CF072FD97A6D1C67429E982D684361", "F43AC4AD74C202F4FEB76EA0BC3429642A773A92CA519668F55C67ABFA59AEB0", "F589C8EE8B85031A0437FA4B9B5223B171B8C93F2A8436F0B7911CEA6E3E4207", "F65F1D96E364841337F0770420AA39E180E57CF181628F15C7259D9D9A9E8BDD", "F6932FFA729B316CDBF1B06D2938B9D53FBCB3E73735DBB2B0ECB271EC493B76", "F740A49083E598F5C61454D5FE2852EC2DAF253C768CB7F35E6A3DC564290AB7", "F7F85D44BEE6A44B0586E02849974252490960F9CCBF5AE3FC1F1A4811329894", "F85FD0673B0A582E05FC6637434BB9C2F31E8D3595AAF3A28DEFC1CEBC9B8BF7", "F976E6D48149579C30755509014967F1B6A7163FEAAB9453EBE9572696C3DDDD", "F9ED99C3F4B2D868A3826BA34135EFCC7EF1978329C535488F23E6CF98DA913D", "FC2BEDDC9B0A20E14CE30F6B90D14256565AADCC69A534CA0557D8F35594D108", "FCE59DFD42E59BD7167FAF3866E489EED4113CD69D8279859881BE9C677B99EE"]}, {"type": "kaspersky", "idList": ["KLA10070", "KLA10072", "KLA10630"]}, {"type": "mageia", "idList": ["MGASA-2013-0199", "MGASA-2013-0322", "MGASA-2013-0323", "MGASA-2014-0268", "MGASA-2014-0347", "MGASA-2014-0348", "MGASA-2014-0398", "MGASA-2014-0547", "MGASA-2014-0557", "MGASA-2015-0081"]}, {"type": "nessus", "idList": ["8831.PRM", "8934.PASL", "8935.PASL", "8936.PASL", "AIX_IJ44987.NASL", "AIX_IJ44994.NASL", "AIX_IJ45221.NASL", "AIX_IJ45224.NASL", "ALA_ALAS-2013-169.NASL", "ALA_ALAS-2013-235.NASL", "ALA_ALAS-2013-246.NASL", "ALA_ALAS-2014-410.NASL", "ALA_ALAS-2014-436.NASL", "ALA_ALAS-2015-525.NASL", "ALA_ALAS-2015-526.NASL", "ALA_ALAS-2015-527.NASL", "CENTOS_RHSA-2013-0270.NASL", "CENTOS_RHSA-2013-1447.NASL", "CENTOS_RHSA-2013-1451.NASL", "CENTOS_RHSA-2013-1505.NASL", "CENTOS_RHSA-2014-0865.NASL", "CENTOS_RHSA-2014-1011.NASL", "CENTOS_RHSA-2014-1034.NASL", "CENTOS_RHSA-2014-1038.NASL", "CENTOS_RHSA-2014-1146.NASL", "CENTOS_RHSA-2014-1166.NASL", "CENTOS_RHSA-2014-1319.NASL", "CENTOS_RHSA-2015-0983.NASL", "CENTOS_RHSA-2015-0991.NASL", "CLOUDBEES_SECURITY_ADVISORY_2021-10-06.NASL", "DEBIAN_DLA-2110.NASL", "DEBIAN_DLA-222.NASL", "DEBIAN_DLA-232.NASL", "DEBIAN_DSA-3447.NASL", "DEBIAN_DSA-3530.NASL", "DEBIAN_DSA-3552.NASL", "DOMINO_8_5_3FP5.NASL", "DOMINO_9_0_1.NASL", "DOMINO_9_0_1_FP1.NASL", "F5_BIGIP_SOL15426.NASL", "F5_BIGIP_SOL15428.NASL", "F5_BIGIP_SOL15429.NASL", "F5_BIGIP_SOL15432.NASL", "F5_BIGIP_SOL16344.NASL", "F5_BIGIP_SOL16872.NASL", "FEDORA_2013-1189.NASL", "FEDORA_2013-1203.NASL", "FEDORA_2013-1289.NASL", "FEDORA_2014-10617.NASL", "FEDORA_2014-10626.NASL", "FEDORA_2014-10649.NASL", "FEDORA_2014-16845.NASL", "FEDORA_2014-9539.NASL", "FEDORA_2014-9581.NASL", "FEDORA_2014-9617.NASL", "FEDORA_2014-9629.NASL", "FEDORA_2015-2109.NASL", "FEDORA_2016-D6C87EB4AF.NASL", "FREEBSD_PKG_81FC1076128611E4BEBD000C2980A9F3.NASL", "FREEBSD_PKG_9BAD457EB3964452877315BEC67E1CEB.NASL", "FREEBSD_PKG_AC18046C9B0811E68011005056925DB4.NASL", "GENTOO_GLSA-201406-32.NASL", "GENTOO_GLSA-201412-29.NASL", "GLASSFISH_CPU_JUL_2014.NASL", "IBM_STORWIZE_1_5_0_2.NASL", "JENKINS_2_315.NASL", "JENKINS_4_8_3.NASL", "JUNIPER_NSM_JSA10642.NASL", "LOTUS_DOMINO_8_5_3_FP5.NASL", "LOTUS_DOMINO_9_0_1.NASL", "LOTUS_DOMINO_9_0_1_FP1.NASL", "LOTUS_NOTES_8_5_3_FP5.NASL", "LOTUS_NOTES_9_0_1_FP1.NASL", "MACOSX_JAVA_10_6_UPDATE17.NASL", "MACOSX_JAVA_2013-005.NASL", "MACOSX_JAVA_2014-001.NASL", "MANDRIVA_MDVSA-2013-267.NASL", "MANDRIVA_MDVSA-2014-170.NASL", "MANDRIVA_MDVSA-2014-193.NASL", "MANDRIVA_MDVSA-2015-052.NASL", "MANDRIVA_MDVSA-2015-053.NASL", "MANDRIVA_MDVSA-2015-084.NASL", "OPENSUSE-2013-161.NASL", "OPENSUSE-2013-304.NASL", "OPENSUSE-2013-305.NASL", "OPENSUSE-2013-847.NASL", "OPENSUSE-2020-1873.NASL", "OPENSUSE-2020-1875.NASL", "ORACLELINUX_ELSA-2013-0270.NASL", "ORACLELINUX_ELSA-2013-1447.NASL", "ORACLELINUX_ELSA-2013-1451.NASL", "ORACLELINUX_ELSA-2013-1505.NASL", "ORACLELINUX_ELSA-2014-0827.NASL", "ORACLELINUX_ELSA-2014-0865.NASL", "ORACLELINUX_ELSA-2014-1011.NASL", "ORACLELINUX_ELSA-2014-1034.NASL", "ORACLELINUX_ELSA-2014-1038.NASL", "ORACLELINUX_ELSA-2014-1146.NASL", "ORACLELINUX_ELSA-2014-1166.NASL", "ORACLELINUX_ELSA-2014-1319.NASL", "ORACLELINUX_ELSA-2015-0983.NASL", "ORACLELINUX_ELSA-2015-0991.NASL", "ORACLE_EDQ_OCT_2014_CPU.NASL", "ORACLE_JAVA_CPU_OCT_2013.NASL", "ORACLE_JAVA_CPU_OCT_2013_UNIX.NASL", "ORACLE_SECURE_GLOBAL_DESKTOP_JUL_2015_CPU.NASL", "PHOTONOS_PHSA-2020-3_0-0141_COMMONS.NASL", "REDHAT-RHSA-2013-0270.NASL", "REDHAT-RHSA-2013-0680.NASL", "REDHAT-RHSA-2013-1059.NASL", "REDHAT-RHSA-2013-1060.NASL", "REDHAT-RHSA-2013-1081.NASL", "REDHAT-RHSA-2013-1440.NASL", "REDHAT-RHSA-2013-1447.NASL", "REDHAT-RHSA-2013-1451.NASL", "REDHAT-RHSA-2013-1505.NASL", "REDHAT-RHSA-2014-0224.NASL", "REDHAT-RHSA-2014-0414.NASL", "REDHAT-RHSA-2014-0798.NASL", "REDHAT-RHSA-2014-0799.NASL", "REDHAT-RHSA-2014-0827.NASL", "REDHAT-RHSA-2014-0834.NASL", "REDHAT-RHSA-2014-0835.NASL", "REDHAT-RHSA-2014-0843.NASL", "REDHAT-RHSA-2014-0865.NASL", "REDHAT-RHSA-2014-0883.NASL", "REDHAT-RHSA-2014-0885.NASL", "REDHAT-RHSA-2014-0898.NASL", "REDHAT-RHSA-2014-1011.NASL", "REDHAT-RHSA-2014-1019.NASL", "REDHAT-RHSA-2014-1020.NASL", "REDHAT-RHSA-2014-1034.NASL", "REDHAT-RHSA-2014-1038.NASL", "REDHAT-RHSA-2014-1040.NASL", "REDHAT-RHSA-2014-1087.NASL", "REDHAT-RHSA-2014-1088.NASL", "REDHAT-RHSA-2014-1098.NASL", "REDHAT-RHSA-2014-1146.NASL", "REDHAT-RHSA-2014-1162.NASL", "REDHAT-RHSA-2014-1166.NASL", "REDHAT-RHSA-2014-1319.NASL", "REDHAT-RHSA-2014-1320.NASL", "REDHAT-RHSA-2014-1321.NASL", "REDHAT-RHSA-2014-1818.NASL", "REDHAT-RHSA-2014-1821.NASL", "REDHAT-RHSA-2014-1822.NASL", "REDHAT-RHSA-2014-1833.NASL", "REDHAT-RHSA-2014-1834.NASL", "REDHAT-RHSA-2014-2019.NASL", "REDHAT-RHSA-2015-0158.NASL", "REDHAT-RHSA-2015-0983.NASL", "REDHAT-RHSA-2015-0991.NASL", "REDHAT-RHSA-2016-1773.NASL", "REDHAT-RHSA-2022-0055.NASL", "SL_20130219_JAKARTA_COMMONS_HTTPCLIENT_ON_SL5_X.NASL", "SL_20131021_JAVA_1_7_0_OPENJDK_ON_SL5_X.NASL", "SL_20131022_JAVA_1_7_0_OPENJDK_ON_SL6_X.NASL", "SL_20131105_JAVA_1_6_0_OPENJDK_ON_SL5_X.NASL", "SL_20140709_TOMCAT6_ON_SL6_X.NASL", "SL_20140811_TOMCAT6_ON_SL6_X.NASL", "SL_20140929_XERCES_J2_ON_SL6_X.NASL", "SL_20150512_TOMCAT6_ON_SL6_X.NASL", "SL_20150512_TOMCAT_ON_SL7_X.NASL", "SOLARIS11_TOMCAT_20140715.NASL", "SUSE_11_JAKARTA-COMMONS-HTTPCLIENT3-130328.NASL", "SUSE_11_JAVA-1_6_0-IBM-130723.NASL", "SUSE_11_JAVA-1_6_0-OPENJDK-131129.NASL", "SUSE_11_JAVA-1_7_0-IBM-130723.NASL", "SUSE_11_JAVA-1_7_0-OPENJDK-131104.NASL", "SUSE_11_TOMCAT6-201407-140706.NASL", "SUSE_JAVA-1_5_0-IBM-8653.NASL", "SUSE_JAVA-1_6_0-IBM-8657.NASL", "SUSE_SU-2013-1256-1.NASL", "SUSE_SU-2013-1669-1.NASL", "TOMCAT_6_0_41.NASL", "TOMCAT_6_0_42.NASL", "TOMCAT_7_0_53.NASL", "TOMCAT_7_0_54.NASL", "TOMCAT_7_0_55.NASL", "TOMCAT_8_0_5.NASL", "TOMCAT_8_0_8.NASL", "TOMCAT_8_0_9.NASL", "UBUNTU_USN-2033-1.NASL", "UBUNTU_USN-2089-1.NASL", "UBUNTU_USN-2302-1.NASL", "UBUNTU_USN-2654-1.NASL", "UBUNTU_USN-2655-1.NASL", "UBUNTU_USN-2769-1.NASL", "WEBSPHERE_6453091.NASL", "WEBSPHERE_711867.NASL", "WEBSPHERE_PORTAL_8_0_0_1_CF15.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310106512", "OPENVAS:1361412562310112106", "OPENVAS:1361412562310112107", "OPENVAS:1361412562310120055", "OPENVAS:1361412562310120057", "OPENVAS:1361412562310120058", "OPENVAS:1361412562310120079", "OPENVAS:1361412562310120121", "OPENVAS:1361412562310120197", "OPENVAS:1361412562310120345", "OPENVAS:1361412562310120384", "OPENVAS:1361412562310121235", "OPENVAS:1361412562310121315", "OPENVAS:1361412562310123119", "OPENVAS:1361412562310123120", "OPENVAS:1361412562310123297", "OPENVAS:1361412562310123318", "OPENVAS:1361412562310123321", "OPENVAS:1361412562310123334", "OPENVAS:1361412562310123338", "OPENVAS:1361412562310123344", "OPENVAS:1361412562310123361", "OPENVAS:1361412562310123384", "OPENVAS:1361412562310123534", "OPENVAS:1361412562310123546", "OPENVAS:1361412562310123549", "OPENVAS:1361412562310123724", "OPENVAS:1361412562310703447", "OPENVAS:1361412562310703530", "OPENVAS:1361412562310703552", "OPENVAS:1361412562310805018", "OPENVAS:1361412562310805019", "OPENVAS:1361412562310805474", "OPENVAS:1361412562310807566", "OPENVAS:1361412562310841636", "OPENVAS:1361412562310841692", "OPENVAS:1361412562310841921", "OPENVAS:1361412562310842260", "OPENVAS:1361412562310842262", "OPENVAS:1361412562310842488", "OPENVAS:1361412562310865277", "OPENVAS:1361412562310865280", "OPENVAS:1361412562310865298", "OPENVAS:1361412562310868129", "OPENVAS:1361412562310868132", "OPENVAS:1361412562310868154", "OPENVAS:1361412562310868159", "OPENVAS:1361412562310868205", "OPENVAS:1361412562310868207", "OPENVAS:1361412562310869037", "OPENVAS:1361412562310869294", "OPENVAS:1361412562310870917", "OPENVAS:1361412562310871057", "OPENVAS:1361412562310871060", "OPENVAS:1361412562310871062", "OPENVAS:1361412562310871196", "OPENVAS:1361412562310871200", "OPENVAS:1361412562310871217", "OPENVAS:1361412562310871223", "OPENVAS:1361412562310871225", "OPENVAS:1361412562310871237", "OPENVAS:1361412562310871238", "OPENVAS:1361412562310871252", "OPENVAS:1361412562310871367", "OPENVAS:1361412562310871368", "OPENVAS:1361412562310871985", "OPENVAS:1361412562310881604", "OPENVAS:1361412562310881806", "OPENVAS:1361412562310881814", "OPENVAS:1361412562310881819", "OPENVAS:1361412562310881822", "OPENVAS:1361412562310881960", "OPENVAS:1361412562310881986", "OPENVAS:1361412562310881999", "OPENVAS:1361412562310882000", "OPENVAS:1361412562310882002", "OPENVAS:1361412562310882010", "OPENVAS:1361412562310882014", "OPENVAS:1361412562310882020", "OPENVAS:1361412562310882043", "OPENVAS:1361412562310882045", "OPENVAS:1361412562310882179", "OPENVAS:1361412562310882188", "OPENVAS:1361412562310892110", "OPENVAS:703447", "OPENVAS:703530", "OPENVAS:703552", "OPENVAS:841636", "OPENVAS:841692", "OPENVAS:865277", "OPENVAS:865280", "OPENVAS:865298", "OPENVAS:870917", "OPENVAS:871057", "OPENVAS:871060", "OPENVAS:871062", "OPENVAS:881604", "OPENVAS:881806", "OPENVAS:881814", "OPENVAS:881819", "OPENVAS:881822"]}, {"type": "oracle", "idList": ["ORACLE:CPUJAN2016", "ORACLE:CPUJUL2014-1972956", "ORACLE:CPUJUL2015", "ORACLE:CPUJUL2018", "ORACLE:CPUOCT2013-1899837", "ORACLE:CPUOCT2014-1972960", "ORACLE:CPUOCT2016", "ORACLE:CPUOCT2018"]}, {"type": "oraclelinux", "idList": ["ELSA-2013-0270", "ELSA-2013-1447", "ELSA-2013-1451", "ELSA-2013-1505", "ELSA-2014-0827", "ELSA-2014-0865", "ELSA-2014-1011", "ELSA-2014-1034", "ELSA-2014-1038", "ELSA-2014-1146", "ELSA-2014-1166", "ELSA-2014-1319", "ELSA-2015-0983", "ELSA-2015-0991", "ELSA-2017-2247"]}, {"type": "osv", "idList": ["OSV:DLA-2110-1", "OSV:DLA-222-1", "OSV:DLA-232-1", "OSV:DSA-3447-1", "OSV:DSA-3530-1", "OSV:DSA-3552-1", "OSV:GHSA-2C9Q-QWRC-F486", "OSV:GHSA-2X83-R56G-CV47", "OSV:GHSA-3832-9276-X7GF", "OSV:GHSA-3M3R-82GC-53MJ", "OSV:GHSA-42J3-498Q-M6VP", "OSV:GHSA-475F-74WP-PQV5", "OSV:GHSA-7J4H-8WPF-RQFH", "OSV:GHSA-CFH5-3GHH-WFJX", "OSV:GHSA-FQ9F-9WV9-RFMG", "OSV:GHSA-PJ45-8VHC-MH2F", "OSV:GHSA-PRC3-7F44-W48J", "OSV:GHSA-QJPQ-5PQ3-43RR", "OSV:GHSA-QPRX-Q2R7-3RX6", "OSV:GHSA-XH5X-J8JF-PCPX"]}, {"type": "photon", "idList": ["PHSA-2020-0141", "PHSA-2020-3.0-0141"]}, {"type": "redhat", "idList": ["RHSA-2013:0270", "RHSA-2013:0679", "RHSA-2013:0680", "RHSA-2013:0682", "RHSA-2013:1006", "RHSA-2013:1059", "RHSA-2013:1060", "RHSA-2013:1081", "RHSA-2013:1440", "RHSA-2013:1447", "RHSA-2013:1451", "RHSA-2013:1505", "RHSA-2013:1853", "RHSA-2014:0224", "RHSA-2014:0414", "RHSA-2014:0798", "RHSA-2014:0799", "RHSA-2014:0818", "RHSA-2014:0827", "RHSA-2014:0833", "RHSA-2014:0834", "RHSA-2014:0835", "RHSA-2014:0836", "RHSA-2014:0842", "RHSA-2014:0843", "RHSA-2014:0865", "RHSA-2014:0883", "RHSA-2014:0884", "RHSA-2014:0885", "RHSA-2014:0886", "RHSA-2014:0895", "RHSA-2014:0898", "RHSA-2014:1011", "RHSA-2014:1019", "RHSA-2014:1020", "RHSA-2014:1034", "RHSA-2014:1038", "RHSA-2014:1040", "RHSA-2014:1082", "RHSA-2014:1087", "RHSA-2014:1088", "RHSA-2014:1098", "RHSA-2014:1146", "RHSA-2014:1149", "RHSA-2014:1162", "RHSA-2014:1166", "RHSA-2014:1298", "RHSA-2014:1319", "RHSA-2014:1320", "RHSA-2014:1321", "RHSA-2014:1351", "RHSA-2014:1818", "RHSA-2014:1821", "RHSA-2014:1822", "RHSA-2014:1833", "RHSA-2014:1834", "RHSA-2014:1891", "RHSA-2014:1892", "RHSA-2014:1904", "RHSA-2014:2019", "RHSA-2015:0091", "RHSA-2015:0158", "RHSA-2015:0234", "RHSA-2015:0235", "RHSA-2015:0675", "RHSA-2015:0720", "RHSA-2015:0773", "RHSA-2015:0850", "RHSA-2015:0851", "RHSA-2015:0983", "RHSA-2015:0991", "RHSA-2015:1009", "RHSA-2015:1176", "RHSA-2015:1177", "RHSA-2015:1888", "RHSA-2016:1773", "RHSA-2016:1931", "RHSA-2017:0868", "RHSA-2022:0055", "RHSA-2022:0056", "RHSA-2022:1396", "RHSA-2023:0769"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-1000396", "RH:CVE-2017-1000402"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:30752", "SECURITYVULNS:DOC:30754", "SECURITYVULNS:DOC:30756", "SECURITYVULNS:DOC:31006", "SECURITYVULNS:DOC:31186", "SECURITYVULNS:DOC:31228", "SECURITYVULNS:DOC:31745", "SECURITYVULNS:DOC:32573", "SECURITYVULNS:VULN:13423", "SECURITYVULNS:VULN:13783", "SECURITYVULNS:VULN:13868", "SECURITYVULNS:VULN:13923", "SECURITYVULNS:VULN:14011", "SECURITYVULNS:VULN:14026", "SECURITYVULNS:VULN:14031", "SECURITYVULNS:VULN:14280", "SECURITYVULNS:VULN:14601"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:1873-1", "OPENSUSE-SU-2020:1875-1", "SUSE-SU-2013:1255-1", "SUSE-SU-2013:1255-2", "SUSE-SU-2013:1255-3", "SUSE-SU-2013:1256-1", "SUSE-SU-2013:1257-1", "SUSE-SU-2013:1263-1", "SUSE-SU-2013:1263-2", "SUSE-SU-2013:1293-1", "SUSE-SU-2013:1305-1", "SUSE-SU-2013:1666-1", "SUSE-SU-2013:1669-1"]}, {"type": "symantec", "idList": ["SMNTC-1329"]}, {"type": "threatpost", "idList": ["THREATPOST:2CC2BD1F67B44EC21DA3B6C9FFFE676C"]}, {"type": "tomcat", "idList": ["TOMCAT:1F88AED82411526AE64D4E54A393CB51", "TOMCAT:565F6CBE456BA5297C9079BB2E38BCC5", "TOMCAT:6A4BFE59973660D515D03A0117A1C709", "TOMCAT:78606D52CD7CECE336FC03BEC8BAFD03", "TOMCAT:7F7A3E46EFAC8D1C471A3C1CB35948A4", "TOMCAT:AC89226F467ACA1B5EE7147D39391784", "TOMCAT:EA4ED950D02D1F036AB2297B7E4A7048", "TOMCAT:F487A67EC81D506C39393DA2E9CF2F97"]}, {"type": "ubuntu", "idList": ["USN-2033-1", "USN-2089-1", "USN-2302-1", "USN-2654-1", "USN-2655-1", "USN-2769-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2012-5783", "UB:CVE-2012-6153", "UB:CVE-2013-4002", "UB:CVE-2013-5855", "UB:CVE-2014-0075", "UB:CVE-2014-0096", "UB:CVE-2014-0099", "UB:CVE-2014-0119", "UB:CVE-2014-0193", "UB:CVE-2014-0227", "UB:CVE-2014-3481", "UB:CVE-2014-3577", "UB:CVE-2017-1000396"]}, {"type": "veracode", "idList": ["VERACODE:11013", "VERACODE:11049", "VERACODE:11070", "VERACODE:11238", "VERACODE:11290", "VERACODE:11353", "VERACODE:11492", "VERACODE:11682", "VERACODE:15359", "VERACODE:3837", "VERACODE:3860", "VERACODE:5255"]}]}, "backreferences": {"references": [{"type": "amazon", "idList": ["ALAS-2013-169", "ALAS-2014-436"]}, {"type": "atlassian", "idList": ["ATLASSIAN:CONFSERVER-37991"]}, {"type": "centos", "idList": ["CESA-2013:0270", "CESA-2013:1447", "CESA-2013:1451", "CESA-2013:1505", "CESA-2014:0865", "CESA-2014:1011", "CESA-2014:1034", "CESA-2014:1038", "CESA-2014:1146", "CESA-2014:1166", "CESA-2014:1319", "CESA-2015:0983", "CESA-2015:0991"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2013-2454", "CPAI-2014-1901"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:390173E5A22BDA87FAB841184E06944D"]}, {"type": "cve", "idList": ["CVE-2012-5783", "CVE-2012-6153"]}, {"type": "debian", "idList": ["DEBIAN:DLA-232-1:8CB78", "DEBIAN:DSA-3447-1:CE269", "DEBIAN:DSA-3530-1:6A530"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2012-5783", "DEBIANCVE:CVE-2014-0193", "DEBIANCVE:CVE-2014-0227"]}, {"type": "f5", "idList": ["SOL15426", "SOL15428", "SOL15429", "SOL15432", "SOL15737", "SOL15741", "SOL16344", "SOL16872"]}, {"type": "fedora", "idList": ["FEDORA:0E00C6090BD2", "FEDORA:25A9A23A22"]}, {"type": "freebsd", "idList": ["81FC1076-1286-11E4-BEBD-000C2980A9F3"]}, {"type": "gentoo", "idList": ["GLSA-201412-29"]}, {"type": "github", "idList": ["GHSA-CFH5-3GHH-WFJX"]}, {"type": "ibm", "idList": ["37E84D76257762D12F144C420A6FA36A16C6055B49D7AE073144BE16FFF7F0A0", "4777F5C1553B23793B9C264645B77DC8564BD5ADDE40E26C0417DA938016C274", "4EA16C484A11E833B1DEB803D6ABABC8ED4970EE9E61B2165CE99AF8625D8A2C", "539FD5A344951CB3146EC1C6256AC3A91344217924BD86DB5242BF2BD9D82C91", "81D5F6F41E5617EDA7FF694BBE43496FC48B7577BB4C9C238127ECCCB1D40118", "FC2BEDDC9B0A20E14CE30F6B90D14256565AADCC69A534CA0557D8F35594D108"]}, {"type": "kaspersky", "idList": ["KLA10070"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/JBOSS_ENTERPRISE_APPLICATION_PLATFORM-CVE-2014-3530/"]}, {"type": "nessus", "idList": ["ALA_ALAS-2013-246.NASL", "DEBIAN_DLA-222.NASL", "DEBIAN_DLA-232.NASL", "FEDORA_2013-1203.NASL", "FEDORA_2014-16845.NASL", "FEDORA_2016-D6C87EB4AF.NASL", "FREEBSD_PKG_9BAD457EB3964452877315BEC67E1CEB.NASL", "GENTOO_GLSA-201412-29.NASL", "JUNIPER_NSM_JSA10642.NASL", "LOTUS_DOMINO_9_0_1_FP1.NASL", "MANDRIVA_MDVSA-2014-170.NASL", "MANDRIVA_MDVSA-2015-052.NASL", "ORACLELINUX_ELSA-2013-0270.NASL", "REDHAT-RHSA-2013-0270.NASL", "REDHAT-RHSA-2013-0680.NASL", "REDHAT-RHSA-2013-1059.NASL", "REDHAT-RHSA-2014-0865.NASL", "REDHAT-RHSA-2014-1040.NASL", "SL_20140929_XERCES_J2_ON_SL6_X.NASL", "SL_20150512_TOMCAT_ON_SL7_X.NASL", "UBUNTU_USN-2033-1.NASL", "UBUNTU_USN-2089-1.NASL", "UBUNTU_USN-2654-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310106512", "OPENVAS:1361412562310123297", "OPENVAS:1361412562310123338", "OPENVAS:1361412562310123361", "OPENVAS:1361412562310123534", "OPENVAS:1361412562310865277", "OPENVAS:1361412562310868154", "OPENVAS:1361412562310870917", "OPENVAS:1361412562310871217", "OPENVAS:1361412562310882043", "OPENVAS:865277"]}, {"type": "oracle", "idList": ["ORACLE:CPUJUL2015-2367936"]}, {"type": "oraclelinux", "idList": ["ELSA-2014-1011", "ELSA-2014-1034"]}, {"type": "photon", "idList": ["PHSA-2020-3.0-0141"]}, {"type": "redhat", "idList": ["RHSA-2013:1451", "RHSA-2013:1853", "RHSA-2014:0799", "RHSA-2014:0833", "RHSA-2014:0834", "RHSA-2014:0836", "RHSA-2014:0884", "RHSA-2014:0898", "RHSA-2014:1822", "RHSA-2015:0158"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-1000396"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:31228"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:1873-1", "OPENSUSE-SU-2020:1875-1", "SUSE-SU-2013:1255-2", "SUSE-SU-2013:1257-1"]}, {"type": "threatpost", "idList": ["THREATPOST:2CC2BD1F67B44EC21DA3B6C9FFFE676C"]}, {"type": "tomcat", "idList": ["TOMCAT:AC89226F467ACA1B5EE7147D39391784"]}, {"type": "ubuntu", "idList": ["USN-2033-1", "USN-2302-1", "USN-2769-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2012-5783", "UB:CVE-2014-0096", "UB:CVE-2014-0193", "UB:CVE-2014-0227"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2012-5783", "epss": 0.00238, "percentile": 0.60365, "modified": "2023-05-07"}, {"cve": "CVE-2012-6153", "epss": 0.00154, "percentile": 0.50321, "modified": "2023-05-07"}, {"cve": "CVE-2013-4002", "epss": 0.01104, "percentile": 0.82306, "modified": "2023-05-08"}, {"cve": "CVE-2013-5855", "epss": 0.00421, "percentile": 0.70374, "modified": "2023-05-08"}, {"cve": "CVE-2014-0075", "epss": 0.02945, "percentile": 0.89336, "modified": "2023-05-07"}, {"cve": "CVE-2014-0096", "epss": 0.00129, "percentile": 0.46223, "modified": "2023-05-07"}, {"cve": "CVE-2014-0099", "epss": 0.0041, "percentile": 0.7006, "modified": "2023-05-07"}, {"cve": "CVE-2014-0119", "epss": 0.00169, "percentile": 0.52361, "modified": "2023-05-07"}, {"cve": "CVE-2014-0193", "epss": 0.06425, "percentile": 0.92591, "modified": "2023-05-07"}, {"cve": "CVE-2014-0227", "epss": 0.95368, "percentile": 0.98986, "modified": "2023-05-07"}, {"cve": "CVE-2014-3481", "epss": 0.00759, "percentile": 0.78485, "modified": "2023-05-07"}, {"cve": "CVE-2014-3490", "epss": 0.01322, "percentile": 0.8395, "modified": "2023-05-07"}, {"cve": "CVE-2014-3530", "epss": 0.00963, "percentile": 0.81031, "modified": "2023-05-07"}, {"cve": "CVE-2014-3577", "epss": 0.0032, "percentile": 0.66093, "modified": "2023-05-07"}], "vulnersScore": 7.4}, "_state": {"dependencies": 1685096934, "score": 1698837755, "epss": 0}, "_internal": {"score_hash": "ebd4a87ed76f15126961727e69bcf036"}, "affectedPackage": [], "vendorCvss": {"severity": "important"}}

{"redhat": [{"lastseen": "2023-05-26T10:21:29", "description": "Red Hat JBoss Fuse Service Works is the next-generation ESB and business\nprocess automation infrastructure.\n\nThis roll up patch serves as a cumulative upgrade for Red Hat JBoss Fuse\nService Works 6.0.0. It includes various bug fixes, which are listed in the\nREADME file included with the patch files.\n\nThe following security issues are also fixed with this release,\ndescriptions of which can be found on the respective CVE pages linked in\nthe References section.\n\nCVE-2012-6153 Apache HttpComponents client: SSL hostname verification\nbypass, incomplete CVE-2012-5783 fix\n\nCVE-2014-3577 Apache HttpComponents client: SSL hostname verification\nbypass, incomplete CVE-2012-6153 fix\n\nCVE-2014-3625 spring: Spring Framework: directory traversal flaw\n\nCVE-2014-3578 spring: Spring Framework: Directory traversal\n\nCVE-2014-3558 hibernate-validator: Hibernate Validator: JSM bypass via\nReflectionHelper\n\nCVE-2014-3530 PicketLink: XXE via insecure DocumentBuilderFactory usage\n\nCVE-2014-3490 RESTEasy: XXE via parameter entities\n\nCVE-2014-3481 jboss-as-jaxrs: JBoss AS JAX-RS: Information disclosure via\nXML eXternal Entity (XXE)\n\nCVE-2014-3472 jboss-as-controller: JBoss AS Security: Invalid EJB caller\nrole check implementation\n\nCVE-2014-0227 Tomcat/JBossWeb: Limited DoS in chunked transfer encoding\ninput filter\n\nCVE-2014-0193 netty: DoS via memory exhaustion during data aggregation\n\nCVE-2014-0119 jbossweb: Apache Tomcat 6: XML parser hijack by malicious web\napplication\n\nCVE-2014-0099 jbossweb: Apache Tomcat: Request smuggling via malicious\ncontent length header\n\nCVE-2014-0096 jbossweb: Apache Tomcat: XXE vulnerability via user supplied\nXSLTs\n\nCVE-2014-0075 jbossweb: tomcat: Limited DoS in chunked transfer encoding\ninput filter\n\nCVE-2014-0005 security: PicketBox/JBossSX: Unauthorized access to and\nmodification of application server configuration and state by application\n\nCVE-2013-5855 Mojarra JSF: XSS due to insufficient escaping of\nuser-supplied content in outputText tags and EL expressions\n\nCVE-2013-4002 xerces-j2: Xerces-J2 OpenJDK: XML parsing Denial of Service\n(JAXP, 8017298)\n\nRed Hat would like to thank James Roper of Typesafe for reporting the\nCVE-2014-0193 issue; CA Technologies for reporting the CVE-2014-3472\nissue; and Alexander Papadakis for reporting the CVE-2014-3530 issue. The\nCVE-2012-6153 issue was discovered by Florian Weimer of Red Hat Product\nSecurity; the CVE-2014-0005 issue was discovered by Josef Cacek of the Red\nHat JBoss EAP Quality Engineering team; the CVE-2014-3481 issue was\ndiscovered by the Red Hat JBoss Enterprise Application Platform QE team;\nand the CVE-2014-0075 and CVE-2014-3490 issues were discovered by David\nJorm of Red Hat Product Security.\n\nAll users of Red Hat JBoss Fuse Service Works 6.0.0 as provided from the\nRed Hat Customer Portal are advised to apply this roll up patch.", "cvss3": {}, "published": "2015-03-24T20:57:38", "type": "redhat", "title": "(RHSA-2015:0720) Important: Red Hat JBoss Fuse Service Works 6.0.0 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5783", "CVE-2012-6153", "CVE-2013-4002", "CVE-2013-5855", "CVE-2014-0005", "CVE-2014-0075", "CVE-2014-0096", "CVE-2014-0099", "CVE-2014-0119", "CVE-2014-0193", "CVE-2014-0227", "CVE-2014-3472", "CVE-2014-3481", "CVE-2014-3490", "CVE-2014-3530", "CVE-2014-3558", "CVE-2014-3577", "CVE-2014-3578", "CVE-2014-3625"], "modified": "2019-02-20T12:23:57", "id": "RHSA-2015:0720", "href": "https://access.redhat.com/errata/RHSA-2015:0720", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-26T10:21:29", "description": "Red Hat JBoss Data Virtualization is a lean data integration solution that\nprovides easy, real-time, and unified data access across disparate sources\nto multiple applications and users. JBoss Data Virtualization makes data\nspread across physically distinct systems\u2014such as multiple databases, XML\nfiles, and even Hadoop systems\u2014appear as a set of tables in a local\ndatabase.\n\nThe release of Red Hat JBoss Data Virtualization 6.1.0 serves as a\nreplacement for Red Hat JBoss Data Virtualization 6.0.0. It includes\nvarious bug fixes, which are listed in the README file included with the\npatch files.\n\nThe following security issues are also fixed with this release,\ndescriptions of which can be found on the respective CVE pages linked in\nthe References section.\n\nCVE-2012-6153 Apache HttpComponents client / Apache CXF: SSL hostname\nverification bypass, incomplete CVE-2012-5783 fix\n\nCVE-2014-3577 Apache HttpComponents client / Apache CXF: SSL hostname\nverification bypass, incomplete CVE-2012-6153 fix\n\nCVE-2013-4002 Xerces-J2 OpenJDK: XML parsing Denial of Service (JAXP,\n8017298)\n\nCVE-2013-4517 Apache Santuario XML Security for Java: Java XML Signature\nDoS Attack\n\nCVE-2013-5855 Mojarra JSF: XSS due to insufficient escaping of\nuser-supplied content in outputText tags and EL expressions\n\nCVE-2014-0059 JBossSX/PicketBox: World readable audit.log file\n\nCVE-2014-0075 Tomcat/JBossWeb: Limited DoS in chunked transfer encoding\ninput filter\n\nCVE-2014-0096 Tomcat/JBossWeb: XXE vulnerability via user supplied XSLTs\n\nCVE-2014-0099 Tomcat/JBossWeb: Request smuggling via malicious content\nlength header\n\nCVE-2014-0119 Tomcat/JBossWeb: XML parser hijack by malicious web\napplication\n\nCVE-2014-0193 netty: DoS via memory exhaustion during data aggregation\n\nCVE-2014-0227 Tomcat/JBossWeb: Limited DoS in chunked transfer encoding\ninput filter\n\nCVE-2014-3481 JBoss AS JAX-RS: Information disclosure via XML eXternal\nEntity (XXE)\n\nCVE-2014-3490 RESTEasy: XXE via parameter entities\n\nCVE-2014-3530 PicketLink: XXE via insecure DocumentBuilderFactory usage\n\nCVE-2014-3623 Apache WSS4J / Apache CXF: Improper security semantics\nenforcement of SAML SubjectConfirmation methods\n\nCVE-2014-7839 RESTeasy: External entities expanded by DocumentProvider\n\nCVE-2014-8122 JBoss Weld: Limited information disclosure via stale thread\nstate\n\nRed Hat would like to thank James Roper of Typesafe for reporting\nCVE-2014-0193, Alexander Papadakis for reporting CVE-2014-3530, and Rune\nSteinseth of JProfessionals for reporting CVE-2014-8122. The CVE-2012-6153\nissue was discovered by Florian Weimer of Red Hat Product Security, the\nCVE-2014-0075 and CVE-2014-3490 issues were discovered by David Jorm of Red\nHat Product Security, and the CVE-2014-3481 issue was discovered by the Red\nHat JBoss Enterprise Application Platform QE team.\n\nAll users of Red Hat JBoss Data Virtualization 6.0.0 as provided from the\nRed Hat Customer Portal are advised to apply this roll up patch.", "cvss3": {}, "published": "2015-03-11T16:43:55", "type": "redhat", "title": "(RHSA-2015:0675) Important: Red Hat JBoss Data Virtualization 6.1.0 update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5783", "CVE-2012-6153", "CVE-2013-4002", "CVE-2013-4517", "CVE-2013-5855", "CVE-2014-0059", "CVE-2014-0075", "CVE-2014-0096", "CVE-2014-0099", "CVE-2014-0119", "CVE-2014-0193", "CVE-2014-0227", "CVE-2014-3481", "CVE-2014-3490", "CVE-2014-3530", "CVE-2014-3577", "CVE-2014-3578", "CVE-2014-3623", "CVE-2014-7839", "CVE-2014-8122"], "modified": "2019-02-20T12:19:46", "id": "RHSA-2015:0675", "href": "https://access.redhat.com/errata/RHSA-2015:0675", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-26T10:21:29", "description": "Red Hat JBoss BPM Suite is a business rules and processes management system\nfor the management, storage, creation, modification, and deployment of\nJBoss rules and BPMN2-compliant business processes.\n\nThis roll up patch serves as a cumulative upgrade for Red Hat JBoss BPM\nSuite 6.0.3, and includes bug fixes and enhancements. It includes various\nbug fixes, which are listed in the README file included with the patch\nfiles.\n\nThe following security issues are also fixed with this release,\ndescriptions of which can be found on the respective CVE pages linked in\nthe References section.\n\nCVE-2012-6153 Apache HttpComponents client: SSL hostname verification\nbypass, incomplete CVE-2012-5783 fix\n\nCVE-2014-3577 Apache HttpComponents client: SSL hostname verification\nbypass, incomplete CVE-2012-6153 fix\n\nCVE-2013-4002 xerces-j2: Xerces-J2 OpenJDK: XML parsing Denial of Service\n(JAXP, 8017298)\n\nCVE-2013-5855 Mojarra JSF: XSS due to insufficient escaping of\nuser-supplied content in outputText tags and EL expressions\n\nCVE-2014-0005 security: PicketBox/JBossSX: Unauthorized access to and\nmodification of application server configuration and state by application\n\nCVE-2014-0075 jbossweb: tomcat: Limited DoS in chunked transfer encoding\ninput filter\n\nCVE-2014-0096 jbossweb: Apache Tomcat: XXE vulnerability via user supplied\nXSLTs\n\nCVE-2014-0099 jbossweb: Apache Tomcat: Request smuggling via malicious\ncontent length header\n\nCVE-2014-0119 jbossweb: Apache Tomcat 6: XML parser hijack by malicious web\napplication\n\nCVE-2014-0193 netty: DoS via memory exhaustion during data aggregation\n\nCVE-2014-0227 Tomcat/JBossWeb: Limited DoS in chunked transfer encoding input filter\n\nCVE-2014-3472 jboss-as-controller: JBoss AS Security: Invalid EJB caller\nrole check implementation\n\nCVE-2014-3490 RESTEasy: XXE via parameter entities\n\nCVE-2014-3530 PicketLink: XXE via insecure DocumentBuilderFactory usage\n\nCVE-2014-3558 hibernate-validator: Hibernate Validator: JSM bypass via\nReflectionHelper\n\nCVE-2014-3578 spring: Spring Framework: Directory traversal\n\nCVE-2014-3625 spring: Spring Framework: directory traversal flaw\n\nCVE-2014-3682 jbpm-designer: XXE in BPMN2 import\n\nCVE-2014-8114 UberFire: Information disclosure and RCE via insecure file\nupload/download servlets\n\nCVE-2014-8115 KIE Workbench: Insufficient authorization constraints\n\nRed Hat would like to thank James Roper of Typesafe for reporting the\nCVE-2014-0193 issue, CA Technologies for reporting the CVE-2014-3472 issue,\nAlexander Papadakis for reporting the CVE-2014-3530 issue, and David Jorm\nfor reporting the CVE-2014-8114 and CVE-2014-8115 issues. The CVE-2012-6153\nissue was discovered by Florian Weimer of Red Hat Product Security; the\nCVE-2014-0005 issue was discovered by Josef Cacek of the Red Hat JBoss EAP\nQuality Engineering team; the CVE-2014-0075, CVE-2014-3490, and\nCVE-2014-3682 issues were discovered by David Jorm of Red Hat Product\nSecurity.\n\nAll users of Red Hat JBoss BPM Suite 6.0.3 as provided from the Red Hat\nCustomer Portal are advised to apply this roll up patch.", "cvss3": {}, "published": "2015-02-17T22:21:04", "type": "redhat", "title": "(RHSA-2015:0234) Important: Red Hat JBoss BPM Suite 6.0.3 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5783", "CVE-2012-6153", "CVE-2013-4002", "CVE-2013-5855", "CVE-2014-0005", "CVE-2014-0075", "CVE-2014-0096", "CVE-2014-0099", "CVE-2014-0119", "CVE-2014-0193", "CVE-2014-0227", "CVE-2014-3472", "CVE-2014-3490", "CVE-2014-3530", "CVE-2014-3558", "CVE-2014-3577", "CVE-2014-3578", "CVE-2014-3625", "CVE-2014-3682", "CVE-2014-8114", "CVE-2014-8115"], "modified": "2019-02-20T12:19:22", "id": "RHSA-2015:0234", "href": "https://access.redhat.com/errata/RHSA-2015:0234", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-26T10:21:36", "description": "Red Hat JBoss Enterprise Application Platform 6 is a platform for Java\napplications based on JBoss Application Server 7.\n\nIt was discovered that JBoss Web did not limit the length of chunk sizes\nwhen using chunked transfer encoding. A remote attacker could use this flaw\nto perform a denial of service attack against JBoss Web by streaming an\nunlimited quantity of data, leading to excessive consumption of server\nresources. (CVE-2014-0075)\n\nIt was found that JBoss Web did not check for overflowing values when\nparsing request content length headers. A remote attacker could use this\nflaw to perform an HTTP request smuggling attack on a JBoss Web server\nlocated behind a reverse proxy that processed the content length header\ncorrectly. (CVE-2014-0099)\n\nIt was found that the org.apache.catalina.servlets.DefaultServlet\nimplementation in JBoss Web allowed the definition of XML External Entities\n(XXEs) in provided XSLTs. A malicious application could use this to\ncircumvent intended security restrictions to disclose sensitive\ninformation. (CVE-2014-0096)\n\nIt was found that, in certain circumstances, it was possible for a\nmalicious web application to replace the XML parsers used by JBoss Web to\nprocess XSLTs for the default servlet, JSP documents, tag library\ndescriptors (TLDs), and tag plug-in configuration files. The injected XML\nparser(s) could then bypass the limits imposed on XML external entities\nand/or gain access to the XML files processed for other web applications\ndeployed on the same JBoss Web instance. (CVE-2014-0119)\n\nThe CVE-2014-0075 issue was discovered by David Jorm of Red Hat Product\nSecurity.\n\nAll users of Red Hat JBoss Enterprise Application Platform 6.2.4 as\nprovided from the Red Hat Customer Portal are advised to apply this update.\nThe JBoss server process must be restarted for the update to take effect.", "cvss3": {}, "published": "2014-07-07T14:40:34", "type": "redhat", "title": "(RHSA-2014:0842) Moderate: Red Hat JBoss Enterprise Application Platform 6.2.4 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0075", "CVE-2014-0096", "CVE-2014-0099", "CVE-2014-0119"], "modified": "2019-02-20T12:16:53", "id": "RHSA-2014:0842", "href": "https://access.redhat.com/errata/RHSA-2014:0842", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-26T10:21:29", "description": "Red Hat JBoss BRMS is a business rules management system for the\nmanagement, storage, creation, modification, and deployment of JBoss\nRules.\n\nThis roll up patch serves as a cumulative upgrade for Red Hat JBoss BRMS\n6.0.3, and includes bug fixes and enhancements. It includes various bug\nfixes, which are listed in the README file included with the patch files.\n\nThe following security issues are also fixed with this release,\ndescriptions of which can be found on the respective CVE pages linked in\nthe References section.\n\nCVE-2012-6153 Apache HttpComponents client: SSL hostname verification\nbypass, incomplete CVE-2012-5783 fix\n\nCVE-2014-3577 Apache HttpComponents client: SSL hostname verification\nbypass, incomplete CVE-2012-6153 fix\n\nCVE-2013-4002 xerces-j2: Xerces-J2 OpenJDK: XML parsing Denial of Service\n(JAXP, 8017298)\n\nCVE-2013-5855 Mojarra JSF: XSS due to insufficient escaping of\nuser-supplied content in outputText tags and EL expressions\n\nCVE-2014-0005 security: PicketBox/JBossSX: Unauthorized access to and\nmodification of application server configuration and state by application\n\nCVE-2014-0075 jbossweb: tomcat: Limited DoS in chunked transfer encoding\ninput filter\n\nCVE-2014-0096 jbossweb: Apache Tomcat: XXE vulnerability via user supplied\nXSLTs\n\nCVE-2014-0099 jbossweb: Apache Tomcat: Request smuggling via malicious\ncontent length header\n\nCVE-2014-0119 jbossweb: Apache Tomcat 6: XML parser hijack by malicious web\napplication\n\nCVE-2014-0193 netty: DoS via memory exhaustion during data aggregation\n\nCVE-2014-0227 Tomcat/JBossWeb: Limited DoS in chunked transfer encoding input filter\n\nCVE-2014-3472 jboss-as-controller: JBoss AS Security: Invalid EJB caller\nrole check implementation\n\nCVE-2014-3490 RESTEasy: XXE via parameter entities\n\nCVE-2014-3530 PicketLink: XXE via insecure DocumentBuilderFactory usage\n\nCVE-2014-3558 hibernate-validator: Hibernate Validator: JSM bypass via\nReflectionHelper\n\nCVE-2014-3578 spring: Spring Framework: Directory traversal\n\nCVE-2014-3625 spring: Spring Framework: directory traversal flaw\n\nCVE-2014-3682 jbpm-designer: XXE in BPMN2 import\n\nCVE-2014-8114 UberFire: Information disclosure and RCE via insecure file\nupload/download servlets\n\nCVE-2014-8115 KIE Workbench: Insufficient authorization constraints\n\nRed Hat would like to thank James Roper of Typesafe for reporting the\nCVE-2014-0193 issue; CA Technologies for reporting the CVE-2014-3472 issue;\nAlexander Papadakis for reporting the CVE-2014-3530 issue; and David Jorm\nfor reporting the CVE-2014-8114 and CVE-2014-8115 issues. The CVE-2012-6153\nissue was discovered by Florian Weimer of Red Hat Product Security; the\nCVE-2014-0005 issue was discovered by Josef Cacek of the Red Hat JBoss EAP\nQuality Engineering team; and the CVE-2014-0075, CVE-2014-3490, and\nCVE-2014-3682 issues were discovered by David Jorm of Red Hat Product\nSecurity.\n\nAll users of Red Hat JBoss BRMS 6.0.3 as provided from the Red Hat Customer\nPortal are advised to apply this roll up patch.", "cvss3": {}, "published": "2015-02-17T22:22:40", "type": "redhat", "title": "(RHSA-2015:0235) Important: Red Hat JBoss BRMS 6.0.3 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5783", "CVE-2012-6153", "CVE-2013-4002", "CVE-2013-5855", "CVE-2014-0005", "CVE-2014-0075", "CVE-2014-0096", "CVE-2014-0099", "CVE-2014-0119", "CVE-2014-0193", "CVE-2014-0227", "CVE-2014-3472", "CVE-2014-3490", "CVE-2014-3530", "CVE-2014-3558", "CVE-2014-3577", "CVE-2014-3578", "CVE-2014-3625", "CVE-2014-3682", "CVE-2014-8114", "CVE-2014-8115"], "modified": "2019-02-20T12:19:25", "id": "RHSA-2015:0235", "href": "https://access.redhat.com/errata/RHSA-2015:0235", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-26T10:21:36", "description": "Red Hat JBoss Enterprise Application Platform 6 is a platform for Java\napplications based on JBoss Application Server 7.\n\nIt was discovered that JBoss Web did not limit the length of chunk sizes\nwhen using chunked transfer encoding. A remote attacker could use this flaw\nto perform a denial of service attack against JBoss Web by streaming an\nunlimited quantity of data, leading to excessive consumption of server\nresources. (CVE-2014-0075)\n\nIt was found that JBoss Web did not check for overflowing values when\nparsing request content length headers. A remote attacker could use this\nflaw to perform an HTTP request smuggling attack on a JBoss Web server\nlocated behind a reverse proxy that processed the content length header\ncorrectly. (CVE-2014-0099)\n\nIt was found that the org.apache.catalina.servlets.DefaultServlet\nimplementation in JBoss Web allowed the definition of XML External Entities\n(XXEs) in provided XSLTs. A malicious application could use this to\ncircumvent intended security restrictions to disclose sensitive\ninformation. (CVE-2014-0096)\n\nIt was found that, in certain circumstances, it was possible for a\nmalicious web application to replace the XML parsers used by JBoss Web to\nprocess XSLTs for the default servlet, JSP documents, tag library\ndescriptors (TLDs), and tag plug-in configuration files. The injected XML\nparser(s) could then bypass the limits imposed on XML external entities\nand/or gain access to the XML files processed for other web applications\ndeployed on the same JBoss Web instance. (CVE-2014-0119)\n\nThe CVE-2014-0075 issue was discovered by David Jorm of Red Hat Product\nSecurity.\n\nAll users of Red Hat JBoss Enterprise Application Platform 6.2.4 on Red Hat\nEnterprise Linux 5 and 6 are advised to upgrade to these updated packages.\nThe JBoss server process must be restarted for the update to take effect.\n", "cvss3": {}, "published": "2014-07-07T00:00:00", "type": "redhat", "title": "(RHSA-2014:0843) Moderate: Red Hat JBoss Enterprise Application Platform 6.2.4 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0075", "CVE-2014-0096", "CVE-2014-0099", "CVE-2014-0119"], "modified": "2018-06-06T22:39:06", "id": "RHSA-2014:0843", "href": "https://access.redhat.com/errata/RHSA-2014:0843", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-26T10:21:36", "description": "Red Hat JBoss Enterprise Application Platform is a platform for Java\napplications, which integrates the JBoss Application Server with JBoss\nHibernate and JBoss Seam.\n\nIt was found that the fix for CVE-2012-5783 was incomplete: the code added\nto check that the server host name matches the domain name in a subject's\nCommon Name (CN) field in X.509 certificates was flawed.\nA man-in-the-middle attacker could use this flaw to spoof an SSL server\nusing a specially crafted X.509 certificate. (CVE-2012-6153)\n\nIt was discovered that the HttpClient incorrectly extracted host name from\nan X.509 certificate subject's Common Name (CN) field. A man-in-the-middle\nattacker could use this flaw to spoof an SSL server using a specially\ncrafted X.509 certificate. (CVE-2014-3577)\n\nThe CVE-2012-6153 issue was discovered by Florian Weimer of Red Hat\nProduct Security.\n\nFor additional information on these flaws, refer to the Knowledgebase\narticle in the References section.\n\nAll users of Red Hat JBoss Enterprise Application Platform 5.2.0 on Red Hat\nEnterprise Linux 4, 5, and 6 are advised to upgrade to these updated\npackages. The JBoss server process must be restarted for the update to take\neffect.\n", "cvss3": {}, "published": "2014-09-29T00:00:00", "type": "redhat", "title": "(RHSA-2014:1321) Important: Red Hat JBoss Enterprise Application Platform 5.2.0 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5783", "CVE-2012-6153", "CVE-2014-3577"], "modified": "2018-06-06T22:37:45", "id": "RHSA-2014:1321", "href": "https://access.redhat.com/errata/RHSA-2014:1321", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-05-26T10:21:36", "description": "Red Hat JBoss Operations Network is a middleware management solution that\nprovides a single point of control to deploy, manage, and monitor JBoss\nEnterprise Middleware, applications, and services.\n\nThis JBoss Operations Network 3.3.0 release serves as a replacement for\nJBoss Operations Network 3.2.3, and includes several bug fixes. Refer to\nthe JBoss Operations Network 3.3.0 Release Notes for information on the\nmost significant of these changes. The Release Notes will be available\nshortly from https://access.redhat.com/documentation/en-US/\n\nThe following security issues are also fixed with this release:\n\nIt was found that the fix for CVE-2012-5783 was incomplete: the code added\nto check that the server host name matches the domain name in a subject's\nCommon Name (CN) field in X.509 certificates was flawed. A\nman-in-the-middle attacker could use this flaw to spoof an SSL server\nusing a specially crafted X.509 certificate. (CVE-2012-6153, CVE-2014-3577)\n\nIt was found that the default context parameters as provided to RESTEasy\ndeployments by JBoss EAP did not explicitly disable external entity\nexpansion for RESTEasy. A remote attacker could use this flaw to perform\nXML External Entity (XXE) attacks on RESTEasy applications accepting XML\ninput. (CVE-2014-3481)\n\nIt was found that the fix for CVE-2012-0818 was incomplete: external\nparameter entities were not disabled when the\nresteasy.document.expand.entity.references parameter was set to false.\nA remote attacker able to send XML requests to a RESTEasy endpoint could\nuse this flaw to read files accessible to the user running the application\nserver, and potentially perform other more advanced XXE attacks.\n(CVE-2014-3490)\n\nThe HawtJNI Library class wrote native libraries to a predictable file name\nin /tmp when the native libraries were bundled in a JAR file, and no custom\nlibrary path was specified. A local attacker could overwrite these native\nlibraries with malicious versions during the window between when HawtJNI\nwrites them and when they are executed. (CVE-2013-2035)\n\nIt was found that the security auditing functionality provided by PicketBox\nand JBossSX, both security frameworks for Java applications, used a\nworld-readable audit.log file to record sensitive information. A local user\ncould possibly use this flaw to gain access to the sensitive information in\nthe audit.log file. (CVE-2014-0059)\n\nThe CVE-2013-2035 and CVE-2012-6153 issues were discovered by Florian\nWeimer of Red Hat Product Security. The CVE-2014-3481 issue was discovered\nby the Red Hat JBoss Enterprise Application Platform QE team. The\nCVE-2014-3490 issue was discovered by David Jorm of Red Hat Product\nSecurity.\n\nAll users of JBoss Operations Network 3.2.3 as provided from the Red Hat\nCustomer Portal are advised to upgrade to JBoss Operations Network 3.3.0.", "cvss3": {}, "published": "2014-11-25T16:45:01", "type": "redhat", "title": "(RHSA-2014:1904) Important: Red Hat JBoss Operations Network 3.3.0 update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0818", "CVE-2012-5783", "CVE-2012-6153", "CVE-2013-2035", "CVE-2014-0059", "CVE-2014-0227", "CVE-2014-3481", "CVE-2014-3490", "CVE-2014-3577"], "modified": "2019-02-20T12:18:40", "id": "RHSA-2014:1904", "href": "https://access.redhat.com/errata/RHSA-2014:1904", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-26T10:21:36", "description": "Red Hat JBoss Enterprise Web Platform is a platform for Java applications,\nwhich integrates the JBoss Web Server with JBoss Hibernate and JBoss Seam.\n\nIt was found that the fix for CVE-2012-5783 was incomplete: the code added\nto check that the server host name matches the domain name in a subject's\nCommon Name (CN) field in X.509 certificates was flawed.\nA man-in-the-middle attacker could use this flaw to spoof an SSL server\nusing a specially crafted X.509 certificate. (CVE-2012-6153)\n\nIt was discovered that the HttpClient incorrectly extracted host name from\nan X.509 certificate subject's Common Name (CN) field. A man-in-the-middle\nattacker could use this flaw to spoof an SSL server using a specially\ncrafted X.509 certificate. (CVE-2014-3577)\n\nThe CVE-2012-6153 issue was discovered by Florian Weimer of Red Hat\nProduct Security.\n\nFor additional information on these flaws, refer to the Knowledgebase\narticle in the References section.\n\nAll users of Red Hat JBoss Enterprise Web Platform 5.2.0 on Red Hat\nEnterprise Linux 4, 5, and 6 are advised to upgrade to these updated\npackages. The JBoss server process must be restarted for the update to take\neffect.\n", "cvss3": {}, "published": "2014-09-29T00:00:00", "type": "redhat", "title": "(RHSA-2014:1320) Important: Red Hat JBoss Enterprise Web Platform 5.2.0 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5783", "CVE-2012-6153", "CVE-2014-3577"], "modified": "2018-06-06T22:39:14", "id": "RHSA-2014:1320", "href": "https://access.redhat.com/errata/RHSA-2014:1320", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-05-26T10:21:36", "description": "Red Hat JBoss Enterprise Application Platform 6 is a platform for Java\napplications based on JBoss Application Server 7.\n\nIt was found that the fix for CVE-2012-5783 was incomplete: the code added\nto check that the server host name matches the domain name in a subject's\nCommon Name (CN) field in X.509 certificates was flawed.\nA man-in-the-middle attacker could use this flaw to spoof an SSL server\nusing a specially crafted X.509 certificate. (CVE-2012-6153)\n\nIt was discovered that the HttpClient incorrectly extracted host name from\nan X.509 certificate subject's Common Name (CN) field. A man-in-the-middle\nattacker could use this flaw to spoof an SSL server using a specially\ncrafted X.509 certificate. (CVE-2014-3577)\n\nThe CVE-2012-6153 issue was discovered by Florian Weimer of Red Hat\nProduct Security.\n\nFor additional information on these flaws, refer to the Knowledgebase\narticle in the References section.\n\nAll users of Red Hat JBoss Enterprise Application Platform 6.3.0 on Red Hat\nEnterprise Linux 5, 6, and 7 are advised to upgrade to these updated\npackages. The JBoss server process must be restarted for the update to\ntake effect.\n", "cvss3": {}, "published": "2014-09-04T00:00:00", "type": "redhat", "title": "(RHSA-2014:1162) Important: Red Hat JBoss Enterprise Application Platform 6.3.0 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5783", "CVE-2012-6153", "CVE-2014-3577"], "modified": "2018-06-06T22:39:08", "id": "RHSA-2014:1162", "href": "https://access.redhat.com/errata/RHSA-2014:1162", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-05-26T10:21:36", "description": "Red Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library.\n\nIt was discovered that Apache Tomcat did not limit the length of chunk\nsizes when using chunked transfer encoding. A remote attacker could use\nthis flaw to perform a denial of service attack against Tomcat by streaming\nan unlimited quantity of data, leading to excessive consumption of server\nresources. (CVE-2014-0075)\n\nIt was found that Apache Tomcat did not check for overflowing values when\nparsing request content length headers. A remote attacker could use this\nflaw to perform an HTTP request smuggling attack on a Tomcat server located\nbehind a reverse proxy that processed the content length header correctly.\n(CVE-2014-0099)\n\nIt was found that the org.apache.catalina.servlets.DefaultServlet\nimplementation in Apache Tomcat allowed the definition of XML External\nEntities (XXEs) in provided XSLTs. A malicious application could use this\nto circumvent intended security restrictions to disclose sensitive\ninformation. (CVE-2014-0096)\n\nThe CVE-2014-0075 issue was discovered by David Jorm of Red Hat Product\nSecurity.\n\nAll users of Red Hat JBoss Web Server 2.0.1 are advised to upgrade to these\nupdated tomcat7 packages, which contain backported patches to correct these\nissues. The Red Hat JBoss Web Server process must be restarted for the\nupdate to take effect.", "cvss3": {}, "published": "2014-07-03T16:53:41", "type": "redhat", "title": "(RHSA-2014:0835) Moderate: Red Hat JBoss Web Server 2.0.1 tomcat7 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0075", "CVE-2014-0096", "CVE-2014-0099"], "modified": "2018-08-09T15:46:59", "id": "RHSA-2014:0835", "href": "https://access.redhat.com/errata/RHSA-2014:0835", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-26T10:21:36", "description": "Red Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library.\n\nIt was discovered that Apache Tomcat did not limit the length of chunk\nsizes when using chunked transfer encoding. A remote attacker could use\nthis flaw to perform a denial of service attack against Tomcat by streaming\nan unlimited quantity of data, leading to excessive consumption of server\nresources. (CVE-2014-0075)\n\nIt was found that Apache Tomcat did not check for overflowing values when\nparsing request content length headers. A remote attacker could use this\nflaw to perform an HTTP request smuggling attack on a Tomcat server located\nbehind a reverse proxy that processed the content length header correctly.\n(CVE-2014-0099)\n\nIt was found that the org.apache.catalina.servlets.DefaultServlet\nimplementation in Apache Tomcat allowed the definition of XML External\nEntities (XXEs) in provided XSLTs. A malicious application could use this\nto circumvent intended security restrictions to disclose sensitive\ninformation. (CVE-2014-0096)\n\nThe CVE-2014-0075 issue was discovered by David Jorm of Red Hat Product\nSecurity.\n\nAll users of Red Hat JBoss Web Server 2.0.1 as provided from the Red Hat\nCustomer Portal are advised to apply this update. The Red Hat JBoss Web\nServer process must be restarted for the update to take effect.", "cvss3": {}, "published": "2014-07-03T16:52:09", "type": "redhat", "title": "(RHSA-2014:0833) Moderate: Red Hat JBoss Web Server 2.0.1 tomcat6 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0075", "CVE-2014-0096", "CVE-2014-0099"], "modified": "2019-02-20T12:16:32", "id": "RHSA-2014:0833", "href": "https://access.redhat.com/errata/RHSA-2014:0833", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-26T10:21:36", "description": "Red Hat JBoss Data Grid is a distributed in-memory data grid, based on\nInfinispan.\n\nThis release of Red Hat JBoss Data Grid 6.3.0 serves as a replacement for\nRed Hat JBoss Data Grid 6.2.1. It includes various bug fixes and\nenhancements which are detailed in the Red Hat JBoss Data Grid 6.3.0\nRelease Notes. The Release Notes will be available shortly from\nhttps://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Data_Grid/\n\nThis update also fixes the following security issues:\n\nIt was discovered that JBoss Web did not limit the length of chunk sizes\nwhen using chunked transfer encoding. A remote attacker could use this flaw\nto perform a denial of service attack against JBoss Web by streaming an\nunlimited quantity of data, leading to excessive consumption of server\nresources. (CVE-2014-0075)\n\nIt was found that JBoss Web did not check for overflowing values when\nparsing request content length headers. A remote attacker could use this\nflaw to perform an HTTP request smuggling attack on a JBoss Web server\nlocated behind a reverse proxy that processed the content length header\ncorrectly. (CVE-2014-0099)\n\nIt was found that the security audit functionality, provided by Red Hat\nJBoss Data Grid, logged request parameters in plain text. This may have\ncaused passwords to be included in the audit log files when using BASIC or\nFORM-based authentication. A local attacker with access to audit log files\ncould possibly use this flaw to obtain application or server authentication\ncredentials. Refer to the Solution section of this advisory for additional\ninformation on the fix for this issue. (CVE-2014-0058)\n\nIt was found that the security auditing functionality provided by PicketBox\nand JBossSX, both security frameworks for Java applications, used a\nworld-readable audit.log file to record sensitive information. A local user\ncould possibly use this flaw to gain access to the sensitive information in\nthe audit.log file. (CVE-2014-0059)\n\nIt was found that the org.apache.catalina.servlets.DefaultServlet\nimplementation in JBoss Web allowed the definition of XML External Entities\n(XXEs) in provided XSLTs. A malicious application could use this to\ncircumvent intended security restrictions to disclose sensitive\ninformation. (CVE-2014-0096)\n\nIt was found that, in certain circumstances, it was possible for a\nmalicious web application to replace the XML parsers used by JBoss Web to\nprocess XSLTs for the default servlet, JSP documents, tag library\ndescriptors (TLDs), and tag plug-in configuration files. The injected XML\nparser(s) could then bypass the limits imposed on XML external entities\nand/or gain access to the XML files processed for other web applications\ndeployed on the same JBoss Web instance. (CVE-2014-0119)\n\nThe CVE-2014-0075 issue was discovered by David Jorm of Red Hat Product\nSecurity.\n\nAll users of Red Hat JBoss Data Grid 6.2.1 as provided from the Red Hat\nCustomer Portal are advised to upgrade to Red Hat JBoss Data Grid 6.3.0.", "cvss3": {}, "published": "2014-07-16T17:02:12", "type": "redhat", "title": "(RHSA-2014:0895) Moderate: Red Hat JBoss Data Grid 6.3.0 update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0058", "CVE-2014-0059", "CVE-2014-0075", "CVE-2014-0096", "CVE-2014-0099", "CVE-2014-0119", "CVE-2014-3481"], "modified": "2019-02-20T12:17:15", "id": "RHSA-2014:0895", "href": "https://access.redhat.com/errata/RHSA-2014:0895", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-26T10:21:36", "description": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nIt was discovered that Apache Tomcat did not limit the length of chunk\nsizes when using chunked transfer encoding. A remote attacker could use\nthis flaw to perform a denial of service attack against Tomcat by streaming\nan unlimited quantity of data, leading to excessive consumption of server\nresources. (CVE-2014-0075)\n\nIt was found that Apache Tomcat did not check for overflowing values when\nparsing request content length headers. A remote attacker could use this\nflaw to perform an HTTP request smuggling attack on a Tomcat server located\nbehind a reverse proxy that processed the content length header correctly.\n(CVE-2014-0099)\n\nIt was found that the org.apache.catalina.servlets.DefaultServlet\nimplementation in Apache Tomcat allowed the definition of XML External\nEntities (XXEs) in provided XSLTs. A malicious application could use this\nto circumvent intended security restrictions to disclose sensitive\ninformation. (CVE-2014-0096)\n\nThe CVE-2014-0075 issue was discovered by David Jorm of Red Hat Product\nSecurity.\n\nAll Tomcat 7 users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. Tomcat must be\nrestarted for this update to take effect.\n", "cvss3": {}, "published": "2014-07-02T00:00:00", "type": "redhat", "title": "(RHSA-2014:0827) Moderate: tomcat security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0075", "CVE-2014-0096", "CVE-2014-0099"], "modified": "2018-04-11T23:33:28", "id": "RHSA-2014:0827", "href": "https://access.redhat.com/errata/RHSA-2014:0827", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-26T10:21:36", "description": "Red Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library.\n\nIt was discovered that Apache Tomcat did not limit the length of chunk\nsizes when using chunked transfer encoding. A remote attacker could use\nthis flaw to perform a denial of service attack against Tomcat by streaming\nan unlimited quantity of data, leading to excessive consumption of server\nresources. (CVE-2014-0075)\n\nIt was found that Apache Tomcat did not check for overflowing values when\nparsing request content length headers. A remote attacker could use this\nflaw to perform an HTTP request smuggling attack on a Tomcat server located\nbehind a reverse proxy that processed the content length header correctly.\n(CVE-2014-0099)\n\nIt was found that the org.apache.catalina.servlets.DefaultServlet\nimplementation in Apache Tomcat allowed the definition of XML External\nEntities (XXEs) in provided XSLTs. A malicious application could use this\nto circumvent intended security restrictions to disclose sensitive\ninformation. (CVE-2014-0096)\n\nThe CVE-2014-0075 issue was discovered by David Jorm of Red Hat Product\nSecurity.\n\nThis update also fixes the following bug:\n\nThe tomcat6-lib-6.0.37-19_patch_04.ep6.el5 package, provided as a\ndependency of Red Hat JBoss Web Server 2.0.1, included a build of\ncommons-dbcp.jar that used an incorrect java package name, causing\napplications using this dependency to not function properly. With this\nupdate, the java package name has been corrected. (BZ#1101287)\n\nAll users of Red Hat JBoss Web Server 2.0.1 are advised to upgrade to these\nupdated tomcat6 packages, which contain backported patches to correct these\nissues. The Red Hat JBoss Web Server process must be restarted for the\nupdate to take effect.", "cvss3": {}, "published": "2014-07-03T16:52:45", "type": "redhat", "title": "(RHSA-2014:0834) Moderate: Red Hat JBoss Web Server 2.0.1 tomcat6 security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0075", "CVE-2014-0096", "CVE-2014-0099"], "modified": "2018-08-09T15:46:59", "id": "RHSA-2014:0834", "href": "https://access.redhat.com/errata/RHSA-2014:0834", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-26T10:21:36", "description": "Red Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library.\n\nIt was discovered that Apache Tomcat did not limit the length of chunk\nsizes when using chunked transfer encoding. A remote attacker could use\nthis flaw to perform a denial of service attack against Tomcat by streaming\nan unlimited quantity of data, leading to excessive consumption of server\nresources. (CVE-2014-0075)\n\nIt was found that Apache Tomcat did not check for overflowing values when\nparsing request content length headers. A remote attacker could use this\nflaw to perform an HTTP request smuggling attack on a Tomcat server located\nbehind a reverse proxy that processed the content length header correctly.\n(CVE-2014-0099)\n\nIt was found that the org.apache.catalina.servlets.DefaultServlet\nimplementation in Apache Tomcat allowed the definition of XML External\nEntities (XXEs) in provided XSLTs. A malicious application could use this\nto circumvent intended security restrictions to disclose sensitive\ninformation. (CVE-2014-0096)\n\nThe CVE-2014-0075 issue was discovered by David Jorm of Red Hat Product\nSecurity.\n\nAll users of Red Hat JBoss Web Server 2.0.1 as provided from the Red Hat\nCustomer Portal are advised to apply this update. The Red Hat JBoss Web\nServer process must be restarted for the update to take effect.", "cvss3": {}, "published": "2014-07-03T16:54:26", "type": "redhat", "title": "(RHSA-2014:0836) Moderate: Red Hat JBoss Web Server 2.0.1 tomcat7 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0075", "CVE-2014-0096", "CVE-2014-0099"], "modified": "2019-02-20T12:16:32", "id": "RHSA-2014:0836", "href": "https://access.redhat.com/errata/RHSA-2014:0836", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-26T10:21:35", "description": "Red Hat JBoss Data Grid is a distributed in-memory data grid, based on\nInfinispan.\n\nThis release of Red Hat JBoss Data Grid 6.4.0 serves as a replacement for\nRed Hat JBoss Data Grid 6.3.1. It includes various bug fixes and\nenhancements, which are detailed in the Red Hat JBoss Data Grid 6.4.0\nRelease Notes. The Release Notes are available at:\nhttps://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Data_Grid/\n\nThis update also fixes the following security issue:\n\nIt was found that the implementation of the\norg.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory() method\nprovided a DocumentBuilderFactory that would expand entity references.\nA remote, unauthenticated attacker could use this flaw to read files\naccessible to the user running the application server, and potentially\nperform other more advanced XXE attacks. (CVE-2014-3530)\n\nRed Hat would like to thank Alexander Papadakis for reporting\nCVE-2014-3530.\n\nAll users of Red Hat JBoss Data Grid 6.3.1 as provided from the Red Hat\nCustomer Portal are advised to upgrade to Red Hat JBoss Data Grid 6.4.0.", "cvss3": {}, "published": "2015-01-27T16:16:17", "type": "redhat", "title": "(RHSA-2015:0091) Important: Red Hat JBoss Data Grid 6.4.0 update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0227", "CVE-2014-3530"], "modified": "2019-02-20T12:19:03", "id": "RHSA-2015:0091", "href": "https://access.redhat.com/errata/RHSA-2015:0091", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-26T10:21:36", "description": "Red Hat JBoss Enterprise Web Platform is a platform for Java applications,\nwhich integrates the JBoss Web Server with JBoss Hibernate and JBoss Seam.\n\nIt was discovered that the HttpClient incorrectly extracted host name from\nan X.509 certificate subject's Common Name (CN) field. A man-in-the-middle\nattacker could use this flaw to spoof an SSL server using a specially\ncrafted X.509 certificate. (CVE-2012-6153, CVE-2014-3577)\n\nThe CVE-2012-6153 issue was discovered by Florian Weimer of Red Hat\nProduct Security.\n\nFor additional information on these flaws, refer to the Knowledgebase\narticle in the References section.\n\nAll users of Red Hat JBoss Enterprise Web Platform 5.2.0 on Red Hat\nEnterprise Linux 4, 5, and 6 are advised to upgrade to these updated\npackages. The JBoss server process must be restarted for the update to\ntake effect.\n", "cvss3": {}, "published": "2014-11-10T00:00:00", "type": "redhat", "title": "(RHSA-2014:1833) Important: Red Hat JBoss Enterprise Web Platform 5.2.0 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-6153", "CVE-2014-3577"], "modified": "2018-06-06T22:39:14", "id": "RHSA-2014:1833", "href": "https://access.redhat.com/errata/RHSA-2014:1833", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-05-26T10:21:36", "description": "Red Hat JBoss BRMS is a business rules management system for the\nmanagement, storage, creation, modification, and deployment of JBoss Rules.\n\nThis roll up patch serves as a cumulative upgrade for Red Hat JBoss BRMS\n6.0.3, and includes bug fixes and enhancements. It includes various bug\nfixes, which are listed in the README file included with the patch files.\n\nThe following security issues are fixed with this release:\n\nIt was discovered that Jakarta Commons HttpClient incorrectly extracted the\nhost name from an X.509 certificate subject's Common Name (CN) field.\nA man-in-the-middle attacker could use this flaw to spoof an SSL server\nusing a specially crafted X.509 certificate. (CVE-2012-6153, CVE-2014-3577)\n\nThe CVE-2012-6153 issue was discovered by Florian Weimer of Red Hat\nProduct Security.\n\nAll users of Red Hat JBoss BRMS 6.0.3 as provided from the Red Hat Customer\nPortal are advised to apply this roll up patch.", "cvss3": {}, "published": "2014-11-24T20:43:48", "type": "redhat", "title": "(RHSA-2014:1891) Important: Red Hat JBoss BRMS 6.0.3 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-6153", "CVE-2014-3577"], "modified": "2019-02-20T12:18:20", "id": "RHSA-2014:1891", "href": "https://access.redhat.com/errata/RHSA-2014:1891", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-05-26T10:21:36", "description": "Red Hat JBoss Enterprise Application Platform is a platform for Java\napplications, which integrates the JBoss Application Server with JBoss\nHibernate and JBoss Seam.\n\nIt was discovered that the HttpClient incorrectly extracted host name from\nan X.509 certificate subject's Common Name (CN) field. A man-in-the-middle\nattacker could use this flaw to spoof an SSL server using a specially\ncrafted X.509 certificate. (CVE-2012-6153, CVE-2014-3577)\n\nThe CVE-2012-6153 issue was discovered by Florian Weimer of Red Hat\nProduct Security.\n\nFor additional information on these flaws, refer to the Knowledgebase\narticle in the References section.\n\nAll users of Red Hat JBoss Enterprise Application Platform 5.2.0 on Red Hat\nEnterprise Linux 4, 5, and 6 are advised to upgrade to these updated\npackages. The JBoss server process must be restarted for the update to take\neffect.\n", "cvss3": {}, "published": "2014-11-10T00:00:00", "type": "redhat", "title": "(RHSA-2014:1834) Important: Red Hat JBoss Enterprise Application Platform 5.2.0 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-6153", "CVE-2014-3577"], "modified": "2018-06-06T22:37:43", "id": "RHSA-2014:1834", "href": "https://access.redhat.com/errata/RHSA-2014:1834", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-05-26T10:21:36", "description": "Red Hat JBoss BPM Suite is a business rules and processes management system\nfor the management, storage, creation, modification, and deployment of\nJBoss rules and BPMN2-compliant business processes.\n\nThis roll up patch serves as a cumulative upgrade for Red Hat JBoss BPM\nSuite 6.0.3, and includes bug fixes and enhancements. It includes various\nbug fixes, which are listed in the README file included with the\npatch files.\n\nThe following security issues are fixed with this release:\n\nIt was discovered that Jakarta Commons HttpClient incorrectly extracted the\nhost name from an X.509 certificate subject's Common Name (CN) field.\nA man-in-the-middle attacker could use this flaw to spoof an SSL server\nusing a specially crafted X.509 certificate. (CVE-2012-6153, CVE-2014-3577)\n\nThe CVE-2012-6153 issue was discovered by Florian Weimer of Red Hat\nProduct Security.\n\nAll users of Red Hat JBoss BPM Suite 6.0.3 as provided from the Red Hat\nCustomer Portal are advised to apply this roll up patch.", "cvss3": {}, "published": "2014-11-24T20:44:18", "type": "redhat", "title": "(RHSA-2014:1892) Important: Red Hat JBoss BPM Suite 6.0.3 update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-6153", "CVE-2014-3577"], "modified": "2019-02-20T12:18:42", "id": "RHSA-2014:1892", "href": "https://access.redhat.com/errata/RHSA-2014:1892", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-10-20T10:38:44", "description": "Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards compliant messaging system that is tailored for use in mission critical applications.\n\nThis patch is an update to Red Hat JBoss Fuse 6.2.1 and Red Hat JBoss A-MQ 6.2.1. It includes several bug fixes, which are documented in the readme.txt file included with the patch files.\n\nSecurity Fix(es):\n\n* It was found that the fix for CVE-2012-6153 was incomplete: the code\nadded to check that the server hostname matches the domain name in a\nsubject's Common Name (CN) field in X.509 certificates was flawed. A\nman-in-the-middle attacker could use this flaw to spoof an SSL server using\na specially crafted X.509 certificate. (CVE-2014-3577)\n\nRefer to the readme.txt file included with the patch files for installation instructions.", "cvss3": {}, "published": "2016-09-23T20:29:27", "type": "redhat", "title": "(RHSA-2016:1931) Important: Red Hat JBoss Fuse/A-MQ 6.2.1 security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-6153", "CVE-2014-3577"], "modified": "2019-02-20T12:28:34", "id": "RHSA-2016:1931", "href": "https://access.redhat.com/errata/RHSA-2016:1931", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-05-26T10:21:36", "description": "Thermostat is a monitoring and instrumentation tool for the OpenJDK HotSpot\nJava Virtual Machine (JVM) with support for monitoring multiple\nJVM instances.\n\nThe httpcomponents-client package provides an HTTP agent implementation\nthat is used by Thermostat to visualize collected data in an HTTP-aware\nclient application.\n\nIt was found that the fix for CVE-2012-6153 was incomplete: the code added\nto check that the server hostname matches the domain name in a subject's\nCommon Name (CN) field in X.509 certificates was flawed.\nA man-in-the-middle attacker could use this flaw to spoof an SSL server\nusing a specially crafted X.509 certificate. (CVE-2014-3577)\n\nFor additional information on this flaw, refer to the Knowledgebase\narticle in the References section.\n\nAll thermostat1-httpcomponents-client users are advised to upgrade to these\nupdated packages, which contain a backported patch to correct this issue.\n", "cvss3": {}, "published": "2014-08-20T00:00:00", "type": "redhat", "title": "(RHSA-2014:1082) Important: thermostat1-httpcomponents-client security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-6153", "CVE-2014-3577"], "modified": "2018-06-12T21:28:26", "id": "RHSA-2014:1082", "href": "https://access.redhat.com/errata/RHSA-2014:1082", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-05-26T10:21:36", "description": "Red Hat JBoss Operations Network is a middleware management solution that\nprovides a single point of control to deploy, manage, and monitor JBoss\nEnterprise Middleware, applications, and services.\n\nThis JBoss Operations Network 3.2.3 release serves as a replacement for\nJBoss Operations Network 3.2.2, and includes several bug fixes. Refer to\nthe JBoss Operations Network 3.2.3 Release Notes for information on the\nmost significant of these changes. The Release Notes will be available\nshortly from https://access.redhat.com/documentation/en-US/\n\nThe following security issues are also fixed with this release:\n\nIt was discovered that JBoss Web did not limit the length of chunk sizes\nwhen using chunked transfer encoding. A remote attacker could use this flaw\nto perform a denial of service attack against JBoss Web by streaming an\nunlimited quantity of data, leading to excessive consumption of server\nresources. (CVE-2014-0075)\n\nIt was found that JBoss Web did not check for overflowing values when\nparsing request content length headers. A remote attacker could use this\nflaw to perform an HTTP request smuggling attack on a JBoss Web server\nlocated behind a reverse proxy that processed the content length header\ncorrectly. (CVE-2014-0099)\n\nThe CVE-2014-0075 issue was discovered by David Jorm of Red Hat Product\nSecurity.\n\nAll users of JBoss Operations Network 3.2.2 as provided from the Red Hat\nCustomer Portal are advised to upgrade to JBoss Operations Network 3.2.3.", "cvss3": {}, "published": "2014-09-03T18:03:14", "type": "redhat", "title": "(RHSA-2014:1149) Moderate: Red Hat JBoss Operations Network 3.2.3 update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0075", "CVE-2014-0099"], "modified": "2019-02-20T12:17:15", "id": "RHSA-2014:1149", "href": "https://access.redhat.com/errata/RHSA-2014:1149", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-26T10:21:36", "description": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nIt was discovered that Apache Tomcat did not limit the length of chunk\nsizes when using chunked transfer encoding. A remote attacker could use\nthis flaw to perform a denial of service attack against Tomcat by streaming\nan unlimited quantity of data, leading to excessive consumption of server\nresources. (CVE-2014-0075)\n\nIt was found that Apache Tomcat did not check for overflowing values when\nparsing request content length headers. A remote attacker could use this\nflaw to perform an HTTP request smuggling attack on a Tomcat server located\nbehind a reverse proxy that processed the content length header correctly.\n(CVE-2014-0099)\n\nIt was found that the org.apache.catalina.servlets.DefaultServlet\nimplementation in Apache Tomcat allowed the definition of XML External\nEntities (XXEs) in provided XSLTs. A malicious application could use this\nto circumvent intended security restrictions to disclose sensitive\ninformation. (CVE-2014-0096)\n\nThe CVE-2014-0075 issue was discovered by David Jorm of Red Hat Product\nSecurity.\n\nThis update also fixes the following bugs:\n\n* The patch that resolved the CVE-2014-0050 issue contained redundant code.\nThis update removes the redundant code. (BZ#1094528)\n\n* The patch that resolved the CVE-2013-4322 issue contained an invalid\ncheck that triggered a java.io.EOFException while reading trailer headers\nfor chunked requests. This update fixes the check and the aforementioned\nexception is no longer triggered in the described scenario. (BZ#1095602)\n\nAll Tomcat 6 users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. Tomcat must be\nrestarted for this update to take effect.\n", "cvss3": {}, "published": "2014-07-09T00:00:00", "type": "redhat", "title": "(RHSA-2014:0865) Moderate: tomcat6 security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4322", "CVE-2014-0050", "CVE-2014-0075", "CVE-2014-0096", "CVE-2014-0099"], "modified": "2018-06-06T16:24:29", "id": "RHSA-2014:0865", "href": "https://access.redhat.com/errata/RHSA-2014:0865", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-26T10:21:35", "description": "Red Hat JBoss Enterprise Application Platform 6 is a platform for Java\napplications based on JBoss Application Server 7.\n\nIt was discovered that the Apache CXF incorrectly extracted the host name\nfrom an X.509 certificate subject's Common Name (CN) field.\nA man-in-the-middle attacker could use this flaw to spoof an SSL server\nusing a specially crafted X.509 certificate. (CVE-2012-6153, CVE-2014-3577)\n\nIt was found that Apache WSS4J (Web Services Security for Java), as used by\nApache CXF with the TransportBinding, did not, by default, properly enforce\nall security requirements associated with SAML SubjectConfirmation methods.\nA remote attacker could use this flaw to perform various types of spoofing\nattacks on web service endpoints secured by WSS4j that rely on SAML for\nauthentication. (CVE-2014-3623)\n\nThe CVE-2012-6153 issue was discovered by Florian Weimer of Red Hat\nProduct Security.\n\nAll users of Red Hat JBoss Enterprise Application Platform 6.3.2 on Red\nHat Enterprise Linux 5, 6, and 7 are advised to upgrade to these updated\npackages. The JBoss server process must be restarted for the update to\ntake effect.\n", "cvss3": {}, "published": "2014-12-18T00:00:00", "type": "redhat", "title": "(RHSA-2014:2019) Important: Red Hat JBoss Enterprise Application Platform 6.3.2 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-6153", "CVE-2014-3577", "CVE-2014-3623"], "modified": "2018-06-06T22:41:56", "id": "RHSA-2014:2019", "href": "https://access.redhat.com/errata/RHSA-2014:2019", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-05-26T10:21:29", "description": "This release of Red Hat JBoss Portal 6.2.0 serves as a replacement for\nRed Hat JBoss BPM Suite 6.1.1, and includes bug fixes and enhancements.\nRefer to the Red Hat JBoss BPM Suite 6.2.0 Release Notes for information on\nthe most significant of these changes. The Release Notes are available at\nhttps://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Portal/\n\nThe following security issues are also fixed with this release,\ndescriptions of which can be found on the respective CVE pages linked in\nthe References section.\n\nCVE-2012-6153 Apache HttpComponents client / Apache CXF: SSL hostname verification bypass\n\nCVE-2013-1624 bouncycastle: TLS CBC padding timing attack\n\nCVE-2013-2133 JBoss WS: EJB3 role restrictions are not applied to jaxws\nhandlers\n\nCVE-2013-4286 JBossWeb: multiple content-length header poisoning flaws\n\nCVE-2013-5855 Mojarra JSF2: XSS due to insufficient escaping of\nuser-supplied content in outputText tags and EL expressions\n\nCVE-2013-7285 XStream: remote code execution due to insecure XML\ndeserialization\n\nCVE-2014-0005 PicketBox/JBossSX: Security domain authentication\nconfiguration modifiable by application\n\nCVE-2014-0018 JBoss AS Server: Unchecked access to MSC Service Registry\nunder JSM\n\nCVE-2014-0034 Apache CXF: The SecurityTokenService accepts certain invalid\nSAML Tokens as valid\n\nCVE-2014-0035 Apache CXF: UsernameTokens are sent in plaintext with a\nSymmetric EncryptBeforeSigning policy\n\nCVE-2014-0050 JBossWeb: denial of service due to too-small buffer size used\nbt MultipartStream\n\nCVE-2014-0058 Red Hat JBoss EAP 6: Plain text password logging\n\nCVE-2014-0059 PicketBox/JBossSX: World readable audit.log file\n\nCVE-2014-0075 JBossWeb: Limited DoS in chunked transfer encoding input\nfilter\n\nCVE-2014-0086 JBoss RichFaces: remote denial of service via memory\nexhaustion\n\nCVE-2014-0093 Red Hat JBoss EAP 6: JSM policy not respected by deployed\napplications\n\nCVE-2014-0096 JBossWeb: XXE vulnerability via user supplied XSLTs\n\nCVE-2014-0099 JBossWeb: Request smuggling via malicious content length\nheader\n\nCVE-2014-0107 Xalan-Java: insufficient constraints in secure processing\nfeature (oCERT-2014-002)\n\nCVE-2014-0109 Apache CXF: HTML content posted to SOAP endpoint could cause\nOOM errors\n\nCVE-2014-0110 Apache CXF: Large invalid content fills temporary space\n\nCVE-2014-0119 JBossWeb: XML parser hijack by malicious web application\n\nCVE-2014-0193 Netty: DoS via memory exhaustion during data aggregation\n\nCVE-2014-0227 JBossWeb: Limited DoS in chunked transfer encoding input\nfilter\n\nCVE-2014-0245 GateIn WSRP: Information disclosure via unsafe concurrency\nhandling in interceptor\n\nCVE-2014-3472 JBoss AS Controller: Invalid EJB caller role check\n\nCVE-2014-3481 JBoss AS JAX RS Integration: Information disclosure via XML\nXXE\n\nCVE-2014-3490 RESTEasy: XXE via parameter entities\n\nCVE-2014-3530 PicketLink: XXE via insecure DocumentBuilderFactory usage\n\nCVE-2014-3574 Apache POI: entity expansion (billion laughs) flaw\n\nCVE-2014-3529 Apache POI: XXE flaw\n\nCVE-2014-3577 Apache HttpComponents incomplete fix for CVE-2012-6153\n\nCVE-2014-3586 JBoss AS CLI: Insecure default permissions on history file\n\nCVE-2014-4172 Cas-client: Bypass of security constraints via URL parameter\ninjection\n\nRed Hat would like to thank James Roper of Typesafe for reporting\nCVE-2014-0193, CA Technologies for reporting CVE-2014-3472, and Alexander\nPapadakis for reporting CVE-2014-3530. The CVE-2013-2133 issue was\ndiscovered by Richard Opalka and Arun Neelicattu of Red Hat, the\nCVE-2014-0005 issue was discovered by Josef Cacek of the Red Hat JBoss EAP\nQuality Engineering team, the CVE-2014-0018 issue was discovered by Stuart\nDouglas of Red Hat, the CVE-2014-3481 issue was discovered by the Red Hat\nJBoss Enterprise Application Platform QE team, the CVE-2014-0075 and\nCVE-2014-3490 issues were discovered by David Jorm of Red Hat Product\nSecurity, and the CVE-2014-0093 issue was discovered by Josef Cacek of the\nRed Hat JBoss EAP Quality Engineering team.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2015-05-14T15:12:54", "type": "redhat", "title": "(RHSA-2015:1009) Important: Red Hat JBoss Portal 6.2.0 update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-6153", "CVE-2013-1624", "CVE-2013-2133", "CVE-2013-4286", "CVE-2013-5855", "CVE-2013-7285", "CVE-2014-0005", "CVE-2014-0018", "CVE-2014-0034", "CVE-2014-0035", "CVE-2014-0050", "CVE-2014-0058", "CVE-2014-0059", "CVE-2014-0075", "CVE-2014-0086", "CVE-2014-0093", "CVE-2014-0096", "CVE-2014-0099", "CVE-2014-0107", "CVE-2014-0109", "CVE-2014-0110", "CVE-2014-0119", "CVE-2014-0193", "CVE-2014-0227", "CVE-2014-0245", "CVE-2014-3472", "CVE-2014-3481", "CVE-2014-3490", "CVE-2014-3529", "CVE-2014-3530", "CVE-2014-3574", "CVE-2014-3577", "CVE-2014-3586", "CVE-2014-4172", "CVE-2014-7839", "CVE-2015-0226", "CVE-2015-0227"], "modified": "2019-02-20T12:21:21", "id": "RHSA-2015:1009", "href": "https://access.redhat.com/errata/RHSA-2015:1009", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-06T15:38:48", "description": "Red Hat JBoss SOA Platform is the next-generation ESB and business process\nautomation infrastructure. Red Hat JBoss SOA Platform allows IT to leverage\nexisting (MoM and EAI), modern (SOA and BPM-Rules), and future (EDA and\nCEP) integration methodologies to dramatically improve business process\nexecution speed and quality.\n\nIt was found that the code which checked that the server hostname matches\nthe domain name in a subject's Common Name (CN) field in X.509 certificates\nwas flawed. A man-in-the-middle attacker could use this flaw to spoof an\nSSL server using a specially crafted X.509 certificate. (CVE-2012-6153,\nCVE-2014-3577)\n\nIt was found that XStream could deserialize arbitrary user-supplied XML\ncontent, representing objects of any type. A remote attacker able to pass\nXML to XStream could use this flaw to perform a variety of attacks,\nincluding remote code execution in the context of the server running the\nXStream application. (CVE-2013-7285)\n\nIt was found that the secure processing feature of Xalan-Java had\ninsufficient restrictions defined for certain properties and features.\nA remote attacker able to provide Extensible Stylesheet Language\nTransformations (XSLT) content to be processed by an application using\nXalan-Java could use this flaw to bypass the intended constraints of the\nsecure processing feature. Depending on the components available in the\nclasspath, this could lead to arbitrary remote code execution in the\ncontext of the application server running the application that uses\nXalan-Java. (CVE-2014-0107)\n\nIt was found that the org.jboss.seam.web.AuthenticationFilter class\nimplementation did not properly use Seam logging. A remote attacker could\nsend specially crafted authentication headers to an application, which\ncould result in arbitrary code execution with the privileges of the user\nrunning that application. (CVE-2014-0248)\n\nIt was found that the implementation of the\norg.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory() method\nprovided a DocumentBuilderFactory that would expand entity references.\nA remote, unauthenticated attacker could use this flaw to read files\naccessible to the user running the application server, and potentially\nperform other more advanced XXE attacks. (CVE-2014-3530)\n\nIt was discovered that the implementation used by the Not Yet Commons SSL\nproject to check that the server host name matches the domain name in the\nsubject's CN field was flawed. This could be exploited by a\nman-in-the-middle attacker by spoofing a valid certificate using a\nspecially crafted subject. (CVE-2014-3604)\n\nRed Hat would like to thank Alexander Papadakis for reporting\nCVE-2014-3530. The CVE-2012-6153 issue was discovered by Florian Weimer of\nRed Hat Product Security, the CVE-2014-3604 issue was discovered by Arun\nBabu Neelicattu of Red Hat Product Security, and the CVE-2014-0248 issue\nwas discovered by Marek Schmidt of Red Hat.\n\nAll users of Red Hat JBoss SOA Platform 5.3.1 as provided from the Red Hat\nCustomer Portal are advised to apply this security update.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2015-10-12T15:22:52", "type": "redhat", "title": "(RHSA-2015:1888) Important: Red Hat JBoss SOA Platform 5.3.1 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-6153", "CVE-2013-7285", "CVE-2014-0107", "CVE-2014-0248", "CVE-2014-3530", "CVE-2014-3577", "CVE-2014-3604"], "modified": "2019-02-20T12:25:04", "id": "RHSA-2015:1888", "href": "https://access.redhat.com/errata/RHSA-2015:1888", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-26T10:21:36", "description": "Red Hat Enterprise Virtualization Manager is a visual tool for centrally\nmanaging collections of virtual servers running Red Hat Enterprise Linux\nand Microsoft Windows. This package also includes the Red Hat Enterprise\nVirtualization Manager API, a set of scriptable commands that give\nadministrators the ability to perform queries and operations on Red Hat\nEnterprise Virtualization Manager.\n\nThe Manager is a JBoss Application Server application that provides several\ninterfaces through which the virtual environment can be accessed and\ninteracted with, including an Administration Portal, a User Portal, and a\nRepresentational State Transfer (REST) Application Programming Interface\n(API).\n\nIt was discovered that the HttpClient incorrectly extracted the host name\nfrom an X.509 certificate subject's Common Name (CN) field.\nA man-in-the-middle attacker could use this flaw to spoof an SSL server\nusing a specially crafted X.509 certificate. (CVE-2012-6153, CVE-2014-3577)\n\nA Cross-Site Request Forgery (CSRF) flaw was found in the oVirt REST API.\nA remote attacker could provide a specially crafted web page that, when\nvisited by a user with a valid REST API session, would allow the attacker\nto trigger calls to the oVirt REST API. (CVE-2014-0151)\n\nIt was found that the oVirt web admin interface did not include the\nHttpOnly flag when setting session IDs with the Set-Cookie header.\nThis flaw could make it is easier for a remote attacker to hijack an oVirt\nweb admin session by leveraging a cross-site scripting (XSS) vulnerability.\n(CVE-2014-0154)\n\nThe CVE-2012-6153 issue was discovered by Florian Weimer of Red Hat\nProduct Security.\n\nThese updated Red Hat Enterprise Virtualization Manager packages also\ninclude numerous bug fixes and various enhancements. Space precludes\ndocumenting all of these changes in this advisory. Users are directed to\nthe Red Hat Enterprise Virtualization 3.5 Manager Release Notes document,\nlinked to in the References, for information on the most significant of\nthese changes.\n\nAll Red Hat Enterprise Virtualization Manager users are advised to upgrade\nto these updated packages, which resolve these issues and add these\nenhancements.\n", "cvss3": {}, "published": "2014-07-13T00:00:00", "type": "redhat", "title": "(RHSA-2015:0158) Important: Red Hat Enterprise Virtualization Manager 3.5.0", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-6153", "CVE-2014-0151", "CVE-2014-0154", "CVE-2014-3577"], "modified": "2018-06-07T05:00:43", "id": "RHSA-2015:0158", "href": "https://access.redhat.com/errata/RHSA-2015:0158", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-12-07T15:24:34", "description": "Updated tomcat6 packages fix security vulnerabilities :\n\nInteger overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40 and 7.x before 7.0.53 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data (CVE-2014-0075).\n\njava/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40 and 7.x before 7.0.53 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue (CVE-2014-0096).\n\nInteger overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40 and 7.x before 7.0.53, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header (CVE-2014-0099).\n\nApache Tomcat before 6.0.40 and 7.x before 7.0.54 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or read files associated with different web applications on a single Tomcat instance via a crafted web application (CVE-2014-0119).\n\nIn Apache Tomcat 6.x before 6.0.55, it was possible to craft a malformed chunk as part of a chunked request that caused Tomcat to read part of the request body as a new request (CVE-2014-0227).", "cvss3": {}, "published": "2015-03-19T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : tomcat6 (MDVSA-2015:053)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0075", "CVE-2014-0096", "CVE-2014-0099", "CVE-2014-0119", "CVE-2014-0227"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:tomcat6", "p-cpe:/a:mandriva:linux:tomcat6-admin-webapps", "p-cpe:/a:mandriva:linux:tomcat6-docs-webapp", "p-cpe:/a:mandriva:linux:tomcat6-el-2.1-api", "p-cpe:/a:mandriva:linux:tomcat6-javadoc", "p-cpe:/a:mandriva:linux:tomcat6-jsp-2.1-api", "p-cpe:/a:mandriva:linux:tomcat6-lib", "p-cpe:/a:mandriva:linux:tomcat6-servlet-2.5-api", "p-cpe:/a:mandriva:linux:tomcat6-systemv", "p-cpe:/a:mandriva:linux:tomcat6-webapps", "cpe:/o:mandriva:business_server:1"], "id": "MANDRIVA_MDVSA-2015-053.NASL", "href": "https://www.tenable.com/plugins/nessus/81936", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2015:053. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81936);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-0075\", \"CVE-2014-0096\", \"CVE-2014-0099\", \"CVE-2014-0119\", \"CVE-2014-0227\");\n script_bugtraq_id(67667, 67668, 67669, 67671, 72717);\n script_xref(name:\"MDVSA\", value:\"2015:053\");\n\n script_name(english:\"Mandriva Linux Security Advisory : tomcat6 (MDVSA-2015:053)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated tomcat6 packages fix security vulnerabilities :\n\nInteger overflow in the parseChunkHeader function in\njava/org/apache/coyote/http11/filters/ChunkedInputFilter.java in\nApache Tomcat before 6.0.40 and 7.x before 7.0.53 allows remote\nattackers to cause a denial of service (resource consumption) via a\nmalformed chunk size in chunked transfer coding of a request during\nthe streaming of data (CVE-2014-0075).\n\njava/org/apache/catalina/servlets/DefaultServlet.java in the default\nservlet in Apache Tomcat before 6.0.40 and 7.x before 7.0.53 does not\nproperly restrict XSLT stylesheets, which allows remote attackers to\nbypass security-manager restrictions and read arbitrary files via a\ncrafted web application that provides an XML external entity\ndeclaration in conjunction with an entity reference, related to an XML\nExternal Entity (XXE) issue (CVE-2014-0096).\n\nInteger overflow in java/org/apache/tomcat/util/buf/Ascii.java in\nApache Tomcat before 6.0.40 and 7.x before 7.0.53, when operated\nbehind a reverse proxy, allows remote attackers to conduct HTTP\nrequest smuggling attacks via a crafted Content-Length HTTP header\n(CVE-2014-0099).\n\nApache Tomcat before 6.0.40 and 7.x before 7.0.54 does not properly\nconstrain the class loader that accesses the XML parser used with an\nXSLT stylesheet, which allows remote attackers to read arbitrary files\nvia a crafted web application that provides an XML external entity\ndeclaration in conjunction with an entity reference, related to an XML\nExternal Entity (XXE) issue, or read files associated with different\nweb applications on a single Tomcat instance via a crafted web\napplication (CVE-2014-0119).\n\nIn Apache Tomcat 6.x before 6.0.55, it was possible to craft a\nmalformed chunk as part of a chunked request that caused Tomcat to\nread part of the request body as a new request (CVE-2014-0227).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0268.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2015-0081.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat6-systemv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"tomcat6-6.0.43-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"tomcat6-admin-webapps-6.0.43-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"tomcat6-docs-webapp-6.0.43-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"tomcat6-el-2.1-api-6.0.43-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"tomcat6-javadoc-6.0.43-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"tomcat6-jsp-2.1-api-6.0.43-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"tomcat6-lib-6.0.43-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"tomcat6-servlet-2.5-api-6.0.43-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"tomcat6-systemv-6.0.43-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"tomcat6-webapps-6.0.43-1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-06T15:20:12", "description": "The remote Solaris system is missing necessary patches to address security updates :\n\n - Integer overflow in the parseChunkHeader function in java/org/apache/coyote/ http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data. (CVE-2014-0075)\n\n - java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. (CVE-2014-0096)\n\n - Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.\n (CVE-2014-0099)\n\n - Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application.\n (CVE-2014-0119)", "cvss3": {}, "published": "2015-01-19T00:00:00", "type": "nessus", "title": "Oracle Solaris Third-Party Patch Update : tomcat (cve_2014_0075_numeric_errors)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0075", "CVE-2014-0096", "CVE-2014-0099", "CVE-2014-0119"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:oracle:solaris:11.1", "p-cpe:/a:oracle:solaris:tomcat"], "id": "SOLARIS11_TOMCAT_20140715.NASL", "href": "https://www.tenable.com/plugins/nessus/80794", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle Third Party software advisories.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80794);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0075\", \"CVE-2014-0096\", \"CVE-2014-0099\", \"CVE-2014-0119\");\n\n script_name(english:\"Oracle Solaris Third-Party Patch Update : tomcat (cve_2014_0075_numeric_errors)\");\n script_summary(english:\"Check for the 'entire' version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Solaris system is missing a security patch for third-party\nsoftware.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - Integer overflow in the parseChunkHeader function in\n java/org/apache/coyote/\n http11/filters/ChunkedInputFilter.java in Apache Tomcat\n before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4\n allows remote attackers to cause a denial of service\n (resource consumption) via a malformed chunk size in\n chunked transfer coding of a request during the\n streaming of data. (CVE-2014-0075)\n\n - java/org/apache/catalina/servlets/DefaultServlet.java in\n the default servlet in Apache Tomcat before 6.0.40, 7.x\n before 7.0.53, and 8.x before 8.0.4 does not properly\n restrict XSLT stylesheets, which allows remote attackers\n to bypass security-manager restrictions and read\n arbitrary files via a crafted web application that\n provides an XML external entity declaration in\n conjunction with an entity reference, related to an XML\n External Entity (XXE) issue. (CVE-2014-0096)\n\n - Integer overflow in\n java/org/apache/tomcat/util/buf/Ascii.java in Apache\n Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before\n 8.0.4, when operated behind a reverse proxy, allows\n remote attackers to conduct HTTP request smuggling\n attacks via a crafted Content-Length HTTP header.\n (CVE-2014-0099)\n\n - Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x\n before 8.0.6 does not properly constrain the class\n loader that accesses the XML parser used with an XSLT\n stylesheet, which allows remote attackers to (1) read\n arbitrary files via a crafted web application that\n provides an XML external entity declaration in\n conjunction with an entity reference, related to an XML\n External Entity (XXE) issue, or (2) read files\n associated with different web applications on a single\n Tomcat instance via a crafted web application.\n (CVE-2014-0119)\"\n );\n # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a913f44\"\n );\n # https://blogs.oracle.com/sunsecurity/cve-2014-0075-numeric-errors-vulnerability-in-apache-tomcat\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6e924831\"\n );\n # https://blogs.oracle.com/sunsecurity/cve-2014-0096-permissions,-privileges,-and-access-control-vulnerability-in-apache-tomcat\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dbae2747\"\n );\n # https://blogs.oracle.com/sunsecurity/cve-2014-0099-numeric-errors-vulnerability-in-apache-tomcat\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d7f016fe\"\n );\n # https://blogs.oracle.com/sunsecurity/cve-2014-0119-permissions,-privileges,-and-access-control-vulnerability-in-apache-tomcat\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a648f940\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Solaris 11.1.21.4.1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:11.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:tomcat\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\", \"Host/Solaris11/pkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\npkg_list = solaris_pkg_list_leaves();\nif (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, \"Solaris pkg-list packages\");\n\nif (empty_or_null(egrep(string:pkg_list, pattern:\"^tomcat$\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat\");\n\nflag = 0;\n\nif (solaris_check_release(release:\"0.5.11-0.175.1.21.0.4.1\", sru:\"SRU 11.1.21.4.1\") > 0) flag++;\n\nif (flag)\n{\n error_extra = 'Affected package : tomcat\\n' + solaris_get_report2();\n error_extra = ereg_replace(pattern:\"version\", replace:\"OS version\", string:error_extra);\n if (report_verbosity > 0) security_warning(port:0, extra:error_extra);\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_PACKAGE_NOT_AFFECTED, \"tomcat\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:28:12", "description": "According to its self-reported version number, the instance of Apache Tomcat 6.0.x listening on the remote host is prior to 6.0.40. It is, therefore, affected by the following vulnerabilities :\n\n - An error exists related to chunk size and chunked requests that allows denial of service attacks.\n (CVE-2014-0075)\n\n - An error exists related to XSLT handling and security managers that allows a security bypass related to external XML entities. (CVE-2014-0096)\n\n - An error exists related to content length header handling and using the application behind a reverse proxy that allows a security bypass. (CVE-2014-0099)\n\n - An error exists that allows undesired XML parsers to be injected into the application by a malicious web application, allows the bypassing of security controls, and allows the processing of external XML entities.\n (CVE-2014-0119)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2014-05-30T00:00:00", "type": "nessus", "title": "Apache Tomcat 6.0.x < 6.0.40 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0075", "CVE-2014-0096", "CVE-2014-0099", "CVE-2014-0119"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_6_0_41.NASL", "href": "https://www.tenable.com/plugins/nessus/74245", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74245);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2014-0075\",\n \"CVE-2014-0096\",\n \"CVE-2014-0099\",\n \"CVE-2014-0119\"\n );\n script_bugtraq_id(\n 67667,\n 67668,\n 67669,\n 67671\n );\n\n script_name(english:\"Apache Tomcat 6.0.x < 6.0.40 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apache Tomcat server is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the instance of Apache\nTomcat 6.0.x listening on the remote host is prior to 6.0.40. It is,\ntherefore, affected by the following vulnerabilities :\n\n - An error exists related to chunk size and chunked\n requests that allows denial of service attacks.\n (CVE-2014-0075)\n\n - An error exists related to XSLT handling and security\n managers that allows a security bypass related to \n external XML entities. (CVE-2014-0096)\n\n - An error exists related to content length header\n handling and using the application behind a reverse\n proxy that allows a security bypass. (CVE-2014-0099)\n\n - An error exists that allows undesired XML parsers to be\n injected into the application by a malicious web\n application, allows the bypassing of security controls,\n and allows the processing of external XML entities.\n (CVE-2014-0119)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.41\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Tomcat version 6.0.41 or later.\n\nNote that while version 6.0.40 fixes these issues, that version was\nnot officially released, and the vendor recommends upgrading to 6.0.41\nor later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0119\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/05/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/05/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n\n exit(0);\n}\n\ninclude(\"tomcat_version.inc\");\n\n# Note that 6.0.40 contained the fix,\n# but was never released\ntomcat_check_version(fixed:\"6.0.40\", min:\"6.0.0\", severity:SECURITY_WARNING, granularity_regex:\"^6(\\.0)?$\");\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:10:41", "description": "According to its self-reported version number, the instance of Apache Tomcat 6.0.x listening on the remote host is prior to 6.0.40. It is, therefore, affected by the following vulnerabilities:\n\n - An error exists related to chunk size and chunked requests that allows denial of service attacks. (CVE-2014-0075)\n\n - An error exists related to XSLT handling and security managers that allows a security bypass related to external XML entities. (CVE-2014-0096)\n\n - An error exists related to content length header handling and using the application behind a reverse proxy that allows a security bypass. (CVE-2014-0099)\n\n - An error exists that allows undesired XML parsers to be injected into the application by a malicious web application, allows the bypassing of security controls, and allows the processing of external XML entities. (CVE-2014-0119)\n\nNote that Nessus Network Monitor has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2015-03-02T00:00:00", "type": "nessus", "title": "Apache Tomcat 6.0.x < 6.0.40 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0075", "CVE-2014-0096", "CVE-2014-0099", "CVE-2014-0119"], "modified": "2019-05-20T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "8934.PASL", "href": "https://www.tenable.com/plugins/nnm/8934", "sourceData": "Binary data 8934.pasl", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:15:25", "description": "Updated Red Hat JBoss Enterprise Application Platform 6.2.4 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nRed Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7.\n\nIt was discovered that JBoss Web did not limit the length of chunk sizes when using chunked transfer encoding. A remote attacker could use this flaw to perform a denial of service attack against JBoss Web by streaming an unlimited quantity of data, leading to excessive consumption of server resources. (CVE-2014-0075)\n\nIt was found that JBoss Web did not check for overflowing values when parsing request content length headers. A remote attacker could use this flaw to perform an HTTP request smuggling attack on a JBoss Web server located behind a reverse proxy that processed the content length header correctly. (CVE-2014-0099)\n\nIt was found that the org.apache.catalina.servlets.DefaultServlet implementation in JBoss Web allowed the definition of XML External Entities (XXEs) in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive information. (CVE-2014-0096)\n\nIt was found that, in certain circumstances, it was possible for a malicious web application to replace the XML parsers used by JBoss Web to process XSLTs for the default servlet, JSP documents, tag library descriptors (TLDs), and tag plug-in configuration files. The injected XML parser(s) could then bypass the limits imposed on XML external entities and/or gain access to the XML files processed for other web applications deployed on the same JBoss Web instance. (CVE-2014-0119)\n\nThe CVE-2014-0075 issue was discovered by David Jorm of Red Hat Product Security.\n\nAll users of Red Hat JBoss Enterprise Application Platform 6.2.4 on Red Hat Enterprise Linux 5 and 6 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect.", "cvss3": {}, "published": "2014-07-08T00:00:00", "type": "nessus", "title": "RHEL 5 / 6 : JBoss EAP (RHSA-2014:0843)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0075", "CVE-2014-0096", "CVE-2014-0099", "CVE-2014-0119"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:jbossweb", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2014-0843.NASL", "href": "https://www.tenable.com/plugins/nessus/76401", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0843. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76401);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0075\", \"CVE-2014-0096\", \"CVE-2014-0099\", \"CVE-2014-0119\");\n script_bugtraq_id(67667, 67668, 67669, 67671);\n script_xref(name:\"RHSA\", value:\"2014:0843\");\n\n script_name(english:\"RHEL 5 / 6 : JBoss EAP (RHSA-2014:0843)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated Red Hat JBoss Enterprise Application Platform 6.2.4 packages\nthat fix multiple security issues are now available for Red Hat\nEnterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nModerate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nRed Hat JBoss Enterprise Application Platform 6 is a platform for Java\napplications based on JBoss Application Server 7.\n\nIt was discovered that JBoss Web did not limit the length of chunk\nsizes when using chunked transfer encoding. A remote attacker could\nuse this flaw to perform a denial of service attack against JBoss Web\nby streaming an unlimited quantity of data, leading to excessive\nconsumption of server resources. (CVE-2014-0075)\n\nIt was found that JBoss Web did not check for overflowing values when\nparsing request content length headers. A remote attacker could use\nthis flaw to perform an HTTP request smuggling attack on a JBoss Web\nserver located behind a reverse proxy that processed the content\nlength header correctly. (CVE-2014-0099)\n\nIt was found that the org.apache.catalina.servlets.DefaultServlet\nimplementation in JBoss Web allowed the definition of XML External\nEntities (XXEs) in provided XSLTs. A malicious application could use\nthis to circumvent intended security restrictions to disclose\nsensitive information. (CVE-2014-0096)\n\nIt was found that, in certain circumstances, it was possible for a\nmalicious web application to replace the XML parsers used by JBoss Web\nto process XSLTs for the default servlet, JSP documents, tag library\ndescriptors (TLDs), and tag plug-in configuration files. The injected\nXML parser(s) could then bypass the limits imposed on XML external\nentities and/or gain access to the XML files processed for other web\napplications deployed on the same JBoss Web instance. (CVE-2014-0119)\n\nThe CVE-2014-0075 issue was discovered by David Jorm of Red Hat\nProduct Security.\n\nAll users of Red Hat JBoss Enterprise Application Platform 6.2.4 on\nRed Hat Enterprise Linux 5 and 6 are advised to upgrade to these\nupdated packages. The JBoss server process must be restarted for the\nupdate to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:0843\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0075\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0099\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0119\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected jbossweb package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbossweb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/05/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:0843\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL5\", rpm:\"jbossas-welcome-content-eap\") || rpm_exists(release:\"RHEL6\", rpm:\"jbossas-welcome-content-eap\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"JBoss EAP\");\n\n if (rpm_check(release:\"RHEL5\", reference:\"jbossweb-7.3.2-4.Final_redhat_3.1.ep6.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"jbossweb-7.3.2-4.Final_redhat_3.1.ep6.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"jbossweb\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:31:21", "description": "It was discovered that JBoss Web / Apache Tomcat did not limit the length of chunk sizes when using chunked transfer encoding. A remote attacker could use this flaw to perform a denial of service attack against JBoss Web / Apache Tomcat by streaming an unlimited quantity of data, leading to excessive consumption of server resources.\n(CVE-2014-0075)\n\nIt was found that the org.apache.catalina.servlets.DefaultServlet implementation in JBoss Web / Apache Tomcat allowed the definition of XML External Entities (XXEs) in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive information. (CVE-2014-0096)\n\nIt was found that JBoss Web / Apache Tomcat did not check for overflowing values when parsing request content length headers. A remote attacker could use this flaw to perform an HTTP request smuggling attack on a JBoss Web / Apache Tomcat server located behind a reverse proxy that processed the content length header correctly.\n(CVE-2014-0099)\n\nIt was discovered that the ChunkedInputFilter in Tomcat did not fail subsequent attempts to read input after malformed chunked encoding was detected. A remote attacker could possibly use this flaw to make Tomcat process part of the request body as new request, or cause a denial of service. (CVE-2014-0227)", "cvss3": {}, "published": "2015-05-18T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : tomcat8 (ALAS-2015-527)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0075", "CVE-2014-0096", "CVE-2014-0099", "CVE-2014-0227"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:tomcat8", "p-cpe:/a:amazon:linux:tomcat8-admin-webapps", "p-cpe:/a:amazon:linux:tomcat8-docs-webapp", "p-cpe:/a:amazon:linux:tomcat8-el-3.0-api", "p-cpe:/a:amazon:linux:tomcat8-javadoc", "p-cpe:/a:amazon:linux:tomcat8-jsp-2.3-api", "p-cpe:/a:amazon:linux:tomcat8-lib", "p-cpe:/a:amazon:linux:tomcat8-log4j", "p-cpe:/a:amazon:linux:tomcat8-servlet-3.1-api", "p-cpe:/a:amazon:linux:tomcat8-webapps", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2015-527.NASL", "href": "https://www.tenable.com/plugins/nessus/83497", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2015-527.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83497);\n script_version(\"2.5\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2014-0075\", \"CVE-2014-0096\", \"CVE-2014-0099\", \"CVE-2014-0227\");\n script_xref(name:\"ALAS\", value:\"2015-527\");\n\n script_name(english:\"Amazon Linux AMI : tomcat8 (ALAS-2015-527)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that JBoss Web / Apache Tomcat did not limit the\nlength of chunk sizes when using chunked transfer encoding. A remote\nattacker could use this flaw to perform a denial of service attack\nagainst JBoss Web / Apache Tomcat by streaming an unlimited quantity\nof data, leading to excessive consumption of server resources.\n(CVE-2014-0075)\n\nIt was found that the org.apache.catalina.servlets.DefaultServlet\nimplementation in JBoss Web / Apache Tomcat allowed the definition of\nXML External Entities (XXEs) in provided XSLTs. A malicious\napplication could use this to circumvent intended security\nrestrictions to disclose sensitive information. (CVE-2014-0096)\n\nIt was found that JBoss Web / Apache Tomcat did not check for\noverflowing values when parsing request content length headers. A\nremote attacker could use this flaw to perform an HTTP request\nsmuggling attack on a JBoss Web / Apache Tomcat server located behind\na reverse proxy that processed the content length header correctly.\n(CVE-2014-0099)\n\nIt was discovered that the ChunkedInputFilter in Tomcat did not fail\nsubsequent attempts to read input after malformed chunked encoding was\ndetected. A remote attacker could possibly use this flaw to make\nTomcat process part of the request body as new request, or cause a\ndenial of service. (CVE-2014-0227)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2015-527.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update tomcat8' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-el-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-jsp-2.3-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-servlet-3.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat8-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-8.0.20-1.53.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-admin-webapps-8.0.20-1.53.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-docs-webapp-8.0.20-1.53.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-el-3.0-api-8.0.20-1.53.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-javadoc-8.0.20-1.53.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-jsp-2.3-api-8.0.20-1.53.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-lib-8.0.20-1.53.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-log4j-8.0.20-1.53.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-servlet-3.1-api-8.0.20-1.53.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat8-webapps-8.0.20-1.53.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat8 / tomcat8-admin-webapps / tomcat8-docs-webapp / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:31:21", "description": "It was discovered that JBoss Web / Apache Tomcat did not limit the length of chunk sizes when using chunked transfer encoding. A remote attacker could use this flaw to perform a denial of service attack against JBoss Web / Apache Tomcat by streaming an unlimited quantity of data, leading to excessive consumption of server resources.\n(CVE-2014-0075)\n\nIt was found that the org.apache.catalina.servlets.DefaultServlet implementation in JBoss Web / Apache Tomcat allowed the definition of XML External Entities (XXEs) in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive information. (CVE-2014-0096)\n\nIt was found that JBoss Web / Apache Tomcat did not check for overflowing values when parsing request content length headers. A remote attacker could use this flaw to perform an HTTP request smuggling attack on a JBoss Web / Apache Tomcat server located behind a reverse proxy that processed the content length header correctly.\n(CVE-2014-0099)\n\nIt was discovered that the ChunkedInputFilter in Tomcat did not fail subsequent attempts to read input after malformed chunked encoding was detected. A remote attacker could possibly use this flaw to make Tomcat process part of the request body as new request, or cause a denial of service. (CVE-2014-0227)", "cvss3": {}, "published": "2015-05-18T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : tomcat7 (ALAS-2015-526)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0075", "CVE-2014-0096", "CVE-2014-0099", "CVE-2014-0227"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:tomcat7", "p-cpe:/a:amazon:linux:tomcat7-admin-webapps", "p-cpe:/a:amazon:linux:tomcat7-docs-webapp", "p-cpe:/a:amazon:linux:tomcat7-el-2.2-api", "p-cpe:/a:amazon:linux:tomcat7-javadoc", "p-cpe:/a:amazon:linux:tomcat7-jsp-2.2-api", "p-cpe:/a:amazon:linux:tomcat7-lib", "p-cpe:/a:amazon:linux:tomcat7-log4j", "p-cpe:/a:amazon:linux:tomcat7-servlet-3.0-api", "p-cpe:/a:amazon:linux:tomcat7-webapps", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2015-526.NASL", "href": "https://www.tenable.com/plugins/nessus/83496", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2015-526.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83496);\n script_version(\"2.5\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2014-0075\", \"CVE-2014-0096\", \"CVE-2014-0099\", \"CVE-2014-0227\");\n script_xref(name:\"ALAS\", value:\"2015-526\");\n\n script_name(english:\"Amazon Linux AMI : tomcat7 (ALAS-2015-526)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that JBoss Web / Apache Tomcat did not limit the\nlength of chunk sizes when using chunked transfer encoding. A remote\nattacker could use this flaw to perform a denial of service attack\nagainst JBoss Web / Apache Tomcat by streaming an unlimited quantity\nof data, leading to excessive consumption of server resources.\n(CVE-2014-0075)\n\nIt was found that the org.apache.catalina.servlets.DefaultServlet\nimplementation in JBoss Web / Apache Tomcat allowed the definition of\nXML External Entities (XXEs) in provided XSLTs. A malicious\napplication could use this to circumvent intended security\nrestrictions to disclose sensitive information. (CVE-2014-0096)\n\nIt was found that JBoss Web / Apache Tomcat did not check for\noverflowing values when parsing request content length headers. A\nremote attacker could use this flaw to perform an HTTP request\nsmuggling attack on a JBoss Web / Apache Tomcat server located behind\na reverse proxy that processed the content length header correctly.\n(CVE-2014-0099)\n\nIt was discovered that the ChunkedInputFilter in Tomcat did not fail\nsubsequent attempts to read input after malformed chunked encoding was\ndetected. A remote attacker could possibly use this flaw to make\nTomcat process part of the request body as new request, or cause a\ndenial of service. (CVE-2014-0227)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2015-526.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update tomcat7' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-7.0.59-1.8.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-admin-webapps-7.0.59-1.8.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-docs-webapp-7.0.59-1.8.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-el-2.2-api-7.0.59-1.8.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-javadoc-7.0.59-1.8.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-jsp-2.2-api-7.0.59-1.8.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-lib-7.0.59-1.8.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-log4j-7.0.59-1.8.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-servlet-3.0-api-7.0.59-1.8.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-webapps-7.0.59-1.8.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat7 / tomcat7-admin-webapps / tomcat7-docs-webapp / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:22:54", "description": "Updated to 7.0.59\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-02-24T00:00:00", "type": "nessus", "title": "Fedora 21 : tomcat-7.0.59-1.fc21 (2015-2109)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0075", "CVE-2014-0096", "CVE-2014-0099", "CVE-2014-0227"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:tomcat", "cpe:/o:fedoraproject:fedora:21"], "id": "FEDORA_2015-2109.NASL", "href": "https://www.tenable.com/plugins/nessus/81457", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-2109.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81457);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-0075\", \"CVE-2014-0096\", \"CVE-2014-0099\", \"CVE-2014-0227\");\n script_xref(name:\"FEDORA\", value:\"2015-2109\");\n\n script_name(english:\"Fedora 21 : tomcat-7.0.59-1.fc21 (2015-2109)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated to 7.0.59\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1072776\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1088342\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1102030\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1109196\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c2f9095c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"tomcat-7.0.59-1.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:16:01", "description": "Security fix for CVE-2014-3577, CVE-2012-6153\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2014-08-27T00:00:00", "type": "nessus", "title": "Fedora 19 : jakarta-commons-httpclient-3.1-15.fc19 (2014-9539)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5783", "CVE-2012-6153", "CVE-2014-3577"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:jakarta-commons-httpclient", "cpe:/o:fedoraproject:fedora:19"], "id": "FEDORA_2014-9539.NASL", "href": "https://www.tenable.com/plugins/nessus/77396", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-9539.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77396);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-5783\", \"CVE-2012-6153\", \"CVE-2014-3577\");\n script_bugtraq_id(58073, 69257, 69258);\n script_xref(name:\"FEDORA\", value:\"2014-9539\");\n\n script_name(english:\"Fedora 19 : jakarta-commons-httpclient-3.1-15.fc19 (2014-9539)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2014-3577, CVE-2012-6153\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1129074\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1129916\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-August/137013.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6746a847\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected jakarta-commons-httpclient package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:jakarta-commons-httpclient\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"jakarta-commons-httpclient-3.1-15.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"jakarta-commons-httpclient\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:18:10", "description": "Updated Red Hat JBoss Enterprise Application Platform 6.3.0 packages that fix two security issues are now available for Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nRed Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7.\n\nIt was found that the fix for CVE-2012-5783 was incomplete: the code added to check that the server host name matches the domain name in a subject's Common Name (CN) field in X.509 certificates was flawed. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. (CVE-2012-6153)\n\nIt was discovered that the HttpClient incorrectly extracted host name from an X.509 certificate subject's Common Name (CN) field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. (CVE-2014-3577)\n\nThe CVE-2012-6153 issue was discovered by Florian Weimer of Red Hat Product Security.\n\nFor additional information on these flaws, refer to the Knowledgebase article in the References section.\n\nAll users of Red Hat JBoss Enterprise Application Platform 6.3.0 on Red Hat Enterprise Linux 5, 6, and 7 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect.", "cvss3": {}, "published": "2014-09-08T00:00:00", "type": "nessus", "title": "RHEL 5 / 6 / 7 : JBoss EAP (RHSA-2014:1162)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5783", "CVE-2012-6153", "CVE-2014-3577"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:httpclient-eap6", "p-cpe:/a:redhat:enterprise_linux:httpcomponents-client-eap6", "p-cpe:/a:redhat:enterprise_linux:httpcomponents-core-eap6", "p-cpe:/a:redhat:enterprise_linux:httpcomponents-project-eap6", "p-cpe:/a:redhat:enterprise_linux:httpcore-eap6", "p-cpe:/a:redhat:enterprise_linux:httpmime-eap6", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2014-1162.NASL", "href": "https://www.tenable.com/plugins/nessus/77561", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:1162. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77561);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-6153\", \"CVE-2014-3577\");\n script_bugtraq_id(69257, 69258);\n script_xref(name:\"RHSA\", value:\"2014:1162\");\n\n script_name(english:\"RHEL 5 / 6 / 7 : JBoss EAP (RHSA-2014:1162)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated Red Hat JBoss Enterprise Application Platform 6.3.0 packages\nthat fix two security issues are now available for Red Hat Enterprise\nLinux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nRed Hat JBoss Enterprise Application Platform 6 is a platform for Java\napplications based on JBoss Application Server 7.\n\nIt was found that the fix for CVE-2012-5783 was incomplete: the code\nadded to check that the server host name matches the domain name in a\nsubject's Common Name (CN) field in X.509 certificates was flawed. A\nman-in-the-middle attacker could use this flaw to spoof an SSL server\nusing a specially crafted X.509 certificate. (CVE-2012-6153)\n\nIt was discovered that the HttpClient incorrectly extracted host name\nfrom an X.509 certificate subject's Common Name (CN) field. A\nman-in-the-middle attacker could use this flaw to spoof an SSL server\nusing a specially crafted X.509 certificate. (CVE-2014-3577)\n\nThe CVE-2012-6153 issue was discovered by Florian Weimer of Red Hat\nProduct Security.\n\nFor additional information on these flaws, refer to the Knowledgebase\narticle in the References section.\n\nAll users of Red Hat JBoss Enterprise Application Platform 6.3.0 on\nRed Hat Enterprise Linux 5, 6, and 7 are advised to upgrade to these\nupdated packages. The JBoss server process must be restarted for the\nupdate to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:1162\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-6153\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-3577\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpclient-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpcomponents-client-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpcomponents-core-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpcomponents-project-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpcore-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpmime-eap6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/08/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/09/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:1162\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL5\", rpm:\"jbossas-welcome-content-eap\") || rpm_exists(release:\"RHEL6\", rpm:\"jbossas-welcome-content-eap\") || rpm_exists(release:\"RHEL7\", rpm:\"jbossas-welcome-content-eap\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"JBoss EAP\");\n\n if (rpm_check(release:\"RHEL5\", reference:\"httpclient-eap6-4.2.1-12.redhat_2.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"httpcomponents-client-eap6-4.2.1-12.redhat_2.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"httpcomponents-core-eap6-4.2.1-12.redhat_2.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"httpcomponents-project-eap6-6-12.redhat_2.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"httpcore-eap6-4.2.1-12.redhat_2.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"httpmime-eap6-4.2.1-12.redhat_2.1.ep6.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"httpclient-eap6-4.2.1-12.redhat_2.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"httpcomponents-client-eap6-4.2.1-12.redhat_2.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"httpcomponents-core-eap6-4.2.1-12.redhat_2.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"httpcomponents-project-eap6-6-12.redhat_2.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"httpcore-eap6-4.2.1-12.redhat_2.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"httpmime-eap6-4.2.1-12.redhat_2.1.ep6.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"httpclient-eap6-4.2.1-12.redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"httpcomponents-client-eap6-4.2.1-12.redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"httpcomponents-core-eap6-4.2.1-12.redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"httpcomponents-project-eap6-6-12.redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"httpcore-eap6-4.2.1-12.redhat_2.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"httpmime-eap6-4.2.1-12.redhat_2.1.ep6.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpclient-eap6 / httpcomponents-client-eap6 / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:18:10", "description": "Updated packages for Red Hat JBoss Enterprise Application Platform 5.2.0 that fix two security issues are now available for Red Hat Enterprise Linux 4, 5, and 6.\n\nRed Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nRed Hat JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam.\n\nIt was found that the fix for CVE-2012-5783 was incomplete: the code added to check that the server host name matches the domain name in a subject's Common Name (CN) field in X.509 certificates was flawed. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. (CVE-2012-6153)\n\nIt was discovered that the HttpClient incorrectly extracted host name from an X.509 certificate subject's Common Name (CN) field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. (CVE-2014-3577)\n\nThe CVE-2012-6153 issue was discovered by Florian Weimer of Red Hat Product Security.\n\nFor additional information on these flaws, refer to the Knowledgebase article in the References section.\n\nAll users of Red Hat JBoss Enterprise Application Platform 5.2.0 on Red Hat Enterprise Linux 4, 5, and 6 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect.", "cvss3": {}, "published": "2014-10-01T00:00:00", "type": "nessus", "title": "RHEL 4 / 5 / 6 : JBoss EAP (RHSA-2014:1321)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5783", "CVE-2012-6153", "CVE-2014-3577"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:jakarta-commons-httpclient", "p-cpe:/a:redhat:enterprise_linux:jboss-seam2", "p-cpe:/a:redhat:enterprise_linux:jboss-seam2-docs", "p-cpe:/a:redhat:enterprise_linux:jboss-seam2-examples", "p-cpe:/a:redhat:enterprise_linux:jboss-seam2-runtime", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2014-1321.NASL", "href": "https://www.tenable.com/plugins/nessus/78008", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:1321. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78008);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-6153\", \"CVE-2014-3577\");\n script_xref(name:\"RHSA\", value:\"2014:1321\");\n\n script_name(english:\"RHEL 4 / 5 / 6 : JBoss EAP (RHSA-2014:1321)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated packages for Red Hat JBoss Enterprise Application Platform\n5.2.0 that fix two security issues are now available for Red Hat\nEnterprise Linux 4, 5, and 6.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nRed Hat JBoss Enterprise Application Platform is a platform for Java\napplications, which integrates the JBoss Application Server with JBoss\nHibernate and JBoss Seam.\n\nIt was found that the fix for CVE-2012-5783 was incomplete: the code\nadded to check that the server host name matches the domain name in a\nsubject's Common Name (CN) field in X.509 certificates was flawed. A\nman-in-the-middle attacker could use this flaw to spoof an SSL server\nusing a specially crafted X.509 certificate. (CVE-2012-6153)\n\nIt was discovered that the HttpClient incorrectly extracted host name\nfrom an X.509 certificate subject's Common Name (CN) field. A\nman-in-the-middle attacker could use this flaw to spoof an SSL server\nusing a specially crafted X.509 certificate. (CVE-2014-3577)\n\nThe CVE-2012-6153 issue was discovered by Florian Weimer of Red Hat\nProduct Security.\n\nFor additional information on these flaws, refer to the Knowledgebase\narticle in the References section.\n\nAll users of Red Hat JBoss Enterprise Application Platform 5.2.0 on\nRed Hat Enterprise Linux 4, 5, and 6 are advised to upgrade to these\nupdated packages. The JBoss server process must be restarted for the\nupdate to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/solutions/1165533\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:1321\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-6153\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-3577\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jakarta-commons-httpclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-seam2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-seam2-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-seam2-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-seam2-runtime\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/08/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:1321\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL4\", rpm:\"jbossas-welcome-content-eap\") || rpm_exists(release:\"RHEL5\", rpm:\"jbossas-welcome-content-eap\") || rpm_exists(release:\"RHEL6\", rpm:\"jbossas-welcome-content-eap\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"JBoss EAP\");\n\n if (rpm_exists(rpm:\"jakarta-commons-httpclient-3.1-4\", release:\"RHEL4\") && rpm_check(release:\"RHEL4\", reference:\"jakarta-commons-httpclient-3.1-4_patch_02.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-seam2-2.2.6.EAP5-22_patch_01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-seam2-docs-2.2.6.EAP5-22_patch_01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-seam2-examples-2.2.6.EAP5-22_patch_01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-seam2-runtime-2.2.6.EAP5-22_patch_01.ep5.el4\")) flag++;\n\n if (rpm_exists(rpm:\"jakarta-commons-httpclient-3.1-4\", release:\"RHEL5\") && rpm_check(release:\"RHEL5\", reference:\"jakarta-commons-httpclient-3.1-4_patch_02.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-seam2-2.2.6.EAP5-22_patch_01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-seam2-docs-2.2.6.EAP5-22_patch_01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-seam2-examples-2.2.6.EAP5-22_patch_01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-seam2-runtime-2.2.6.EAP5-22_patch_01.ep5.el5\")) flag++;\n\n if (rpm_exists(rpm:\"jakarta-commons-httpclient-3.1-4\", release:\"RHEL6\") && rpm_check(release:\"RHEL6\", reference:\"jakarta-commons-httpclient-3.1-4_patch_02.el6_5\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-seam2-2.2.6.EAP5-22_patch_01.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-seam2-docs-2.2.6.EAP5-22_patch_01.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-seam2-examples-2.2.6.EAP5-22_patch_01.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-seam2-runtime-2.2.6.EAP5-22_patch_01.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"jakarta-commons-httpclient / jboss-seam2 / jboss-seam2-docs / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:31:21", "description": "CVE-2012-5783 and CVE-2012-6153 Apache Commons HttpClient 3.1 did not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. Thanks to Alberto Fernandez Martinez for the patch.\n\nCVE-2014-3577 It was found that the fix for CVE-2012-6153 was incomplete: the code added to check that the server hostname matches the domain name in a subject's Common Name (CN) field in X.509 certificates was flawed. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. The fix for CVE-2012-6153 was intended to address the incomplete patch for CVE-2012-5783. The issue is now completely resolved by applying this patch and the one for the previous CVEs\n\nThis upload was prepared by Markus Koschany.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-05-20T00:00:00", "type": "nessus", "title": "Debian DLA-222-1 : commons-httpclient security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5783", "CVE-2012-6153", "CVE-2014-3577"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libcommons-httpclient-java", "p-cpe:/a:debian:debian_linux:libcommons-httpclient-java-doc", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DLA-222.NASL", "href": "https://www.tenable.com/plugins/nessus/83545", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-222-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83545);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-5783\", \"CVE-2012-6153\", \"CVE-2014-3577\");\n script_bugtraq_id(58073, 69257, 69258);\n\n script_name(english:\"Debian DLA-222-1 : commons-httpclient security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2012-5783 and CVE-2012-6153 Apache Commons HttpClient 3.1 did not\nverify that the server hostname matches a domain name in the subject's\nCommon Name (CN) or subjectAltName field of the X.509 certificate,\nwhich allows man-in-the-middle attackers to spoof SSL servers via an\narbitrary valid certificate. Thanks to Alberto Fernandez Martinez for\nthe patch.\n\nCVE-2014-3577 It was found that the fix for CVE-2012-6153 was\nincomplete: the code added to check that the server hostname matches\nthe domain name in a subject's Common Name (CN) field in X.509\ncertificates was flawed. A man-in-the-middle attacker could use this\nflaw to spoof an SSL server using a specially crafted X.509\ncertificate. The fix for CVE-2012-6153 was intended to address the\nincomplete patch for CVE-2012-5783. The issue is now completely\nresolved by applying this patch and the one for the previous CVEs\n\nThis upload was prepared by Markus Koschany.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2015/05/msg00008.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/commons-httpclient\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcommons-httpclient-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcommons-httpclient-java-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"libcommons-httpclient-java\", reference:\"3.1-9+deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libcommons-httpclient-java-doc\", reference:\"3.1-9+deb6u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:15:27", "description": "From Red Hat Security Advisory 2014:0827 :\n\nUpdated tomcat packages that fix three security issues are now available for Red Hat Enterprise Linux 7.\n\nThe Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nIt was discovered that Apache Tomcat did not limit the length of chunk sizes when using chunked transfer encoding. A remote attacker could use this flaw to perform a denial of service attack against Tomcat by streaming an unlimited quantity of data, leading to excessive consumption of server resources. (CVE-2014-0075)\n\nIt was found that Apache Tomcat did not check for overflowing values when parsing request content length headers. A remote attacker could use this flaw to perform an HTTP request smuggling attack on a Tomcat server located behind a reverse proxy that processed the content length header correctly. (CVE-2014-0099)\n\nIt was found that the org.apache.catalina.servlets.DefaultServlet implementation in Apache Tomcat allowed the definition of XML External Entities (XXEs) in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive information. (CVE-2014-0096)\n\nThe CVE-2014-0075 issue was discovered by David Jorm of Red Hat Product Security.\n\nAll Tomcat 7 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Tomcat must be restarted for this update to take effect.", "cvss3": {}, "published": "2014-07-24T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : tomcat (ELSA-2014-0827)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0075", "CVE-2014-0096", "CVE-2014-0099"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:tomcat", "p-cpe:/a:oracle:linux:tomcat-admin-webapps", "p-cpe:/a:oracle:linux:tomcat-docs-webapp", "p-cpe:/a:oracle:linux:tomcat-el-2.2-api", "p-cpe:/a:oracle:linux:tomcat-javadoc", "p-cpe:/a:oracle:linux:tomcat-jsp-2.2-api", "p-cpe:/a:oracle:linux:tomcat-jsvc", "p-cpe:/a:oracle:linux:tomcat-lib", "p-cpe:/a:oracle:linux:tomcat-servlet-3.0-api", "p-cpe:/a:oracle:linux:tomcat-webapps", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2014-0827.NASL", "href": "https://www.tenable.com/plugins/nessus/76739", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2014:0827 and \n# Oracle Linux Security Advisory ELSA-2014-0827 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76739);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0075\", \"CVE-2014-0096\", \"CVE-2014-0099\");\n script_bugtraq_id(67667, 67668, 67671);\n script_xref(name:\"RHSA\", value:\"2014:0827\");\n\n script_name(english:\"Oracle Linux 7 : tomcat (ELSA-2014-0827)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2014:0827 :\n\nUpdated tomcat packages that fix three security issues are now\navailable for Red Hat Enterprise Linux 7.\n\nThe Red Hat Security Response Team has rated this update as having\nModerate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nIt was discovered that Apache Tomcat did not limit the length of chunk\nsizes when using chunked transfer encoding. A remote attacker could\nuse this flaw to perform a denial of service attack against Tomcat by\nstreaming an unlimited quantity of data, leading to excessive\nconsumption of server resources. (CVE-2014-0075)\n\nIt was found that Apache Tomcat did not check for overflowing values\nwhen parsing request content length headers. A remote attacker could\nuse this flaw to perform an HTTP request smuggling attack on a Tomcat\nserver located behind a reverse proxy that processed the content\nlength header correctly. (CVE-2014-0099)\n\nIt was found that the org.apache.catalina.servlets.DefaultServlet\nimplementation in Apache Tomcat allowed the definition of XML External\nEntities (XXEs) in provided XSLTs. A malicious application could use\nthis to circumvent intended security restrictions to disclose\nsensitive information. (CVE-2014-0096)\n\nThe CVE-2014-0075 issue was discovered by David Jorm of Red Hat\nProduct Security.\n\nAll Tomcat 7 users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. Tomcat must\nbe restarted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2014-July/004284.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/05/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-7.0.42-6.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-admin-webapps-7.0.42-6.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-docs-webapp-7.0.42-6.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-el-2.2-api-7.0.42-6.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-javadoc-7.0.42-6.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-jsp-2.2-api-7.0.42-6.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-jsvc-7.0.42-6.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-lib-7.0.42-6.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-servlet-3.0-api-7.0.42-6.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-webapps-7.0.42-6.el7_0\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:16:00", "description": "Security fix for CVE-2014-3577, CVE-2012-6153\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2014-08-27T00:00:00", "type": "nessus", "title": "Fedora 20 : jakarta-commons-httpclient-3.1-15.fc20 (2014-9581)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5783", "CVE-2012-6153", "CVE-2014-3577"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:jakarta-commons-httpclient", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2014-9581.NASL", "href": "https://www.tenable.com/plugins/nessus/77399", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-9581.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77399);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-5783\", \"CVE-2012-6153\", \"CVE-2014-3577\");\n script_bugtraq_id(58073, 69257, 69258);\n script_xref(name:\"FEDORA\", value:\"2014-9581\");\n\n script_name(english:\"Fedora 20 : jakarta-commons-httpclient-3.1-15.fc20 (2014-9581)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2014-3577, CVE-2012-6153\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1129074\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1129916\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-August/137032.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0b64edb4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected jakarta-commons-httpclient package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:jakarta-commons-httpclient\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"jakarta-commons-httpclient-3.1-15.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"jakarta-commons-httpclient\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:39:26", "description": "Updated packages for Red Hat JBoss Enterprise Web Platform 5.2.0 that fix two security issues are now available for Red Hat Enterprise Linux 4, 5, and 6.\n\nRed Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nRed Hat JBoss Enterprise Web Platform is a platform for Java applications, which integrates the JBoss Web Server with JBoss Hibernate and JBoss Seam.\n\nIt was found that the fix for CVE-2012-5783 was incomplete: the code added to check that the server host name matches the domain name in a subject's Common Name (CN) field in X.509 certificates was flawed. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. (CVE-2012-6153)\n\nIt was discovered that the HttpClient incorrectly extracted host name from an X.509 certificate subject's Common Name (CN) field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. (CVE-2014-3577)\n\nThe CVE-2012-6153 issue was discovered by Florian Weimer of Red Hat Product Security.\n\nFor additional information on these flaws, refer to the Knowledgebase article in the References section.\n\nAll users of Red Hat JBoss Enterprise Web Platform 5.2.0 on Red Hat Enterprise Linux 4, 5, and 6 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect.", "cvss3": {}, "published": "2014-10-01T00:00:00", "type": "nessus", "title": "RHEL 4 / 5 / 6 : JBoss EWP (RHSA-2014:1320)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5783", "CVE-2012-6153", "CVE-2014-3577"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:jakarta-commons-httpclient", "p-cpe:/a:redhat:enterprise_linux:jboss-seam2", "p-cpe:/a:redhat:enterprise_linux:jboss-seam2-docs", "p-cpe:/a:redhat:enterprise_linux:jboss-seam2-examples", "p-cpe:/a:redhat:enterprise_linux:jboss-seam2-runtime", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2014-1320.NASL", "href": "https://www.tenable.com/plugins/nessus/78007", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:1320. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78007);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-6153\", \"CVE-2014-3577\");\n script_xref(name:\"RHSA\", value:\"2014:1320\");\n\n script_name(english:\"RHEL 4 / 5 / 6 : JBoss EWP (RHSA-2014:1320)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated packages for Red Hat JBoss Enterprise Web Platform 5.2.0 that\nfix two security issues are now available for Red Hat Enterprise Linux\n4, 5, and 6.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nRed Hat JBoss Enterprise Web Platform is a platform for Java\napplications, which integrates the JBoss Web Server with JBoss\nHibernate and JBoss Seam.\n\nIt was found that the fix for CVE-2012-5783 was incomplete: the code\nadded to check that the server host name matches the domain name in a\nsubject's Common Name (CN) field in X.509 certificates was flawed. A\nman-in-the-middle attacker could use this flaw to spoof an SSL server\nusing a specially crafted X.509 certificate. (CVE-2012-6153)\n\nIt was discovered that the HttpClient incorrectly extracted host name\nfrom an X.509 certificate subject's Common Name (CN) field. A\nman-in-the-middle attacker could use this flaw to spoof an SSL server\nusing a specially crafted X.509 certificate. (CVE-2014-3577)\n\nThe CVE-2012-6153 issue was discovered by Florian Weimer of Red Hat\nProduct Security.\n\nFor additional information on these flaws, refer to the Knowledgebase\narticle in the References section.\n\nAll users of Red Hat JBoss Enterprise Web Platform 5.2.0 on Red Hat\nEnterprise Linux 4, 5, and 6 are advised to upgrade to these updated\npackages. The JBoss server process must be restarted for the update to\ntake effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/solutions/1165533\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:1320\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-6153\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-3577\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jakarta-commons-httpclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-seam2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-seam2-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-seam2-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jboss-seam2-runtime\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/08/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:1320\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL4\", rpm:\"jbossas-seam2-\") || rpm_exists(release:\"RHEL5\", rpm:\"jbossas-seam2-\") || rpm_exists(release:\"RHEL6\", rpm:\"jbossas-seam2-\")) || rpm_exists(rpm:\"jbossas-welcome-content-eap\")) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"JBoss EWP\");\n\n if (rpm_exists(rpm:\"jakarta-commons-httpclient-3.1-4\", release:\"RHEL4\") && rpm_check(release:\"RHEL4\", reference:\"jakarta-commons-httpclient-3.1-4_patch_02.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-seam2-2.2.6.EAP5-22_patch_01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-seam2-docs-2.2.6.EAP5-22_patch_01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-seam2-examples-2.2.6.EAP5-22_patch_01.ep5.el4\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"jboss-seam2-runtime-2.2.6.EAP5-22_patch_01.ep5.el4\")) flag++;\n\n if (rpm_exists(rpm:\"jakarta-commons-httpclient-3.1-4\", release:\"RHEL5\") && rpm_check(release:\"RHEL5\", reference:\"jakarta-commons-httpclient-3.1-4_patch_02.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-seam2-2.2.6.EAP5-22_patch_01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-seam2-docs-2.2.6.EAP5-22_patch_01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-seam2-examples-2.2.6.EAP5-22_patch_01.ep5.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"jboss-seam2-runtime-2.2.6.EAP5-22_patch_01.ep5.el5\")) flag++;\n\n if (rpm_exists(rpm:\"jakarta-commons-httpclient-3.1-4\", release:\"RHEL6\") && rpm_check(release:\"RHEL6\", reference:\"jakarta-commons-httpclient-3.1-4_patch_02.el6_5\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-seam2-2.2.6.EAP5-22_patch_01.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-seam2-docs-2.2.6.EAP5-22_patch_01.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-seam2-examples-2.2.6.EAP5-22_patch_01.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jboss-seam2-runtime-2.2.6.EAP5-22_patch_01.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"jakarta-commons-httpclient / jboss-seam2 / jboss-seam2-docs / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:42:27", "description": "Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.\n\nIt was found that the fix for CVE-2012-6153 was incomplete: the code added to check that the server hostname matches the domain name in a subject's Common Name (CN) field in X.509 certificates was flawed. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate.\n\nIt was found that the fix for CVE-2012-5783 was incomplete: the code added to check that the server host name matches the domain name in a subject's Common Name (CN) field in X.509 certificates was flawed. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate.", "cvss3": {}, "published": "2014-10-12T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : jakarta-commons-httpclient (ALAS-2014-410)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5783", "CVE-2012-6153", "CVE-2014-3577"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:jakarta-commons-httpclient", "p-cpe:/a:amazon:linux:jakarta-commons-httpclient-demo", "p-cpe:/a:amazon:linux:jakarta-commons-httpclient-javadoc", "p-cpe:/a:amazon:linux:jakarta-commons-httpclient-manual", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2014-410.NASL", "href": "https://www.tenable.com/plugins/nessus/78353", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2014-410.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78353);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2012-5783\", \"CVE-2012-6153\", \"CVE-2014-3577\");\n script_xref(name:\"ALAS\", value:\"2014-410\");\n\n script_name(english:\"Amazon Linux AMI : jakarta-commons-httpclient (ALAS-2014-410)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments\nService (FPS) merchant Java SDK and other products, does not verify\nthat the server hostname matches a domain name in the subject's Common\nName (CN) or subjectAltName field of the X.509 certificate, which\nallows man-in-the-middle attackers to spoof SSL servers via an\narbitrary valid certificate.\n\nIt was found that the fix for CVE-2012-6153 was incomplete: the code\nadded to check that the server hostname matches the domain name in a\nsubject's Common Name (CN) field in X.509 certificates was flawed. A\nman-in-the-middle attacker could use this flaw to spoof an SSL server\nusing a specially crafted X.509 certificate.\n\nIt was found that the fix for CVE-2012-5783 was incomplete: the code\nadded to check that the server host name matches the domain name in a\nsubject's Common Name (CN) field in X.509 certificates was flawed. A\nman-in-the-middle attacker could use this flaw to spoof an SSL server\nusing a specially crafted X.509 certificate.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2014-410.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update jakarta-commons-httpclient' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:jakarta-commons-httpclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:jakarta-commons-httpclient-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:jakarta-commons-httpclient-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:jakarta-commons-httpclient-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"jakarta-commons-httpclient-3.1-15.8.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"jakarta-commons-httpclient-demo-3.1-15.8.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"jakarta-commons-httpclient-javadoc-3.1-15.8.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"jakarta-commons-httpclient-manual-3.1-15.8.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"jakarta-commons-httpclient / jakarta-commons-httpclient-demo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:10:39", "description": "The version of Apache Tomcat installed on the remote host is version 7.x prior to 7.0.53. It is, therefore, affected by the following vulnerabilities:\n\n - An error exists related to chunk size and chunked requests that could allow denial of service attacks. (CVE-2014-0075)\n\n - An error exists related to XSLT handling and security managers that could allow security bypass related to external XML entities. (CVE-2014-0096)\n\n - An error exists related to content length header handling and using the application behind a reverse proxy that could allow security bypass. (CVE-2014-0099)", "cvss3": {}, "published": "2015-03-02T00:00:00", "type": "nessus", "title": "Apache Tomcat 7.0.x < 7.0.53 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0075", "CVE-2014-0096", "CVE-2014-0099"], "modified": "2019-05-20T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "8935.PASL", "href": "https://www.tenable.com/plugins/nnm/8935", "sourceData": "Binary data 8935.pasl", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:35:14", "description": "Updated tomcat packages that fix three security issues are now available for Red Hat Enterprise Linux 7.\n\nThe Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nIt was discovered that Apache Tomcat did not limit the length of chunk sizes when using chunked transfer encoding. A remote attacker could use this flaw to perform a denial of service attack against Tomcat by streaming an unlimited quantity of data, leading to excessive consumption of server resources. (CVE-2014-0075)\n\nIt was found that Apache Tomcat did not check for overflowing values when parsing request content length headers. A remote attacker could use this flaw to perform an HTTP request smuggling attack on a Tomcat server located behind a reverse proxy that processed the content length header correctly. (CVE-2014-0099)\n\nIt was found that the org.apache.catalina.servlets.DefaultServlet implementation in Apache Tomcat allowed the definition of XML External Entities (XXEs) in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive information. (CVE-2014-0096)\n\nThe CVE-2014-0075 issue was discovered by David Jorm of Red Hat Product Security.\n\nAll Tomcat 7 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Tomcat must be restarted for this update to take effect.", "cvss3": {}, "published": "2014-07-30T00:00:00", "type": "nessus", "title": "RHEL 7 : tomcat (RHSA-2014:0827)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0075", "CVE-2014-0096", "CVE-2014-0099"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:tomcat", "p-cpe:/a:redhat:enterprise_linux:tomcat-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat-docs-webapp", "p-cpe:/a:redhat:enterprise_linux:tomcat-el-2.2-api", "p-cpe:/a:redhat:enterprise_linux:tomcat-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat-jsp-2.2-api", "p-cpe:/a:redhat:enterprise_linux:tomcat-jsvc", "p-cpe:/a:redhat:enterprise_linux:tomcat-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat-servlet-3.0-api", "p-cpe:/a:redhat:enterprise_linux:tomcat-webapps", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2014-0827.NASL", "href": "https://www.tenable.com/plugins/nessus/76902", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0827. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76902);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0075\", \"CVE-2014-0096\", \"CVE-2014-0099\");\n script_bugtraq_id(67667, 67668, 67671);\n script_xref(name:\"RHSA\", value:\"2014:0827\");\n\n script_name(english:\"RHEL 7 : tomcat (RHSA-2014:0827)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated tomcat packages that fix three security issues are now\navailable for Red Hat Enterprise Linux 7.\n\nThe Red Hat Security Response Team has rated this update as having\nModerate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nIt was discovered that Apache Tomcat did not limit the length of chunk\nsizes when using chunked transfer encoding. A remote attacker could\nuse this flaw to perform a denial of service attack against Tomcat by\nstreaming an unlimited quantity of data, leading to excessive\nconsumption of server resources. (CVE-2014-0075)\n\nIt was found that Apache Tomcat did not check for overflowing values\nwhen parsing request content length headers. A remote attacker could\nuse this flaw to perform an HTTP request smuggling attack on a Tomcat\nserver located behind a reverse proxy that processed the content\nlength header correctly. (CVE-2014-0099)\n\nIt was found that the org.apache.catalina.servlets.DefaultServlet\nimplementation in Apache Tomcat allowed the definition of XML External\nEntities (XXEs) in provided XSLTs. A malicious application could use\nthis to circumvent intended security restrictions to disclose\nsensitive information. (CVE-2014-0096)\n\nThe CVE-2014-0075 issue was discovered by David Jorm of Red Hat\nProduct Security.\n\nAll Tomcat 7 users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. Tomcat must\nbe restarted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://tomcat.apache.org/security-7.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:0827\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0075\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0099\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/05/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:0827\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-7.0.42-6.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-admin-webapps-7.0.42-6.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-docs-webapp-7.0.42-6.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-el-2.2-api-7.0.42-6.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-javadoc-7.0.42-6.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-jsp-2.2-api-7.0.42-6.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-jsvc-7.0.42-6.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-lib-7.0.42-6.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-servlet-3.0-api-7.0.42-6.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-webapps-7.0.42-6.el7_0\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:15:26", "description": "Tomcat Security Team reports :\n\nTomcat does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.\n\nAn integer overflow, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.\n\nAn integer overflow in parseChunkHeader allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data.", "cvss3": {}, "published": "2014-07-24T00:00:00", "type": "nessus", "title": "FreeBSD : tomcat -- multiple vulnerabilities (81fc1076-1286-11e4-bebd-000c2980a9f3)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0075", "CVE-2014-0096", "CVE-2014-0099"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:tomcat", "p-cpe:/a:freebsd:freebsd:tomcat7", "p-cpe:/a:freebsd:freebsd:tomcat8", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_81FC1076128611E4BEBD000C2980A9F3.NASL", "href": "https://www.tenable.com/plugins/nessus/76719", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76719);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-0075\", \"CVE-2014-0096\", \"CVE-2014-0099\");\n\n script_name(english:\"FreeBSD : tomcat -- multiple vulnerabilities (81fc1076-1286-11e4-bebd-000c2980a9f3)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Tomcat Security Team reports :\n\nTomcat does not properly restrict XSLT stylesheets, which allows\nremote attackers to bypass security-manager restrictions and read\narbitrary files via a crafted web application that provides an XML\nexternal entity declaration in conjunction with an entity reference,\nrelated to an XML External Entity (XXE) issue.\n\nAn integer overflow, when operated behind a reverse proxy, allows\nremote attackers to conduct HTTP request smuggling attacks via a\ncrafted Content-Length HTTP header.\n\nAn integer overflow in parseChunkHeader allows remote attackers to\ncause a denial of service (resource consumption) via a malformed chunk\nsize in chunked transfer coding of a request during the streaming of\ndata.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://tomcat.apache.org/security-6.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://tomcat.apache.org/security-7.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://tomcat.apache.org/security-8.html\"\n );\n # https://vuxml.freebsd.org/freebsd/81fc1076-1286-11e4-bebd-000c2980a9f3.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?37c945e2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tomcat8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/05/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"tomcat<6.0.40\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"tomcat7<7.0.53\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"tomcat8<8.0.4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:35:28", "description": "David Jorm discovered that Tomcat incorrectly handled certain requests submitted using chunked transfer encoding. A remote attacker could use this flaw to cause the Tomcat server to consume resources, resulting in a denial of service. (CVE-2014-0075)\n\nIt was discovered that Tomcat did not properly restrict XSLT stylesheets. An attacker could use this issue with a crafted web application to bypass security-manager restrictions and read arbitrary files. (CVE-2014-0096)\n\nIt was discovered that Tomcat incorrectly handled certain Content-Length headers. A remote attacker could use this flaw in configurations where Tomcat is behind a reverse proxy to perform HTTP request smuggling attacks. (CVE-2014-0099).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2014-07-31T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : Tomcat vulnerabilities (USN-2302-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0075", "CVE-2014-0096", "CVE-2014-0099"], "modified": "2023-10-20T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libtomcat7-java", "p-cpe:/a:canonical:ubuntu_linux:tomcat7", "p-cpe:/a:canonical:ubuntu_linux:libservlet3.0-java", "p-cpe:/a:canonical:ubuntu_linux:tomcat7-admin", "p-cpe:/a:canonical:ubuntu_linux:tomcat7-common", "p-cpe:/a:canonical:ubuntu_linux:tomcat7-examples", "p-cpe:/a:canonical:ubuntu_linux:tomcat7-user", "cpe:/o:canonical:ubuntu_linux:14.04:-:lts"], "id": "UBUNTU_USN-2302-1.NASL", "href": "https://www.tenable.com/plugins/nessus/76935", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2302-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76935);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/20\");\n\n script_cve_id(\"CVE-2014-0075\", \"CVE-2014-0096\", \"CVE-2014-0099\");\n script_bugtraq_id(67667, 67668, 67671);\n script_xref(name:\"USN\", value:\"2302-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : Tomcat vulnerabilities (USN-2302-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"David Jorm discovered that Tomcat incorrectly handled certain requests\nsubmitted using chunked transfer encoding. A remote attacker could use\nthis flaw to cause the Tomcat server to consume resources, resulting\nin a denial of service. (CVE-2014-0075)\n\nIt was discovered that Tomcat did not properly restrict XSLT\nstylesheets. An attacker could use this issue with a crafted web\napplication to bypass security-manager restrictions and read arbitrary\nfiles. (CVE-2014-0096)\n\nIt was discovered that Tomcat incorrectly handled certain\nContent-Length headers. A remote attacker could use this flaw in\nconfigurations where Tomcat is behind a reverse proxy to perform HTTP\nrequest smuggling attacks. (CVE-2014-0099).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-2302-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0099\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/05/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libtomcat7-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:tomcat7-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:tomcat7-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:tomcat7-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:tomcat7-user\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libservlet3.0-java\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('14.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 14.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '14.04', 'pkgname': 'libservlet3.0-java', 'pkgver': '7.0.52-1ubuntu0.1'},\n {'osver': '14.04', 'pkgname': 'libtomcat7-java', 'pkgver': '7.0.52-1ubuntu0.1'},\n {'osver': '14.04', 'pkgname': 'tomcat7', 'pkgver': '7.0.52-1ubuntu0.1'},\n {'osver': '14.04', 'pkgname': 'tomcat7-admin', 'pkgver': '7.0.52-1ubuntu0.1'},\n {'osver': '14.04', 'pkgname': 'tomcat7-common', 'pkgver': '7.0.52-1ubuntu0.1'},\n {'osver': '14.04', 'pkgname': 'tomcat7-examples', 'pkgver': '7.0.52-1ubuntu0.1'},\n {'osver': '14.04', 'pkgname': 'tomcat7-user', 'pkgver': '7.0.52-1ubuntu0.1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libservlet3.0-java / libtomcat7-java / tomcat7 / tomcat7-admin / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:15:28", "description": "Updated tomcat7 packages that fix three security issues are now available for Red Hat JBoss Web Server 2.0.1 on Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nRed Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.\n\nIt was discovered that Apache Tomcat did not limit the length of chunk sizes when using chunked transfer encoding. A remote attacker could use this flaw to perform a denial of service attack against Tomcat by streaming an unlimited quantity of data, leading to excessive consumption of server resources. (CVE-2014-0075)\n\nIt was found that Apache Tomcat did not check for overflowing values when parsing request content length headers. A remote attacker could use this flaw to perform an HTTP request smuggling attack on a Tomcat server located behind a reverse proxy that processed the content length header correctly. (CVE-2014-0099)\n\nIt was found that the org.apache.catalina.servlets.DefaultServlet implementation in Apache Tomcat allowed the definition of XML External Entities (XXEs) in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive information. (CVE-2014-0096)\n\nThe CVE-2014-0075 issue was discovered by David Jorm of Red Hat Product Security.\n\nAll users of Red Hat JBoss Web Server 2.0.1 are advised to upgrade to these updated tomcat7 packages, which contain backported patches to correct these issues. The Red Hat JBoss Web Server process must be restarted for the update to take effect.", "cvss3": {}, "published": "2014-07-08T00:00:00", "type": "nessus", "title": "RHEL 5 / 6 : JBoss Web Server (RHSA-2014:0835)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0075", "CVE-2014-0096", "CVE-2014-0099"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:tomcat7", "p-cpe:/a:redhat:enterprise_linux:tomcat7-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat7-docs-webapp", "p-cpe:/a:redhat:enterprise_linux:tomcat7-el-2.2-api", "p-cpe:/a:redhat:enterprise_linux:tomcat7-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat7-jsp-2.2-api", "p-cpe:/a:redhat:enterprise_linux:tomcat7-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat7-log4j", "p-cpe:/a:redhat:enterprise_linux:tomcat7-servlet-3.0-api", "p-cpe:/a:redhat:enterprise_linux:tomcat7-webapps", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2014-0835.NASL", "href": "https://www.tenable.com/plugins/nessus/76400", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0835. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76400);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0075\", \"CVE-2014-0096\", \"CVE-2014-0099\");\n script_bugtraq_id(67667, 67668, 67671);\n script_xref(name:\"RHSA\", value:\"2014:0835\");\n\n script_name(english:\"RHEL 5 / 6 : JBoss Web Server (RHSA-2014:0835)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated tomcat7 packages that fix three security issues are now\navailable for Red Hat JBoss Web Server 2.0.1 on Red Hat Enterprise\nLinux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nModerate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the\nApache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat\nConnector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and\nthe Tomcat Native library.\n\nIt was discovered that Apache Tomcat did not limit the length of chunk\nsizes when using chunked transfer encoding. A remote attacker could\nuse this flaw to perform a denial of service attack against Tomcat by\nstreaming an unlimited quantity of data, leading to excessive\nconsumption of server resources. (CVE-2014-0075)\n\nIt was found that Apache Tomcat did not check for overflowing values\nwhen parsing request content length headers. A remote attacker could\nuse this flaw to perform an HTTP request smuggling attack on a Tomcat\nserver located behind a reverse proxy that processed the content\nlength header correctly. (CVE-2014-0099)\n\nIt was found that the org.apache.catalina.servlets.DefaultServlet\nimplementation in Apache Tomcat allowed the definition of XML External\nEntities (XXEs) in provided XSLTs. A malicious application could use\nthis to circumvent intended security restrictions to disclose\nsensitive information. (CVE-2014-0096)\n\nThe CVE-2014-0075 issue was discovered by David Jorm of Red Hat\nProduct Security.\n\nAll users of Red Hat JBoss Web Server 2.0.1 are advised to upgrade to\nthese updated tomcat7 packages, which contain backported patches to\ncorrect these issues. The Red Hat JBoss Web Server process must be\nrestarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:0835\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0075\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0099\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/05/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:0835\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL5\", rpm:\"jws-2\") || rpm_exists(release:\"RHEL6\", rpm:\"jws-2\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"JBoss Web Server\");\n\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat7-7.0.40-14_patch_03.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat7-admin-webapps-7.0.40-14_patch_03.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat7-docs-webapp-7.0.40-14_patch_03.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat7-el-2.2-api-7.0.40-14_patch_03.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat7-javadoc-7.0.40-14_patch_03.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat7-jsp-2.2-api-7.0.40-14_patch_03.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat7-lib-7.0.40-14_patch_03.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat7-log4j-7.0.40-14_patch_03.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat7-servlet-3.0-api-7.0.40-14_patch_03.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat7-webapps-7.0.40-14_patch_03.ep6.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-7.0.40-11_patch_03.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-admin-webapps-7.0.40-11_patch_03.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-docs-webapp-7.0.40-11_patch_03.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-el-2.2-api-7.0.40-11_patch_03.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-javadoc-7.0.40-11_patch_03.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-jsp-2.2-api-7.0.40-11_patch_03.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-lib-7.0.40-11_patch_03.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-log4j-7.0.40-11_patch_03.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-servlet-3.0-api-7.0.40-11_patch_03.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-webapps-7.0.40-11_patch_03.ep6.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat7 / tomcat7-admin-webapps / tomcat7-docs-webapp / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:28:34", "description": "According to its self-reported version number, the instance of Apache Tomcat 7.0.x listening on the remote host is prior to 7.0.53. It is, therefore, affected by the following vulnerabilities :\n\n - An error exists related to chunk size and chunked requests that allow denial of service attacks.\n (CVE-2014-0075)\n\n - An error exists related to XSLT handling and security managers that allows security bypass related to external XML entities. (CVE-2014-0096)\n\n - An error exists related to content length header handling and using the application behind a reverse proxy that allows a security bypass. (CVE-2014-0099)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2014-05-30T00:00:00", "type": "nessus", "title": "Apache Tomcat 7.0.x < 7.0.53 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0075", "CVE-2014-0096", "CVE-2014-0099"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_7_0_53.NASL", "href": "https://www.tenable.com/plugins/nessus/74246", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74246);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2014-0075\", \"CVE-2014-0096\", \"CVE-2014-0099\");\n script_bugtraq_id(67667, 67668, 67671);\n\n script_name(english:\"Apache Tomcat 7.0.x < 7.0.53 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apache Tomcat server is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the instance of Apache\nTomcat 7.0.x listening on the remote host is prior to 7.0.53. It is,\ntherefore, affected by the following vulnerabilities :\n\n - An error exists related to chunk size and chunked\n requests that allow denial of service attacks.\n (CVE-2014-0075)\n\n - An error exists related to XSLT handling and security\n managers that allows security bypass related to external\n XML entities. (CVE-2014-0096)\n\n - An error exists related to content length header\n handling and using the application behind a reverse\n proxy that allows a security bypass. (CVE-2014-0099)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.53\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Tomcat version 7.0.53 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0099\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/05/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/05/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n\n exit(0);\n}\n\ninclude(\"tomcat_version.inc\");\n\ntomcat_check_version(fixed:\"7.0.53\", min:\"7.0.0\", severity:SECURITY_WARNING, granularity_regex:\"^7(\\.0)?$\");\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:35:14", "description": "Updated tomcat6 packages that fix three security issues and one bug are now available for Red Hat JBoss Web Server 2.0.1 on Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nRed Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.\n\nIt was discovered that Apache Tomcat did not limit the length of chunk sizes when using chunked transfer encoding. A remote attacker could use this flaw to perform a denial of service attack against Tomcat by streaming an unlimited quantity of data, leading to excessive consumption of server resources. (CVE-2014-0075)\n\nIt was found that Apache Tomcat did not check for overflowing values when parsing request content length headers. A remote attacker could use this flaw to perform an HTTP request smuggling attack on a Tomcat server located behind a reverse proxy that processed the content length header correctly. (CVE-2014-0099)\n\nIt was found that the org.apache.catalina.servlets.DefaultServlet implementation in Apache Tomcat allowed the definition of XML External Entities (XXEs) in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive information. (CVE-2014-0096)\n\nThe CVE-2014-0075 issue was discovered by David Jorm of Red Hat Product Security.\n\nThis update also fixes the following bug :\n\nThe tomcat6-lib-6.0.37-19_patch_04.ep6.el5 package, provided as a dependency of Red Hat JBoss Web Server 2.0.1, included a build of commons-dbcp.jar that used an incorrect java package name, causing applications using this dependency to not function properly. With this update, the java package name has been corrected. (BZ#1101287)\n\nAll users of Red Hat JBoss Web Server 2.0.1 are advised to upgrade to these updated tomcat6 packages, which contain backported patches to correct these issues. The Red Hat JBoss Web Server process must be restarted for the update to take effect.", "cvss3": {}, "published": "2014-07-08T00:00:00", "type": "nessus", "title": "RHEL 5 / 6 : JBoss Web Server (RHSA-2014:0834)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0075", "CVE-2014-0096", "CVE-2014-0099"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:tomcat6", "p-cpe:/a:redhat:enterprise_linux:tomcat6-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat6-docs-webapp", "p-cpe:/a:redhat:enterprise_linux:tomcat6-el-2.1-api", "p-cpe:/a:redhat:enterprise_linux:tomcat6-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat6-jsp-2.1-api", "p-cpe:/a:redhat:enterprise_linux:tomcat6-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat6-log4j", "p-cpe:/a:redhat:enterprise_linux:tomcat6-servlet-2.5-api", "p-cpe:/a:redhat:enterprise_linux:tomcat6-webapps", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2014-0834.NASL", "href": "https://www.tenable.com/plugins/nessus/76399", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0834. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76399);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0075\", \"CVE-2014-0096\", \"CVE-2014-0099\");\n script_bugtraq_id(67667, 67668, 67671);\n script_xref(name:\"RHSA\", value:\"2014:0834\");\n\n script_name(english:\"RHEL 5 / 6 : JBoss Web Server (RHSA-2014:0834)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated tomcat6 packages that fix three security issues and one bug\nare now available for Red Hat JBoss Web Server 2.0.1 on Red Hat\nEnterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nModerate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the\nApache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat\nConnector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and\nthe Tomcat Native library.\n\nIt was discovered that Apache Tomcat did not limit the length of chunk\nsizes when using chunked transfer encoding. A remote attacker could\nuse this flaw to perform a denial of service attack against Tomcat by\nstreaming an unlimited quantity of data, leading to excessive\nconsumption of server resources. (CVE-2014-0075)\n\nIt was found that Apache Tomcat did not check for overflowing values\nwhen parsing request content length headers. A remote attacker could\nuse this flaw to perform an HTTP request smuggling attack on a Tomcat\nserver located behind a reverse proxy that processed the content\nlength header correctly. (CVE-2014-0099)\n\nIt was found that the org.apache.catalina.servlets.DefaultServlet\nimplementation in Apache Tomcat allowed the definition of XML External\nEntities (XXEs) in provided XSLTs. A malicious application could use\nthis to circumvent intended security restrictions to disclose\nsensitive information. (CVE-2014-0096)\n\nThe CVE-2014-0075 issue was discovered by David Jorm of Red Hat\nProduct Security.\n\nThis update also fixes the following bug :\n\nThe tomcat6-lib-6.0.37-19_patch_04.ep6.el5 package, provided as a\ndependency of Red Hat JBoss Web Server 2.0.1, included a build of\ncommons-dbcp.jar that used an incorrect java package name, causing\napplications using this dependency to not function properly. With this\nupdate, the java package name has been corrected. (BZ#1101287)\n\nAll users of Red Hat JBoss Web Server 2.0.1 are advised to upgrade to\nthese updated tomcat6 packages, which contain backported patches to\ncorrect these issues. The Red Hat JBoss Web Server process must be\nrestarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:0834\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0075\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0099\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/05/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:0834\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL5\", rpm:\"jws-2\") || rpm_exists(release:\"RHEL6\", rpm:\"jws-2\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"JBoss Web Server\");\n\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-6.0.37-20_patch_04.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-admin-webapps-6.0.37-20_patch_04.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-docs-webapp-6.0.37-20_patch_04.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-el-2.1-api-6.0.37-20_patch_04.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-javadoc-6.0.37-20_patch_04.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-jsp-2.1-api-6.0.37-20_patch_04.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-lib-6.0.37-20_patch_04.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-log4j-6.0.37-20_patch_04.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-servlet-2.5-api-6.0.37-20_patch_04.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"tomcat6-webapps-6.0.37-20_patch_04.ep6.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-6.0.37-29_patch_05.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-admin-webapps-6.0.37-29_patch_05.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-docs-webapp-6.0.37-29_patch_05.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-el-2.1-api-6.0.37-29_patch_05.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-javadoc-6.0.37-29_patch_05.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-jsp-2.1-api-6.0.37-29_patch_05.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-lib-6.0.37-29_patch_05.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-log4j-6.0.37-29_patch_05.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-servlet-2.5-api-6.0.37-29_patch_05.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-webapps-6.0.37-29_patch_05.ep6.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-06T15:21:42", "description": "Updated tomcat package fixes security vulnerabilities :\n\nIt was discovered that the Apache Commons FileUpload package for Java could enter an infinite loop while processing a multipart request with a crafted Content-Type, resulting in a denial-of-service condition (CVE-2014-0050).\n\nApache Tomcat 7.x before 7.0.50 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data (CVE-2013-4322).\n\nApache Tomcat 7.x before 7.0.50 allows attackers to obtain Tomcat internals information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue (CVE-2013-4590).\n\nInteger overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40 and 7.x before 7.0.53 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data (CVE-2014-0075).\n\njava/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40 and 7.x before 7.0.53 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue (CVE-2014-0096).\n\nInteger overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40 and 7.x before 7.0.53, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header (CVE-2014-0099).\n\nApache Tomcat before 6.0.40 and 7.x before 7.0.54 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or read files associated with different web applications on a single Tomcat instance via a crafted web application (CVE-2014-0119).\n\nIn Apache Tomcat 7.x before 7.0.55, it was possible to craft a malformed chunk as part of a chunked request that caused Tomcat to read part of the request body as a new request (CVE-2014-0227).", "cvss3": {}, "published": "2015-03-30T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : tomcat (MDVSA-2015:084)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4322", "CVE-2013-4590", "CVE-2014-0050", "CVE-2014-0075", "CVE-2014-0096", "CVE-2014-0099", "CVE-2014-0119", "CVE-2014-0227"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:tomcat", "p-cpe:/a:mandriva:linux:tomcat-admin-webapps", "p-cpe:/a:mandriva:linux:tomcat-docs-webapp", "p-cpe:/a:mandriva:linux:tomcat-el-2.2-api", "p-cpe:/a:mandriva:linux:tomcat-javadoc", "p-cpe:/a:mandriva:linux:tomcat-jsp-2.2-api", "p-cpe:/a:mandriva:linux:tomcat-jsvc", "p-cpe:/a:mandriva:linux:tomcat-lib", "p-cpe:/a:mandriva:linux:tomcat-log4j", "p-cpe:/a:mandriva:linux:tomcat-servlet-3.0-api", "p-cpe:/a:mandriva:linux:tomcat-webapps", "cpe:/o:mandriva:business_server:2"], "id": "MANDRIVA_MDVSA-2015-084.NASL", "href": "https://www.tenable.com/plugins/nessus/82337", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2015:084. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82337);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-4322\", \"CVE-2013-4590\", \"CVE-2014-0050\", \"CVE-2014-0075\", \"CVE-2014-0096\", \"CVE-2014-0099\", \"CVE-2014-0119\", \"CVE-2014-0227\");\n script_xref(name:\"MDVSA\", value:\"2015:084\");\n\n script_name(english:\"Mandriva Linux Security Advisory : tomcat (MDVSA-2015:084)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated tomcat package fixes security vulnerabilities :\n\nIt was discovered that the Apache Commons FileUpload package for Java\ncould enter an infinite loop while processing a multipart request with\na crafted Content-Type, resulting in a denial-of-service condition\n(CVE-2014-0050).\n\nApache Tomcat 7.x before 7.0.50 processes chunked transfer coding\nwithout properly handling (1) a large total amount of chunked data or\n(2) whitespace characters in an HTTP header value within a trailer\nfield, which allows remote attackers to cause a denial of service by\nstreaming data (CVE-2013-4322).\n\nApache Tomcat 7.x before 7.0.50 allows attackers to obtain Tomcat\ninternals information by leveraging the presence of an untrusted web\napplication with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML\ndocument containing an external entity declaration in conjunction with\nan entity reference, related to an XML External Entity (XXE) issue\n(CVE-2013-4590).\n\nInteger overflow in the parseChunkHeader function in\njava/org/apache/coyote/http11/filters/ChunkedInputFilter.java in\nApache Tomcat before 6.0.40 and 7.x before 7.0.53 allows remote\nattackers to cause a denial of service (resource consumption) via a\nmalformed chunk size in chunked transfer coding of a request during\nthe streaming of data (CVE-2014-0075).\n\njava/org/apache/catalina/servlets/DefaultServlet.java in the default\nservlet in Apache Tomcat before 6.0.40 and 7.x before 7.0.53 does not\nproperly restrict XSLT stylesheets, which allows remote attackers to\nbypass security-manager restrictions and read arbitrary files via a\ncrafted web application that provides an XML external entity\ndeclaration in conjunction with an entity reference, related to an XML\nExternal Entity (XXE) issue (CVE-2014-0096).\n\nInteger overflow in java/org/apache/tomcat/util/buf/Ascii.java in\nApache Tomcat before 6.0.40 and 7.x before 7.0.53, when operated\nbehind a reverse proxy, allows remote attackers to conduct HTTP\nrequest smuggling attacks via a crafted Content-Length HTTP header\n(CVE-2014-0099).\n\nApache Tomcat before 6.0.40 and 7.x before 7.0.54 does not properly\nconstrain the class loader that accesses the XML parser used with an\nXSLT stylesheet, which allows remote attackers to read arbitrary files\nvia a crafted web application that provides an XML external entity\ndeclaration in conjunction with an entity reference, related to an XML\nExternal Entity (XXE) issue, or read files associated with different\nweb applications on a single Tomcat instance via a crafted web\napplication (CVE-2014-0119).\n\nIn Apache Tomcat 7.x before 7.0.55, it was possible to craft a\nmalformed chunk as part of a chunked request that caused Tomcat to\nread part of the request body as a new request (CVE-2014-0227).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0110.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0149.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0268.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat-log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS2\", reference:\"tomcat-7.0.59-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", reference:\"tomcat-admin-webapps-7.0.59-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", reference:\"tomcat-docs-webapp-7.0.59-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", reference:\"tomcat-el-2.2-api-7.0.59-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", reference:\"tomcat-javadoc-7.0.59-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", reference:\"tomcat-jsp-2.2-api-7.0.59-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", reference:\"tomcat-jsvc-7.0.59-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", reference:\"tomcat-lib-7.0.59-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", reference:\"tomcat-log4j-7.0.59-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", reference:\"tomcat-servlet-3.0-api-7.0.59-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", reference:\"tomcat-webapps-7.0.59-1.mbs2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-06T15:21:41", "description": "Updated tomcat packages fix security vulnerabilities :\n\nApache Tomcat 7.x before 7.0.47, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a Transfer-Encoding: chunked header (CVE-2013-4286).\n\nApache Tomcat 7.x before 7.0.50 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data (CVE-2013-4322).\n\nApache Tomcat 7.x before 7.0.50 allows attackers to obtain Tomcat internals information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue (CVE-2013-4590).\n\nInteger overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40 and 7.x before 7.0.53 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data (CVE-2014-0075).\n\njava/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40 and 7.x before 7.0.53 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue (CVE-2014-0096).\n\nInteger overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40 and 7.x before 7.0.53, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header (CVE-2014-0099).\n\nApache Tomcat before 6.0.40 and 7.x before 7.0.54 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or read files associated with different web applications on a single Tomcat instance via a crafted web application (CVE-2014-0119).\n\nIn Apache Tomcat 7.x before 7.0.55, it was possible to craft a malformed chunk as part of a chunked request that caused Tomcat to read part of the request body as a new request (CVE-2014-0227).", "cvss3": {}, "published": "2015-03-19T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : tomcat (MDVSA-2015:052)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4286", "CVE-2013-4322", "CVE-2013-4590", "CVE-2014-0075", "CVE-2014-0096", "CVE-2014-0099", "CVE-2014-0119", "CVE-2014-0227"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:tomcat", "p-cpe:/a:mandriva:linux:tomcat-admin-webapps", "p-cpe:/a:mandriva:linux:tomcat-docs-webapp", "p-cpe:/a:mandriva:linux:tomcat-el-2.2-api", "p-cpe:/a:mandriva:linux:tomcat-javadoc", "p-cpe:/a:mandriva:linux:tomcat-jsp-2.2-api", "p-cpe:/a:mandriva:linux:tomcat-jsvc", "p-cpe:/a:mandriva:linux:tomcat-lib", "p-cpe:/a:mandriva:linux:tomcat-log4j", "p-cpe:/a:mandriva:linux:tomcat-servlet-3.0-api", "p-cpe:/a:mandriva:linux:tomcat-webapps", "cpe:/o:mandriva:business_server:1"], "id": "MANDRIVA_MDVSA-2015-052.NASL", "href": "https://www.tenable.com/plugins/nessus/81935", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2015:052. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81935);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-4286\", \"CVE-2013-4322\", \"CVE-2013-4590\", \"CVE-2014-0075\", \"CVE-2014-0096\", \"CVE-2014-0099\", \"CVE-2014-0119\", \"CVE-2014-0227\");\n script_bugtraq_id(65767, 65768, 65773, 67667, 67668, 67669, 67671, 72717);\n script_xref(name:\"MDVSA\", value:\"2015:052\");\n\n script_name(english:\"Mandriva Linux Security Advisory : tomcat (MDVSA-2015:052)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated tomcat packages fix security vulnerabilities :\n\nApache Tomcat 7.x before 7.0.47, when an HTTP connector or AJP\nconnector is used, does not properly handle certain inconsistent HTTP\nrequest headers, which allows remote attackers to trigger incorrect\nidentification of a request's length and conduct request-smuggling\nattacks via (1) multiple Content-Length headers or (2) a\nContent-Length header and a Transfer-Encoding: chunked header\n(CVE-2013-4286).\n\nApache Tomcat 7.x before 7.0.50 processes chunked transfer coding\nwithout properly handling (1) a large total amount of chunked data or\n(2) whitespace characters in an HTTP header value within a trailer\nfield, which allows remote attackers to cause a denial of service by\nstreaming data (CVE-2013-4322).\n\nApache Tomcat 7.x before 7.0.50 allows attackers to obtain Tomcat\ninternals information by leveraging the presence of an untrusted web\napplication with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML\ndocument containing an external entity declaration in conjunction with\nan entity reference, related to an XML External Entity (XXE) issue\n(CVE-2013-4590).\n\nInteger overflow in the parseChunkHeader function in\njava/org/apache/coyote/http11/filters/ChunkedInputFilter.java in\nApache Tomcat before 6.0.40 and 7.x before 7.0.53 allows remote\nattackers to cause a denial of service (resource consumption) via a\nmalformed chunk size in chunked transfer coding of a request during\nthe streaming of data (CVE-2014-0075).\n\njava/org/apache/catalina/servlets/DefaultServlet.java in the default\nservlet in Apache Tomcat before 6.0.40 and 7.x before 7.0.53 does not\nproperly restrict XSLT stylesheets, which allows remote attackers to\nbypass security-manager restrictions and read arbitrary files via a\ncrafted web application that provides an XML external entity\ndeclaration in conjunction with an entity reference, related to an XML\nExternal Entity (XXE) issue (CVE-2014-0096).\n\nInteger overflow in java/org/apache/tomcat/util/buf/Ascii.java in\nApache Tomcat before 6.0.40 and 7.x before 7.0.53, when operated\nbehind a reverse proxy, allows remote attackers to conduct HTTP\nrequest smuggling attacks via a crafted Content-Length HTTP header\n(CVE-2014-0099).\n\nApache Tomcat before 6.0.40 and 7.x before 7.0.54 does not properly\nconstrain the class loader that accesses the XML parser used with an\nXSLT stylesheet, which allows remote attackers to read arbitrary files\nvia a crafted web application that provides an XML external entity\ndeclaration in conjunction with an entity reference, related to an XML\nExternal Entity (XXE) issue, or read files associated with different\nweb applications on a single Tomcat instance via a crafted web\napplication (CVE-2014-0119).\n\nIn Apache Tomcat 7.x before 7.0.55, it was possible to craft a\nmalformed chunk as part of a chunked request that caused Tomcat to\nread part of the request body as a new request (CVE-2014-0227).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0148.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0268.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2015-0081.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat-log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"tomcat-7.0.59-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"tomcat-admin-webapps-7.0.59-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"tomcat-docs-webapp-7.0.59-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"tomcat-el-2.2-api-7.0.59-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"tomcat-javadoc-7.0.59-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"tomcat-jsp-2.2-api-7.0.59-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"tomcat-jsvc-7.0.59-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"tomcat-lib-7.0.59-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"tomcat-log4j-7.0.59-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"tomcat-servlet-3.0-api-7.0.59-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"tomcat-webapps-7.0.59-1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:41:23", "description": "It was discovered that Apache Commons HttpClient did not properly verify the Common Name or subjectAltName fields of X.509 certificates.\nAn attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. This issue only affected Ubuntu 12.04 LTS. (CVE-2012-5783)\n\nFlorian Weimer discovered the fix for CVE-2012-5783 was incomplete for Apache Commons HttpClient. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. This issue only affected Ubuntu 12.04 LTS.\n(CVE-2012-6153)\n\nSubodh Iyengar and Will Shackleton discovered the fix for CVE-2012-5783 was incomplete for Apache Commons HttpClient. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications.\n(CVE-2014-3577)\n\nIt was discovered that Apache Commons HttpClient did not properly handle read timeouts during HTTPS handshakes. A remote attacker could trigger this flaw to cause a denial of service. (CVE-2015-5262).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-10-15T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : Apache Commons HttpClient vulnerabilities (USN-2769-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5783", "CVE-2012-6153", "CVE-2014-3577", "CVE-2015-5262"], "modified": "2023-10-23T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libcommons-httpclient-java", "cpe:/o:canonical:ubuntu_linux:14.04:-:lts"], "id": "UBUNTU_USN-2769-1.NASL", "href": "https://www.tenable.com/plugins/nessus/86401", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2769-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(86401);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/23\");\n\n script_cve_id(\n \"CVE-2012-5783\",\n \"CVE-2012-6153\",\n \"CVE-2014-3577\",\n \"CVE-2015-5262\"\n );\n script_xref(name:\"USN\", value:\"2769-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : Apache Commons HttpClient vulnerabilities (USN-2769-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"It was discovered that Apache Commons HttpClient did not properly\nverify the Common Name or subjectAltName fields of X.509 certificates.\nAn attacker could exploit this to perform a man in the middle attack\nto view sensitive information or alter encrypted communications. This\nissue only affected Ubuntu 12.04 LTS. (CVE-2012-5783)\n\nFlorian Weimer discovered the fix for CVE-2012-5783 was incomplete for\nApache Commons HttpClient. An attacker could exploit this to perform a\nman in the middle attack to view sensitive information or alter\nencrypted communications. This issue only affected Ubuntu 12.04 LTS.\n(CVE-2012-6153)\n\nSubodh Iyengar and Will Shackleton discovered the fix for\nCVE-2012-5783 was incomplete for Apache Commons HttpClient. An\nattacker could exploit this to perform a man in the middle attack to\nview sensitive information or alter encrypted communications.\n(CVE-2014-3577)\n\nIt was discovered that Apache Commons HttpClient did not properly\nhandle read timeouts during HTTPS handshakes. A remote attacker could\ntrigger this flaw to cause a denial of service. (CVE-2015-5262).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-2769-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libcommons-httpclient-java package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-3577\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/11/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/10/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcommons-httpclient-java\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04:-:lts\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('14.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 14.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '14.04', 'pkgname': 'libcommons-httpclient-java', 'pkgver': '3.1-10.2ubuntu0.14.04.1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libcommons-httpclient-java');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:10:41", "description": "According to its self-reported version number, the instance of Apache Tomcat 8.0.x listening on the remote host is prior to 8.0.4. It is, therefore, affected by the following vulnerabilities:\n\n - An error exists related to chunk size and chunked requests that allow denial of service attacks. (CVE-2014-0075)\n\n - An error exists related to content length header handling and Apache JServ Protocol (AJP) requests that allow denial of service attacks. (CVE-2014-0095)\n\n - An error exists related to XSLT handling and security managers that allow a security bypass related to external XML entities. (CVE-2014-0096)\n\n - An error exists related to content length header handling and using the application behind a reverse proxy that could allow security bypass. (CVE-2014-0099)\n\nNote that Nessus Network Monitor has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2015-03-02T00:00:00", "type": "nessus", "title": "Apache Tomcat 8.0.x < 8.0.4 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0075", "CVE-2014-0095", "CVE-2014-0096", "CVE-2014-0099"], "modified": "2019-05-20T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "8936.PASL", "href": "https://www.tenable.com/plugins/nnm/8936", "sourceData": "Binary data 8936.pasl", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:28:34", "description": "According to its self-reported version number, the instance of Apache Tomcat 8.0.x listening on the remote host is prior to 8.0.4. It is, therefore, affected by the following vulnerabilities :\n\n - An error exists related to chunk size and chunked requests that allow denial of service attacks.\n (CVE-2014-0075)\n\n - An error exists related to content length header handling and Apache JServ Protocol (AJP) requests that allow denial of service attacks. (CVE-2014-0095)\n\n - An error exists related to XSLT handling and security managers that allow a security bypass related to external XML entities. (CVE-2014-0096)\n\n - An error exists related to content length header handling and using the application behind a reverse proxy that could allow security bypass. (CVE-2014-0099)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2014-05-30T00:00:00", "type": "nessus", "title": "Apache Tomcat 8.0.x < 8.0.4 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0075", "CVE-2014-0095", "CVE-2014-0096", "CVE-2014-0099"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_8_0_5.NASL", "href": "https://www.tenable.com/plugins/nessus/74248", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74248);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2014-0075\",\n \"CVE-2014-0095\",\n \"CVE-2014-0096\",\n \"CVE-2014-0099\"\n );\n script_bugtraq_id(\n 67667,\n 67668,\n 67671,\n 67673\n );\n\n script_name(english:\"Apache Tomcat 8.0.x < 8.0.4 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apache Tomcat server is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the instance of Apache\nTomcat 8.0.x listening on the remote host is prior to 8.0.4. It is,\ntherefore, affected by the following vulnerabilities :\n\n - An error exists related to chunk size and chunked\n requests that allow denial of service attacks.\n (CVE-2014-0075)\n\n - An error exists related to content length header\n handling and Apache JServ Protocol (AJP) requests that\n allow denial of service attacks. (CVE-2014-0095)\n\n - An error exists related to XSLT handling and security\n managers that allow a security bypass related to\n external XML entities. (CVE-2014-0096)\n\n - An error exists related to content length header\n handling and using the application behind a reverse\n proxy that could allow security bypass. (CVE-2014-0099)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Tomcat version 8.0.5 or later.\n\nNote that while version 8.0.4 fixes these issues, that version was not\nofficially released, and the vendor recommends upgrading to 8.0.5 or\nlater.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0099\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/05/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/05/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n\n exit(0);\n}\n\ninclude(\"tomcat_version.inc\");\n\n# Note that 8.0.4 contained the fix,\n# but was never released\ntomcat_check_version(fixed:\"8.0.4\", min:\"8.0.0\", severity:SECURITY_WARNING, granularity_regex:\"^8(\\.0)?$\");\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:39:51", "description": "Apache Axis2 reports :\n\nApache Axis2 1.7.4 is a maintenance release that includes fixes for several issues, including the following security issues : Session fixation (AXIS2-4739) and XSS (AXIS2-5683) vulnerabilities affecting the admin console. A dependency on an Apache HttpClient version affected by known security vulnerabilities (CVE-2012-6153 and CVE-2014-3577); see AXIS2-5757.", "cvss3": {}, "published": "2016-10-31T00:00:00", "type": "nessus", "title": "FreeBSD : Axis2 -- Security vulnerabilities on dependency Apache HttpClient (ac18046c-9b08-11e6-8011-005056925db4)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-6153", "CVE-2014-3577"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:axis2", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_AC18046C9B0811E68011005056925DB4.NASL", "href": "https://www.tenable.com/plugins/nessus/94419", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94419);\n script_version(\"2.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2012-6153\", \"CVE-2014-3577\");\n\n script_name(english:\"FreeBSD : Axis2 -- Security vulnerabilities on dependency Apache HttpClient (ac18046c-9b08-11e6-8011-005056925db4)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Apache Axis2 reports :\n\nApache Axis2 1.7.4 is a maintenance release that includes fixes for\nseveral issues, including the following security issues : Session\nfixation (AXIS2-4739) and XSS (AXIS2-5683) vulnerabilities affecting\nthe admin console. A dependency on an Apache HttpClient version\naffected by known security vulnerabilities (CVE-2012-6153 and\nCVE-2014-3577); see AXIS2-5757.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://axis.apache.org/axis2/java/core/release-notes/1.7.4.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://issues.apache.org/jira/browse/AXIS2-4739\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://issues.apache.org/jira/browse/AXIS2-5683\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://issues.apache.org/jira/browse/AXIS2-5757\"\n );\n # https://vuxml.freebsd.org/freebsd/ac18046c-9b08-11e6-8011-005056925db4.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c426e985\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:axis2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/12/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"axis2<1.7.4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:37:46", "description": "Security fix for CVE-2014-3577\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2014-08-30T00:00:00", "type": "nessus", "title": "Fedora 20 : httpcomponents-client-4.2.5-4.fc20 (2014-9617)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-6153", "CVE-2014-3577"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:httpcomponents-client", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2014-9617.NASL", "href": "https://www.tenable.com/plugins/nessus/77444", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-9617.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77444);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-6153\", \"CVE-2014-3577\");\n script_bugtraq_id(69257, 69258);\n script_xref(name:\"FEDORA\", value:\"2014-9617\");\n\n script_name(english:\"Fedora 20 : httpcomponents-client-4.2.5-4.fc20 (2014-9617)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2014-3577\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1129074\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-August/137180.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a00de90f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected httpcomponents-client package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpcomponents-client\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"httpcomponents-client-4.2.5-4.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpcomponents-client\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:38:10", "description": "Security fix for CVE-2014-3577\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2014-08-30T00:00:00", "type": "nessus", "title": "Fedora 19 : httpcomponents-client-4.2.5-4.fc19 (2014-9629)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-6153", "CVE-2014-3577"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:httpcomponents-client", "cpe:/o:fedoraproject:fedora:19"], "id": "FEDORA_2014-9629.NASL", "href": "https://www.tenable.com/plugins/nessus/77445", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-9629.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77445);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-6153\", \"CVE-2014-3577\");\n script_bugtraq_id(69257, 69258);\n script_xref(name:\"FEDORA\", value:\"2014-9629\");\n\n script_name(english:\"Fedora 19 : httpcomponents-client-4.2.5-4.fc19 (2014-9629)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2014-3577\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1129074\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-August/137174.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8c63b231\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected httpcomponents-client package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpcomponents-client\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"httpcomponents-client-4.2.5-4.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpcomponents-client\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-04T14:27:37", "description": "Updated packages for Red Hat JBoss Enterprise Application Platform 5.2.0 that fix two security issues are now available for Red Hat Enterprise Linux 4, 5, and 6.\n\nRed Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nRed Hat JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam.\n\nIt was discovered that the HttpClient incorrectly extracted host name from an X.509 certificate subject's Common Name (CN) field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. (CVE-2012-6153, CVE-2014-3577)\n\nThe CVE-2012-6153 issue was discovered by Florian Weimer of Red Hat Product Security.\n\nFor additional information on these flaws, refer to the Knowledgebase article in the References section.\n\nAll users of Red Hat JBoss Enterprise Application Platform 5.2.0 on Red Hat Enterprise Linux 4, 5, and 6 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect.", "cvss3": {}, "published": "2014-11-12T00:00:00", "type": "nessus", "title": "RHEL 5 / 6 : JBoss EAP (RHSA-2014:1834)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-6153", "CVE-2014-3577"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:apache-cxf", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2014-1834.NASL", "href": "https://www.tenable.com/plugins/nessus/79205", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:1834. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79205);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-6153\", \"CVE-2014-3577\");\n script_xref(name:\"RHSA\", value:\"2014:1834\");\n\n script_name(english:\"RHEL 5 / 6 : JBoss EAP (RHSA-2014:1834)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated packages for Red Hat JBoss Enterprise Application Platform\n5.2.0 that fix two security issues are now available for Red Hat\nEnterprise Linux 4, 5, and 6.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nRed Hat JBoss Enterprise Application Platform is a platform for Java\napplications, which integrates the JBoss Application Server with JBoss\nHibernate and JBoss Seam.\n\nIt was discovered that the HttpClient incorrectly extracted host name\nfrom an X.509 certificate subject's Common Name (CN) field. A\nman-in-the-middle attacker could use this flaw to spoof an SSL server\nusing a specially crafted X.509 certificate. (CVE-2012-6153,\nCVE-2014-3577)\n\nThe CVE-2012-6153 issue was discovered by Florian Weimer of Red Hat\nProduct Security.\n\nFor additional information on these flaws, refer to the Knowledgebase\narticle in the References section.\n\nAll users of Red Hat JBoss Enterprise Application Platform 5.2.0 on\nRed Hat Enterprise Linux 4, 5, and 6 are advised to upgrade to these\nupdated packages. The JBoss server process must be restarted for the\nupdate to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/solutions/1165533\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:1834\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-6153\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-3577\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected apache-cxf package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apache-cxf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/08/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:1834\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL5\", rpm:\"jbossas-welcome-content-eap\") || rpm_exists(release:\"RHEL6\", rpm:\"jbossas-welcome-content-eap\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"JBoss EAP\");\n\n if (rpm_check(release:\"RHEL5\", reference:\"apache-cxf-2.2.12-14.patch_09.ep5.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"apache-cxf-2.2.12-14.patch_09.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache-cxf\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:43:45", "description": "Updated packages for Red Hat JBoss Enterprise Web Platform 5.2.0 that fix two security issues are now available for Red Hat Enterprise Linux 4, 5, and 6.\n\nRed Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nRed Hat JBoss Enterprise Web Platform is a platform for Java applications, which integrates the JBoss Web Server with JBoss Hibernate and JBoss Seam.\n\nIt was discovered that the HttpClient incorrectly extracted host name from an X.509 certificate subject's Common Name (CN) field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. (CVE-2012-6153, CVE-2014-3577)\n\nThe CVE-2012-6153 issue was discovered by Florian Weimer of Red Hat Product Security.\n\nFor additional information on these flaws, refer to the Knowledgebase article in the References section.\n\nAll users of Red Hat JBoss Enterprise Web Platform 5.2.0 on Red Hat Enterprise Linux 4, 5, and 6 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect.", "cvss3": {}, "published": "2014-11-12T00:00:00", "type": "nessus", "title": "RHEL 5 / 6 : JBoss EWP (RHSA-2014:1833)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-6153", "CVE-2014-3577"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:apache-cxf", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2014-1833.NASL", "href": "https://www.tenable.com/plugins/nessus/79204", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:1833. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79204);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-6153\", \"CVE-2014-3577\");\n script_xref(name:\"RHSA\", value:\"2014:1833\");\n\n script_name(english:\"RHEL 5 / 6 : JBoss EWP (RHSA-2014:1833)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated packages for Red Hat JBoss Enterprise Web Platform 5.2.0 that\nfix two security issues are now available for Red Hat Enterprise Linux\n4, 5, and 6.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nRed Hat JBoss Enterprise Web Platform is a platform for Java\napplications, which integrates the JBoss Web Server with JBoss\nHibernate and JBoss Seam.\n\nIt was discovered that the HttpClient incorrectly extracted host name\nfrom an X.509 certificate subject's Common Name (CN) field. A\nman-in-the-middle attacker could use this flaw to spoof an SSL server\nusing a specially crafted X.509 certificate. (CVE-2012-6153,\nCVE-2014-3577)\n\nThe CVE-2012-6153 issue was discovered by Florian Weimer of Red Hat\nProduct Security.\n\nFor additional information on these flaws, refer to the Knowledgebase\narticle in the References section.\n\nAll users of Red Hat JBoss Enterprise Web Platform 5.2.0 on Red Hat\nEnterprise Linux 4, 5, and 6 are advised to upgrade to these updated\npackages. The JBoss server process must be restarted for the update to\ntake effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/solutions/1165533\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:1833\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-6153\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-3577\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected apache-cxf package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apache-cxf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/08/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:1833\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL5\", rpm:\"jbossas-seam2-\") || rpm_exists(release:\"RHEL6\", rpm:\"jbossas-seam2-\")) || rpm_exists(rpm:\"jbossas-welcome-content-eap\")) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"JBoss EWP\");\n\n if (rpm_check(release:\"RHEL5\", reference:\"apache-cxf-2.2.12-14.patch_09.ep5.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"apache-cxf-2.2.12-14.patch_09.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache-cxf\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-29T19:28:20", "description": "The version of WebSphere Application Server installed on the remote host is 8.0.x through 8.0.0.15, 8.5.x prior to 8.5.5.20, or 9.0.x prior to 9.0.5.8. It is, therefore, affected by multiple vulnerabilities as referenced in the 6453091 advisory, including the following:\n\n - http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors. (CVE-2015-5262)\n\n - org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the- middle attackers to spoof SSL servers via a CN= string in a field in the distinguished name (DN) of a certificate, as demonstrated by the foo,CN=www.apache.org string in the O field. (CVE-2014-3577)\n\n - http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5783. (CVE-2012-6153)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-05-20T00:00:00", "type": "nessus", "title": "IBM WebSphere Application Server 8.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.20 / 9.0.x < 9.0.5.8 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1498", "CVE-2012-5783", "CVE-2012-6153", "CVE-2014-3577", "CVE-2015-5262"], "modified": "2022-02-04T00:00:00", "cpe": ["cpe:/a:ibm:websphere_application_server"], "id": "WEBSPHERE_6453091.NASL", "href": "https://www.tenable.com/plugins/nessus/149787", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149787);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/04\");\n\n script_cve_id(\n \"CVE-2011-1498\",\n \"CVE-2012-6153\",\n \"CVE-2014-3577\",\n \"CVE-2015-5262\"\n );\n\n script_name(english:\"IBM WebSphere Application Server 8.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.20 / 9.0.x < 9.0.5.8 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web application server is affected by multiple vulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of WebSphere Application Server installed on the remote host is 8.0.x through 8.0.0.15, 8.5.x prior to\n8.5.5.20, or 9.0.x prior to 9.0.5.8. It is, therefore, affected by multiple vulnerabilities as referenced in the\n6453091 advisory, including the following:\n\n - http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the\n http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause\n a denial of service (HTTPS call hang) via unspecified vectors. (CVE-2015-5262)\n\n - org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and\n HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in\n the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-\n middle attackers to spoof SSL servers via a CN= string in a field in the distinguished name (DN) of a\n certificate, as demonstrated by the foo,CN=www.apache.org string in the O field. (CVE-2014-3577)\n\n - http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify\n that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field\n of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate\n with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists\n because of an incomplete fix for CVE-2012-5783. (CVE-2012-6153)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.ibm.com/support/pages/node/6453091\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to IBM WebSphere Application Server 8.5.5.20, 9.0.5.8, or later. Alternatively, upgrade to the minimal fix pack\nlevels required by the interim fix and then apply Interim Fixes PH34501 and PH94944.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-3577\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/07/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:websphere_application_server\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"websphere_detect.nasl\", \"ibm_enum_products.nbin\", \"ibm_websphere_application_server_nix_installed.nbin\");\n script_require_keys(\"installed_sw/IBM WebSphere Application Server\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nvar app = 'IBM WebSphere Application Server';\nvar app_info = vcf::combined_get_app_info(app:app);\nvcf::check_granularity(app_info:app_info, sig_segments:4);\n\n# If the detection is only remote, Source will be set, and we should require paranoia\nif (!empty_or_null(app_info['Source']) && app_info['Source'] != 'unknown' && report_paranoia < 2)\n audit(AUDIT_POTENTIAL_VULN, app_info['version'], app);\n\nif ('PH34501' >< app_info['Fixes'] && 'PH34944' >< app_info['Fixes'])\n audit(AUDIT_INST_VER_NOT_VULN, app);\n\nvar fix = 'Interim Fixes PH34501 and PH34944';\nvar constraints = [\n {'min_version':'8.0.0.0', 'max_version':'8.0.0.15', 'fixed_display':fix},\n {'min_version':'8.5.0.0', 'max_version':'8.5.5.19', 'fixed_display':'8.5.5.20 or ' + fix},\n {'min_version':'9.0.0.0', 'max_version':'9.0.5.7', 'fixed_display':'9.0.5.8 or ' + fix}\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:37:57", "description": "Tomcat has been updated to version 6.0.41, which brings security and bug fixes.\n\nThe following security fixes have been fixed :\n\n - A XXE vulnerability via user-supplied XSLTs.\n (CVE-2014-0096)\n\n - Request smuggling via malicious content length header.\n (CVE-2014-0099)\n\n - A XML parser hijack by malicious web application. Bugs fixed:. (CVE-2014-0119)\n\n - Socket bind fails on tomcat startup when using apr (IPV6). (bnc#881700)\n\n - classpath for org/apache/juli/logging/LogFactory (bnc#844689)", "cvss3": {}, "published": "2014-08-14T00:00:00", "type": "nessus", "title": "SuSE 11.3 Security Update : tomcat6 (SAT Patch Number 9487)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3544", "CVE-2013-4322", "CVE-2014-0096", "CVE-2014-0099", "CVE-2014-0119"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:libtcnative-1-0", "p-cpe:/a:novell:suse_linux:11:tomcat6", "p-cpe:/a:novell:suse_linux:11:tomcat6-admin-webapps", "p-cpe:/a:novell:suse_linux:11:tomcat6-docs-webapp", "p-cpe:/a:novell:suse_linux:11:tomcat6-javadoc", "p-cpe:/a:novell:suse_linux:11:tomcat6-jsp-2_1-api", "p-cpe:/a:novell:suse_linux:11:tomcat6-lib", "p-cpe:/a:novell:suse_linux:11:tomcat6-servlet-2_5-api", "p-cpe:/a:novell:suse_linux:11:tomcat6-webapps", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_TOMCAT6-201407-140706.NASL", "href": "https://www.tenable.com/plugins/nessus/77197", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77197);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-3544\", \"CVE-2013-4322\", \"CVE-2014-0096\", \"CVE-2014-0099\", \"CVE-2014-0119\");\n\n script_name(english:\"SuSE 11.3 Security Update : tomcat6 (SAT Patch Number 9487)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Tomcat has been updated to version 6.0.41, which brings security and\nbug fixes.\n\nThe following security fixes have been fixed :\n\n - A XXE vulnerability via user-supplied XSLTs.\n (CVE-2014-0096)\n\n - Request smuggling via malicious content length header.\n (CVE-2014-0099)\n\n - A XML parser hijack by malicious web application. Bugs\n fixed:. (CVE-2014-0119)\n\n - Socket bind fails on tomcat startup when using apr\n (IPV6). (bnc#881700)\n\n - classpath for org/apache/juli/logging/LogFactory\n (bnc#844689)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=844689\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=865746\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=880346\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=880347\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=880348\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=881700\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-3544.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-4322.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0096.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0099.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0119.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 9487.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libtcnative-1-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:tomcat6-jsp-2_1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:tomcat6-servlet-2_5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"libtcnative-1-0-1.3.3-12.2.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"tomcat6-6.0.41-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"tomcat6-admin-webapps-6.0.41-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"tomcat6-docs-webapp-6.0.41-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"tomcat6-javadoc-6.0.41-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"tomcat6-jsp-2_1-api-6.0.41-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"tomcat6-lib-6.0.41-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"tomcat6-servlet-2_5-api-6.0.41-0.43.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"tomcat6-webapps-6.0.41-0.43.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:35:14", "description": "It was discovered that Apache Tomcat did not limit the length of chunk sizes when using chunked transfer encoding. A remote attacker could use this flaw to perform a denial of service attack against Tomcat by streaming an unlimited quantity of data, leading to excessive consumption of server resources. (CVE-2014-0075)\n\nIt was found that Apache Tomcat did not check for overflowing values when parsing request content length headers. A remote attacker could use this flaw to perform an HTTP request smuggling attack on a Tomcat server located behind a reverse proxy that processed the content length header correctly. (CVE-2014-0099)\n\nIt was found that the org.apache.catalina.servlets.DefaultServlet implementation in Apache Tomcat allowed the definition of XML External Entities (XXEs) in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive information. (CVE-2014-0096)\n\nThis update also fixes the following bugs :\n\n - The patch that resolved the CVE-2014-0050 issue contained redundant code. This update removes the redundant code.\n\n - The patch that resolved the CVE-2013-4322 issue contained an invalid check that triggered a java.io.EOFException while reading trailer headers for chunked requests. This update fixes the check and the aforementioned exception is no longer triggered in the described scenario.\n\nTomcat must be restarted for this update to take effect.", "cvss3": {}, "published": "2014-07-10T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : tomcat6 on SL6.x i386/srpm/x86_64 (20140709)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4322", "CVE-2014-0050", "CVE-2014-0075", "CVE-2014-0096", "CVE-2014-0099"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:tomcat6", "p-cpe:/a:fermilab:scientific_linux:tomcat6-admin-webapps", "p-cpe:/a:fermilab:scientific_linux:tomcat6-docs-webapp", "p-cpe:/a:fermilab:scientific_linux:tomcat6-el-2.1-api", "p-cpe:/a:fermilab:scientific_linux:tomcat6-javadoc", "p-cpe:/a:fermilab:scientific_linux:tomcat6-jsp-2.1-api", "p-cpe:/a:fermilab:scientific_linux:tomcat6-lib", "p-cpe:/a:fermilab:scientific_linux:tomcat6-servlet-2.5-api", "p-cpe:/a:fermilab:scientific_linux:tomcat6-webapps", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20140709_TOMCAT6_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/76450", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76450);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-4322\", \"CVE-2014-0050\", \"CVE-2014-0075\", \"CVE-2014-0096\", \"CVE-2014-0099\");\n\n script_name(english:\"Scientific Linux Security Update : tomcat6 on SL6.x i386/srpm/x86_64 (20140709)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that Apache Tomcat did not limit the length of chunk\nsizes when using chunked transfer encoding. A remote attacker could\nuse this flaw to perform a denial of service attack against Tomcat by\nstreaming an unlimited quantity of data, leading to excessive\nconsumption of server resources. (CVE-2014-0075)\n\nIt was found that Apache Tomcat did not check for overflowing values\nwhen parsing request content length headers. A remote attacker could\nuse this flaw to perform an HTTP request smuggling attack on a Tomcat\nserver located behind a reverse proxy that processed the content\nlength header correctly. (CVE-2014-0099)\n\nIt was found that the org.apache.catalina.servlets.DefaultServlet\nimplementation in Apache Tomcat allowed the definition of XML External\nEntities (XXEs) in provided XSLTs. A malicious application could use\nthis to circumvent intended security restrictions to disclose\nsensitive information. (CVE-2014-0096)\n\nThis update also fixes the following bugs :\n\n - The patch that resolved the CVE-2014-0050 issue\n contained redundant code. This update removes the\n redundant code.\n\n - The patch that resolved the CVE-2013-4322 issue\n contained an invalid check that triggered a\n java.io.EOFException while reading trailer headers for\n chunked requests. This update fixes the check and the\n aforementioned exception is no longer triggered in the\n described scenario.\n\nTomcat must be restarted for this update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1407&L=scientific-linux-errata&T=0&P=424\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d82b881a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-6.0.24-72.el6_5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-6.0.24-72.el6_5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-admin-webapps-6.0.24-72.el6_5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-admin-webapps-6.0.24-72.el6_5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-docs-webapp-6.0.24-72.el6_5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-docs-webapp-6.0.24-72.el6_5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-el-2.1-api-6.0.24-72.el6_5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-el-2.1-api-6.0.24-72.el6_5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-javadoc-6.0.24-72.el6_5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-javadoc-6.0.24-72.el6_5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-jsp-2.1-api-6.0.24-72.el6_5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-jsp-2.1-api-6.0.24-72.el6_5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-lib-6.0.24-72.el6_5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-lib-6.0.24-72.el6_5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-servlet-2.5-api-6.0.24-72.el6_5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-servlet-2.5-api-6.0.24-72.el6_5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-webapps-6.0.24-72.el6_5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-webapps-6.0.24-72.el6_5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:35:13", "description": "Updated tomcat6 packages that fix three security issues and two bugs are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nIt was discovered that Apache Tomcat did not limit the length of chunk sizes when using chunked transfer encoding. A remote attacker could use this flaw to perform a denial of service attack against Tomcat by streaming an unlimited quantity of data, leading to excessive consumption of server resources. (CVE-2014-0075)\n\nIt was found that Apache Tomcat did not check for overflowing values when parsing request content length headers. A remote attacker could use this flaw to perform an HTTP request smuggling attack on a Tomcat server located behind a reverse proxy that processed the content length header correctly. (CVE-2014-0099)\n\nIt was found that the org.apache.catalina.servlets.DefaultServlet implementation in Apache Tomcat allowed the definition of XML External Entities (XXEs) in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive information. (CVE-2014-0096)\n\nThe CVE-2014-0075 issue was discovered by David Jorm of Red Hat Product Security.\n\nThis update also fixes the following bugs :\n\n* The patch that resolved the CVE-2014-0050 issue contained redundant code. This update removes the redundant code. (BZ#1094528)\n\n* The patch that resolved the CVE-2013-4322 issue contained an invalid check that triggered a java.io.EOFException while reading trailer headers for chunked requests. This update fixes the check and the aforementioned exception is no longer triggered in the described scenario. (BZ#1095602)\n\nAll Tomcat 6 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Tomcat must be restarted for this update to take effect.", "cvss3": {}, "published": "2014-07-10T00:00:00", "type": "nessus", "title": "CentOS 6 : tomcat6 (CESA-2014:0865)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4322", "CVE-2014-0050", "CVE-2014-0075", "CVE-2014-0096", "CVE-2014-0099"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:tomcat6", "p-cpe:/a:centos:centos:tomcat6-admin-webapps", "p-cpe:/a:centos:centos:tomcat6-docs-webapp", "p-cpe:/a:centos:centos:tomcat6-el-2.1-api", "p-cpe:/a:centos:centos:tomcat6-javadoc", "p-cpe:/a:centos:centos:tomcat6-jsp-2.1-api", "p-cpe:/a:centos:centos:tomcat6-lib", "p-cpe:/a:centos:centos:tomcat6-servlet-2.5-api", "p-cpe:/a:centos:centos:tomcat6-webapps", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2014-0865.NASL", "href": "https://www.tenable.com/plugins/nessus/76430", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0865 and \n# CentOS Errata and Security Advisory 2014:0865 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76430);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2014-0075\", \"CVE-2014-0096\", \"CVE-2014-0099\");\n script_bugtraq_id(67667, 67668, 67671);\n script_xref(name:\"RHSA\", value:\"2014:0865\");\n\n script_name(english:\"CentOS 6 : tomcat6 (CESA-2014:0865)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated tomcat6 packages that fix three security issues and two bugs\nare now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nModerate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nIt was discovered that Apache Tomcat did not limit the length of chunk\nsizes when using chunked transfer encoding. A remote attacker could\nuse this flaw to perform a denial of service attack against Tomcat by\nstreaming an unlimited quantity of data, leading to excessive\nconsumption of server resources. (CVE-2014-0075)\n\nIt was found that Apache Tomcat did not check for overflowing values\nwhen parsing request content length headers. A remote attacker could\nuse this flaw to perform an HTTP request smuggling attack on a Tomcat\nserver located behind a reverse proxy that processed the content\nlength header correctly. (CVE-2014-0099)\n\nIt was found that the org.apache.catalina.servlets.DefaultServlet\nimplementation in Apache Tomcat allowed the definition of XML External\nEntities (XXEs) in provided XSLTs. A malicious application could use\nthis to circumvent intended security restrictions to disclose\nsensitive information. (CVE-2014-0096)\n\nThe CVE-2014-0075 issue was discovered by David Jorm of Red Hat\nProduct Security.\n\nThis update also fixes the following bugs :\n\n* The patch that resolved the CVE-2014-0050 issue contained redundant\ncode. This update removes the redundant code. (BZ#1094528)\n\n* The patch that resolved the CVE-2013-4322 issue contained an invalid\ncheck that triggered a java.io.EOFException while reading trailer\nheaders for chunked requests. This update fixes the check and the\naforementioned exception is no longer triggered in the described\nscenario. (BZ#1095602)\n\nAll Tomcat 6 users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. Tomcat must\nbe restarted for this update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2014-July/020403.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ef2c2218\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat6 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0075\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/05/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-6.0.24-72.el6_5\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-admin-webapps-6.0.24-72.el6_5\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-docs-webapp-6.0.24-72.el6_5\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-el-2.1-api-6.0.24-72.el6_5\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-javadoc-6.0.24-72.el6_5\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-jsp-2.1-api-6.0.24-72.el6_5\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-lib-6.0.24-72.el6_5\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-servlet-2.5-api-6.0.24-72.el6_5\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tomcat6-webapps-6.0.24-72.el6_5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:35:27", "description": "Updated tomcat6 packages that fix three security issues and two bugs are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nIt was discovered that Apache Tomcat did not limit the length of chunk sizes when using chunked transfer encoding. A remote attacker could use this flaw to perform a denial of service attack against Tomcat by streaming an unlimited quantity of data, leading to excessive consumption of server resources. (CVE-2014-0075)\n\nIt was found that Apache Tomcat did not check for overflowing values when parsing request content length headers. A remote attacker could use this flaw to perform an HTTP request smuggling attack on a Tomcat server located behind a reverse proxy that processed the content length header correctly. (CVE-2014-0099)\n\nIt was found that the org.apache.catalina.servlets.DefaultServlet implementation in Apache Tomcat allowed the definition of XML External Entities (XXEs) in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive information. (CVE-2014-0096)\n\nThe CVE-2014-0075 issue was discovered by David Jorm of Red Hat Product Security.\n\nThis update also fixes the following bugs :\n\n* The patch that resolved the CVE-2014-0050 issue contained redundant code. This update removes the redundant code. (BZ#1094528)\n\n* The patch that resolved the CVE-2013-4322 issue contained an invalid check that triggered a java.io.EOFException while reading trailer headers for chunked requests. This update fixes the check and the aforementioned exception is no longer triggered in the described scenario. (BZ#1095602)\n\nAll Tomcat 6 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Tomcat must be restarted for this update to take effect.", "cvss3": {}, "published": "2014-07-10T00:00:00", "type": "nessus", "title": "RHEL 6 : tomcat6 (RHSA-2014:0865)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4322", "CVE-2014-0050", "CVE-2014-0075", "CVE-2014-0096", "CVE-2014-0099"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:tomcat6", "p-cpe:/a:redhat:enterprise_linux:tomcat6-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat6-docs-webapp", "p-cpe:/a:redhat:enterprise_linux:tomcat6-el-2.1-api", "p-cpe:/a:redhat:enterprise_linux:tomcat6-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat6-jsp-2.1-api", "p-cpe:/a:redhat:enterprise_linux:tomcat6-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat6-servlet-2.5-api", "p-cpe:/a:redhat:enterprise_linux:tomcat6-webapps", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.5"], "id": "REDHAT-RHSA-2014-0865.NASL", "href": "https://www.tenable.com/plugins/nessus/76446", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0865. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76446);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0075\", \"CVE-2014-0096\", \"CVE-2014-0099\");\n script_bugtraq_id(67667, 67668, 67671);\n script_xref(name:\"RHSA\", value:\"2014:0865\");\n\n script_name(english:\"RHEL 6 : tomcat6 (RHSA-2014:0865)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated tomcat6 packages that fix three security issues and two bugs\nare now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nModerate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nIt was discovered that Apache Tomcat did not limit the length of chunk\nsizes when using chunked transfer encoding. A remote attacker could\nuse this flaw to perform a denial of service attack against Tomcat by\nstreaming an unlimited quantity of data, leading to excessive\nconsumption of server resources. (CVE-2014-0075)\n\nIt was found that Apache Tomcat did not check for overflowing values\nwhen parsing request content length headers. A remote attacker could\nuse this flaw to perform an HTTP request smuggling attack on a Tomcat\nserver located behind a reverse proxy that processed the content\nlength header correctly. (CVE-2014-0099)\n\nIt was found that the org.apache.catalina.servlets.DefaultServlet\nimplementation in Apache Tomcat allowed the definition of XML External\nEntities (XXEs) in provided XSLTs. A malicious application could use\nthis to circumvent intended security restrictions to disclose\nsensitive information. (CVE-2014-0096)\n\nThe CVE-2014-0075 issue was discovered by David Jorm of Red Hat\nProduct Security.\n\nThis update also fixes the following bugs :\n\n* The patch that resolved the CVE-2014-0050 issue contained redundant\ncode. This update removes the redundant code. (BZ#1094528)\n\n* The patch that resolved the CVE-2013-4322 issue contained an invalid\ncheck that triggered a java.io.EOFException while reading trailer\nheaders for chunked requests. This update fixes the check and the\naforementioned exception is no longer triggered in the described\nscenario. (BZ#1095602)\n\nAll Tomcat 6 users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. Tomcat must\nbe restarted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://tomcat.apache.org/security-6.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:0865\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0075\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0099\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/05/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:0865\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-6.0.24-72.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-admin-webapps-6.0.24-72.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-docs-webapp-6.0.24-72.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-el-2.1-api-6.0.24-72.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-javadoc-6.0.24-72.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-jsp-2.1-api-6.0.24-72.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-lib-6.0.24-72.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-servlet-2.5-api-6.0.24-72.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-webapps-6.0.24-72.el6_5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:35:25", "description": "From Red Hat Security Advisory 2014:0865 :\n\nUpdated tomcat6 packages that fix three security issues and two bugs are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nIt was discovered that Apache Tomcat did not limit the length of chunk sizes when using chunked transfer encoding. A remote attacker could use this flaw to perform a denial of service attack against Tomcat by streaming an unlimited quantity of data, leading to excessive consumption of server resources. (CVE-2014-0075)\n\nIt was found that Apache Tomcat did not check for overflowing values when parsing request content length headers. A remote attacker could use this flaw to perform an HTTP request smuggling attack on a Tomcat server located behind a reverse proxy that processed the content length header correctly. (CVE-2014-0099)\n\nIt was found that the org.apache.catalina.servlets.DefaultServlet implementation in Apache Tomcat allowed the definition of XML External Entities (XXEs) in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive information. (CVE-2014-0096)\n\nThe CVE-2014-0075 issue was discovered by David Jorm of Red Hat Product Security.\n\nThis update also fixes the following bugs :\n\n* The patch that resolved the CVE-2014-0050 issue contained redundant code. This update removes the redundant code. (BZ#1094528)\n\n* The patch that resolved the CVE-2013-4322 issue contained an invalid check that triggered a java.io.EOFException while reading trailer headers for chunked requests. This update fixes the check and the aforementioned exception is no longer triggered in the described scenario. (BZ#1095602)\n\nAll Tomcat 6 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Tomcat must be restarted for this update to take effect.", "cvss3": {}, "published": "2014-07-10T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : tomcat6 (ELSA-2014-0865)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4322", "CVE-2014-0050", "CVE-2014-0075", "CVE-2014-0096", "CVE-2014-0099"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:tomcat6", "p-cpe:/a:oracle:linux:tomcat6-admin-webapps", "p-cpe:/a:oracle:linux:tomcat6-docs-webapp", "p-cpe:/a:oracle:linux:tomcat6-el-2.1-api", "p-cpe:/a:oracle:linux:tomcat6-javadoc", "p-cpe:/a:oracle:linux:tomcat6-jsp-2.1-api", "p-cpe:/a:oracle:linux:tomcat6-lib", "p-cpe:/a:oracle:linux:tomcat6-servlet-2.5-api", "p-cpe:/a:oracle:linux:tomcat6-webapps", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2014-0865.NASL", "href": "https://www.tenable.com/plugins/nessus/76442", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2014:0865 and \n# Oracle Linux Security Advisory ELSA-2014-0865 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76442);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0075\", \"CVE-2014-0096\", \"CVE-2014-0099\");\n script_bugtraq_id(65400, 65767, 67667, 67668, 67671);\n script_xref(name:\"RHSA\", value:\"2014:0865\");\n\n script_name(english:\"Oracle Linux 6 : tomcat6 (ELSA-2014-0865)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2014:0865 :\n\nUpdated tomcat6 packages that fix three security issues and two bugs\nare now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nModerate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nIt was discovered that Apache Tomcat did not limit the length of chunk\nsizes when using chunked transfer encoding. A remote attacker could\nuse this flaw to perform a denial of service attack against Tomcat by\nstreaming an unlimited quantity of data, leading to excessive\nconsumption of server resources. (CVE-2014-0075)\n\nIt was found that Apache Tomcat did not check for overflowing values\nwhen parsing request content length headers. A remote attacker could\nuse this flaw to perform an HTTP request smuggling attack on a Tomcat\nserver located behind a reverse proxy that processed the content\nlength header correctly. (CVE-2014-0099)\n\nIt was found that the org.apache.catalina.servlets.DefaultServlet\nimplementation in Apache Tomcat allowed the definition of XML External\nEntities (XXEs) in provided XSLTs. A malicious application could use\nthis to circumvent intended security restrictions to disclose\nsensitive information. (CVE-2014-0096)\n\nThe CVE-2014-0075 issue was discovered by David Jorm of Red Hat\nProduct Security.\n\nThis update also fixes the following bugs :\n\n* The patch that resolved the CVE-2014-0050 issue contained redundant\ncode. This update removes the redundant code. (BZ#1094528)\n\n* The patch that resolved the CVE-2013-4322 issue contained an invalid\ncheck that triggered a java.io.EOFException while reading trailer\nheaders for chunked requests. This update fixes the check and the\naforementioned exception is no longer triggered in the described\nscenario. (BZ#1095602)\n\nAll Tomcat 6 users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. Tomcat must\nbe restarted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2014-July/004220.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat6 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/05/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-6.0.24-72.el6_5\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-admin-webapps-6.0.24-72.el6_5\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-docs-webapp-6.0.24-72.el6_5\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-el-2.1-api-6.0.24-72.el6_5\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-javadoc-6.0.24-72.el6_5\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-jsp-2.1-api-6.0.24-72.el6_5\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-lib-6.0.24-72.el6_5\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-servlet-2.5-api-6.0.24-72.el6_5\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-webapps-6.0.24-72.el6_5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:45:59", "description": "Updated Red Hat JBoss Enterprise Application Platform 6.3.2 packages that fix three security issues are now available for Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nRed Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7.\n\nIt was discovered that the Apache CXF incorrectly extracted the host name from an X.509 certificate subject's Common Name (CN) field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. (CVE-2012-6153, CVE-2014-3577)\n\nIt was found that Apache WSS4J (Web Services Security for Java), as used by Apache CXF with the TransportBinding, did not, by default, properly enforce all security requirements associated with SAML SubjectConfirmation methods. A remote attacker could use this flaw to perform various types of spoofing attacks on web service endpoints secured by WSS4j that rely on SAML for authentication. (CVE-2014-3623)\n\nThe CVE-2012-6153 issue was discovered by Florian Weimer of Red Hat Product Security.\n\nAll users of Red Hat JBoss Enterprise Application Platform 6.3.2 on Red Hat Enterprise Linux 5, 6, and 7 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect.", "cvss3": {}, "published": "2014-12-22T00:00:00", "type": "nessus", "title": "RHEL 5 / 6 / 7 : JBoss EAP (RHSA-2014:2019)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-6153", "CVE-2014-3577", "CVE-2014-3623"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:apache-cxf", "p-cpe:/a:redhat:enterprise_linux:wss4j", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2014-2019.NASL", "href": "https://www.tenable.com/plugins/nessus/80159", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:2019. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80159);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-6153\", \"CVE-2014-3577\", \"CVE-2014-3623\");\n script_xref(name:\"RHSA\", value:\"2014:2019\");\n\n script_name(english:\"RHEL 5 / 6 / 7 : JBoss EAP (RHSA-2014:2019)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated Red Hat JBoss Enterprise Application Platform 6.3.2 packages\nthat fix three security issues are now available for Red Hat\nEnterprise Linux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nRed Hat JBoss Enterprise Application Platform 6 is a platform for Java\napplications based on JBoss Application Server 7.\n\nIt was discovered that the Apache CXF incorrectly extracted the host\nname from an X.509 certificate subject's Common Name (CN) field. A\nman-in-the-middle attacker could use this flaw to spoof an SSL server\nusing a specially crafted X.509 certificate. (CVE-2012-6153,\nCVE-2014-3577)\n\nIt was found that Apache WSS4J (Web Services Security for Java), as\nused by Apache CXF with the TransportBinding, did not, by default,\nproperly enforce all security requirements associated with SAML\nSubjectConfirmation methods. A remote attacker could use this flaw to\nperform various types of spoofing attacks on web service endpoints\nsecured by WSS4j that rely on SAML for authentication. (CVE-2014-3623)\n\nThe CVE-2012-6153 issue was discovered by Florian Weimer of Red Hat\nProduct Security.\n\nAll users of Red Hat JBoss Enterprise Application Platform 6.3.2 on\nRed Hat Enterprise Linux 5, 6, and 7 are advised to upgrade to these\nupdated packages. The JBoss server process must be restarted for the\nupdate to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:2019\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-6153\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-3577\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-3623\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected apache-cxf and / or wss4j packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apache-cxf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:wss4j\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/08/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:2019\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL5\", rpm:\"jbossas-welcome-content-eap\") || rpm_exists(release:\"RHEL6\", rpm:\"jbossas-welcome-content-eap\") || rpm_exists(release:\"RHEL7\", rpm:\"jbossas-welcome-content-eap\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"JBoss EAP\");\n\n if (rpm_check(release:\"RHEL5\", reference:\"apache-cxf-2.7.12-1.SP1_redhat_5.1.ep6.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"wss4j-1.6.16-2.redhat_3.1.ep6.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"apache-cxf-2.7.12-1.SP1_redhat_5.1.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"wss4j-1.6.16-2.redhat_3.1.ep6.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"apache-cxf-2.7.12-1.SP1_redhat_5.1.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"wss4j-1.6.16-2.redhat_3.1.ep6.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache-cxf / wss4j\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-29T16:22:04", "description": "An update of the commons package has been released.", "cvss3": {}, "published": "2020-09-21T00:00:00", "type": "nessus", "title": "Photon OS 3.0: Commons PHSA-2020-3.0-0141", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5783", "CVE-2014-3577", "CVE-2015-5262"], "modified": "2020-09-22T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:commons", "cpe:/o:vmware:photonos:3.0"], "id": "PHOTONOS_PHSA-2020-3_0-0141_COMMONS.NASL", "href": "https://www.tenable.com/plugins/nessus/140702", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2020-3.0-0141. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140702);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/22\");\n\n script_cve_id(\"CVE-2012-5783\", \"CVE-2014-3577\", \"CVE-2015-5262\");\n script_bugtraq_id(58073, 69258, 77110);\n\n script_name(english:\"Photon OS 3.0: Commons PHSA-2020-3.0-0141\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the commons package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-3.0-141.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-3577\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/11/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:commons\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:3.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 3\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 3.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nflag = 0;\n\nif (rpm_check(release:'PhotonOS-3.0', reference:'commons-httpclient-3.1-1.ph3')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'commons');\n}\n\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-06T14:48:46", "description": "It was discovered that malicious web applications could use the Expression Language to bypass protections of a Security Manager as expressions were evaluated within a privileged code section.", "cvss3": {}, "published": "2016-01-19T00:00:00", "type": "nessus", "title": "Debian DSA-3447-1 : tomcat7 - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4444", "CVE-2014-0075", "CVE-2014-0099", "CVE-2014-0227", "CVE-2014-0230", "CVE-2014-7810"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:tomcat7", "cpe:/o:debian:debian_linux:7.0", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3447.NASL", "href": "https://www.tenable.com/plugins/nessus/87979", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3447. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87979);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-7810\");\n script_xref(name:\"DSA\", value:\"3447\");\n\n script_name(english:\"Debian DSA-3447-1 : tomcat7 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that malicious web applications could use the\nExpression Language to bypass protections of a Security Manager as\nexpressions were evaluated within a privileged code section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-4444\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-0075\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-0099\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-0227\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-0230\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/tomcat7\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/tomcat7\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2016/dsa-3447\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the tomcat7 packages.\n\nFor the oldstable distribution (wheezy), this problem has been fixed\nin version 7.0.28-4+deb7u3. This update also provides fixes for\nCVE-2013-4444, CVE-2014-0075, CVE-2014-0099, CVE-2014-0227 and\nCVE-2014-0230, which were all fixed for the stable distribution\n(jessie) already.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 7.0.56-3+deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libservlet3.0-java\", reference:\"7.0.28-4+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libservlet3.0-java-doc\", reference:\"7.0.28-4+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libtomcat7-java\", reference:\"7.0.28-4+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat7\", reference:\"7.0.28-4+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat7-admin\", reference:\"7.0.28-4+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat7-common\", reference:\"7.0.28-4+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat7-docs\", reference:\"7.0.28-4+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat7-examples\", reference:\"7.0.28-4+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat7-user\", reference:\"7.0.28-4+deb7u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libservlet3.0-java\", reference:\"7.0.56-3+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libservlet3.0-java-doc\", reference:\"7.0.56-3+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libtomcat7-java\", reference:\"7.0.56-3+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat7\", reference:\"7.0.56-3+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat7-admin\", reference:\"7.0.56-3+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat7-common\", reference:\"7.0.56-3+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat7-docs\", reference:\"7.0.56-3+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat7-examples\", reference:\"7.0.56-3+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat7-user\", reference:\"7.0.56-3+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:38:01", "description": "Red Hat Enterprise Virtualization Manager 3.5.0 is now available.\n\nRed Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nRed Hat Enterprise Virtualization Manager is a visual tool for centrally managing collections of virtual servers running Red Hat Enterprise Linux and Microsoft Windows. This package also includes the Red Hat Enterprise Virtualization Manager API, a set of scriptable commands that give administrators the ability to perform queries and operations on Red Hat Enterprise Virtualization Manager.\n\nThe Manager is a JBoss Application Server application that provides several interfaces through which the virtual environment can be accessed and interacted with, including an Administration Portal, a User Portal, and a Representational State Transfer (REST) Application Programming Interface (API).\n\nIt was discovered that the HttpClient incorrectly extracted the host name from an X.509 certificate subject's Common Name (CN) field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. (CVE-2012-6153, CVE-2014-3577)\n\nA Cross-Site Request Forgery (CSRF) flaw was found in the oVirt REST API. A remote attacker could provide a specially crafted web page that, when visited by a user with a valid REST API session, would allow the attacker to trigger calls to the oVirt REST API.\n(CVE-2014-0151)\n\nIt was found that the oVirt web admin interface did not include the HttpOnly flag when setting session IDs with the Set-Cookie header.\nThis flaw could make it is easier for a remote attacker to hijack an oVirt web admin session by leveraging a cross-site scripting (XSS) vulnerability. (CVE-2014-0154)\n\nThe CVE-2012-6153 issue was discovered by Florian Weimer of Red Hat Product Security.\n\nThese updated Red Hat Enterprise Virtualization Manager packages also include numerous bug fixes and various enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Virtualization 3.5 Manager Release Notes document, linked to in the References, for information on the most significant of these changes.\n\nAll Red Hat Enterprise Virtualization Manager users are advised to upgrade to these updated packages, which resolve these issues and add these enhancements.", "cvss3": {}, "published": "2015-09-01T00:00:00", "type": "nessus", "title": "RHEL 6 : Virtualization Manager (RHSA-2015:0158)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-6153", "CVE-2014-0151", "CVE-2014-0154", "CVE-2014-3577"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:rhevm", "p-cpe:/a:redhat:enterprise_linux:rhevm-backend", "p-cpe:/a:redhat:enterprise_linux:rhevm-dbscripts", "p-cpe:/a:redhat:enterprise_linux:rhevm-extensions-api-impl", "p-cpe:/a:redhat:enterprise_linux:rhevm-extensions-api-impl-javadoc", "p-cpe:/a:redhat:enterprise_linux:rhevm-lib", "p-cpe:/a:redhat:enterprise_linux:rhevm-restapi", "p-cpe:/a:redhat:enterprise_linux:rhevm-setup", "p-cpe:/a:redhat:enterprise_linux:rhevm-setup-base", "p-cpe:/a:redhat:enterprise_linux:rhevm-setup-plugin-allinone", "p-cpe:/a:redhat:enterprise_linux:rhevm-setup-plugin-ovirt-engine", "p-cpe:/a:redhat:enterprise_linux:rhevm-setup-plugin-ovirt-engine-common", "p-cpe:/a:redhat:enterprise_linux:rhevm-setup-plugin-websocket-proxy", "p-cpe:/a:redhat:enterprise_linux:rhevm-tools", "p-cpe:/a:redhat:enterprise_linux:rhevm-userportal", "p-cpe:/a:redhat:enterprise_linux:rhevm-webadmin-portal", "p-cpe:/a:redhat:enterprise_linux:rhevm-websocket-proxy", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2015-0158.NASL", "href": "https://www.tenable.com/plugins/nessus/85712", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:0158. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85712);\n script_version(\"2.9\");\n script_cvs_date(\"Date: 2019/10/24 15:35:39\");\n\n script_cve_id(\"CVE-2012-6153\", \"CVE-2014-0151\", \"CVE-2014-0154\", \"CVE-2014-3577\");\n script_xref(name:\"RHSA\", value:\"2015:0158\");\n\n script_name(english:\"RHEL 6 : Virtualization Manager (RHSA-2015:0158)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Red Hat Enterprise Virtualization Manager 3.5.0 is now available.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nRed Hat Enterprise Virtualization Manager is a visual tool for\ncentrally managing collections of virtual servers running Red Hat\nEnterprise Linux and Microsoft Windows. This package also includes the\nRed Hat Enterprise Virtualization Manager API, a set of scriptable\ncommands that give administrators the ability to perform queries and\noperations on Red Hat Enterprise Virtualization Manager.\n\nThe Manager is a JBoss Application Server application that provides\nseveral interfaces through which the virtual environment can be\naccessed and interacted with, including an Administration Portal, a\nUser Portal, and a Representational State Transfer (REST) Application\nProgramming Interface (API).\n\nIt was discovered that the HttpClient incorrectly extracted the host\nname from an X.509 certificate subject's Common Name (CN) field. A\nman-in-the-middle attacker could use this flaw to spoof an SSL server\nusing a specially crafted X.509 certificate. (CVE-2012-6153,\nCVE-2014-3577)\n\nA Cross-Site Request Forgery (CSRF) flaw was found in the oVirt REST\nAPI. A remote attacker could provide a specially crafted web page\nthat, when visited by a user with a valid REST API session, would\nallow the attacker to trigger calls to the oVirt REST API.\n(CVE-2014-0151)\n\nIt was found that the oVirt web admin interface did not include the\nHttpOnly flag when setting session IDs with the Set-Cookie header.\nThis flaw could make it is easier for a remote attacker to hijack an\noVirt web admin session by leveraging a cross-site scripting (XSS)\nvulnerability. (CVE-2014-0154)\n\nThe CVE-2012-6153 issue was discovered by Florian Weimer of Red Hat\nProduct Security.\n\nThese updated Red Hat Enterprise Virtualization Manager packages also\ninclude numerous bug fixes and various enhancements. Space precludes\ndocumenting all of these changes in this advisory. Users are directed\nto the Red Hat Enterprise Virtualization 3.5 Manager Release Notes\ndocument, linked to in the References, for information on the most\nsignificant of these changes.\n\nAll Red Hat Enterprise Virtualization Manager users are advised to\nupgrade to these updated packages, which resolve these issues and add\nthese enhancements.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/documentation/en-US/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:0158\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-6153\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-3577\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0154\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0151\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhevm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhevm-backend\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhevm-dbscripts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhevm-extensions-api-impl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhevm-extensions-api-impl-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhevm-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhevm-restapi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhevm-setup\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhevm-setup-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhevm-setup-plugin-allinone\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhevm-setup-plugin-ovirt-engine\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhevm-setup-plugin-ovirt-engine-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhevm-setup-plugin-websocket-proxy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhevm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhevm-userportal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhevm-webadmin-portal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhevm-websocket-proxy\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/08/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:0158\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_exists(rpm:\"rhevm-3.5.\", release:\"RHEL6\") && rpm_check(release:\"RHEL6\", reference:\"rhevm-3.5.0-0.29.el6ev\")) flag++;\n if (rpm_exists(rpm:\"rhevm-backend-3.5.\", release:\"RHEL6\") && rpm_check(release:\"RHEL6\", reference:\"rhevm-backend-3.5.0-0.29.el6ev\")) flag++;\n if (rpm_exists(rpm:\"rhevm-dbscripts-3.5.\", release:\"RHEL6\") && rpm_check(release:\"RHEL6\", reference:\"rhevm-dbscripts-3.5.0-0.29.el6ev\")) flag++;\n if (rpm_exists(rpm:\"rhevm-extensions-api-impl-3.5.\", release:\"RHEL6\") && rpm_check(release:\"RHEL6\", reference:\"rhevm-extensions-api-impl-3.5.0-0.29.el6ev\")) flag++;\n if (rpm_exists(rpm:\"rhevm-extensions-api-impl-javadoc-3.5.\", release:\"RHEL6\") && rpm_check(release:\"RHEL6\", reference:\"rhevm-extensions-api-impl-javadoc-3.5.0-0.29.el6ev\")) flag++;\n if (rpm_exists(rpm:\"rhevm-lib-3.5.\", release:\"RHEL6\") && rpm_check(release:\"RHEL6\", reference:\"rhevm-lib-3.5.0-0.29.el6ev\")) flag++;\n if (rpm_exists(rpm:\"rhevm-restapi-3.5.\", release:\"RHEL6\") && rpm_check(release:\"RHEL6\", reference:\"rhevm-restapi-3.5.0-0.29.el6ev\")) flag++;\n if (rpm_exists(rpm:\"rhevm-setup-3.5.\", release:\"RHEL6\") && rpm_check(release:\"RHEL6\", reference:\"rhevm-setup-3.5.0-0.29.el6ev\")) flag++;\n if (rpm_exists(rpm:\"rhevm-setup-base-3.5.\", release:\"RHEL6\") && rpm_check(release:\"RHEL6\", reference:\"rhevm-setup-base-3.5.0-0.29.el6ev\")) flag++;\n if (rpm_exists(rpm:\"rhevm-setup-plugin-allinone-3.5.\", release:\"RHEL6\") && rpm_check(release:\"RHEL6\", reference:\"rhevm-setup-plugin-allinone-3.5.0-0.29.el6ev\")) flag++;\n if (rpm_exists(rpm:\"rhevm-setup-plugin-ovirt-engine-3.5.\", release:\"RHEL6\") && rpm_check(release:\"RHEL6\", reference:\"rhevm-setup-plugin-ovirt-engine-3.5.0-0.29.el6ev\")) flag++;\n if (rpm_exists(rpm:\"rhevm-setup-plugin-ovirt-engine-common-3.5.\", release:\"RHEL6\") && rpm_check(release:\"RHEL6\", reference:\"rhevm-setup-plugin-ovirt-engine-common-3.5.0-0.29.el6ev\")) flag++;\n if (rpm_exists(rpm:\"rhevm-setup-plugin-websocket-proxy-3.5.\", release:\"RHEL6\") && rpm_check(release:\"RHEL6\", reference:\"rhevm-setup-plugin-websocket-proxy-3.5.0-0.29.el6ev\")) flag++;\n if (rpm_exists(rpm:\"rhevm-tools-3.5.\", release:\"RHEL6\") && rpm_check(release:\"RHEL6\", reference:\"rhevm-tools-3.5.0-0.29.el6ev\")) flag++;\n if (rpm_exists(rpm:\"rhevm-userportal-3.5.\", release:\"RHEL6\") && rpm_check(release:\"RHEL6\", reference:\"rhevm-userportal-3.5.0-0.29.el6ev\")) flag++;\n if (rpm_exists(rpm:\"rhevm-webadmin-portal-3.5.\", release:\"RHEL6\") && rpm_check(release:\"RHEL6\", reference:\"rhevm-webadmin-portal-3.5.0-0.29.el6ev\")) flag++;\n if (rpm_exists(rpm:\"rhevm-websocket-proxy-3.5.\", release:\"RHEL6\") && rpm_check(release:\"RHEL6\", reference:\"rhevm-websocket-proxy-3.5.0-0.29.el6ev\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rhevm / rhevm-backend / rhevm-dbscripts / rhevm-extensions-api-impl / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "ibm": [{"lastseen": "2023-02-12T21:35:10", "description": "## Summary\n\nIBM SONAS is shipped with Apache Tomcat, for which fixes are available for five security vulnerabilities.\n\n## Vulnerability Details\n\n**CVEID: ** \n[_CVE-2014-0075_](<https://vulners.com/cve/CVE-2014-0075>) \n[_CVE-2014-0096_](<https://vulners.com/cve/CVE-2014-0096>) \n[_CVE-2014-0099_](<https://vulners.com/cve/CVE-2014-0099>) \n[_CVE-2014-0119_](<https://vulners.com/cve/CVE-2014-0119>) \n \n**DESCRIPTION:** \nApache Tomcat is used in IBM SONAS for providing graphical user interface for the purpose of administering the system. \n \nApache Tomcat is vulnerable to a denial of service. A remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/93365_](<http://xforce.iss.net/xforce/xfdb/93365>) for the current score \n\n \nApache Tomcat could allow a remote attacker to obtain sensitive information. This could result from a flaw in processing XML data. By sending specially-crafted XML data, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 4.3 \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/93367_](<http://xforce.iss.net/xforce/xfdb/93367>) for the current score \n\n \nApache Tomcat could allow a remote attacker to obtain sensitive information. This could result from a flaw in parsing HTTP requests. By sending specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 5 \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/93369_](<http://xforce.iss.net/xforce/xfdb/93369>) for the current score \n\n \nApache Tomcat could allow a remote attacker to obtain sensitive information. This could result from a flaw in transforming data from XML format to other formats. An attacker could exploit this vulnerability using a specially-crafted application to obtain sensitive information. \nCVSS Base Score: 5 \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/93368_](<http://xforce.iss.net/xforce/xfdb/93368>) for the current score \n\n## Affected Products and Versions\n\nIBM SONAS \nThe product is affected when running a code releases 1.3.0.0 to 1.4.3.3\n\n## Remediation/Fixes\n\nA fix for these issues is in version 1.4.3.4 of IBM SONAS. Customers running an affected version of IBM SONAS should upgrade to 1.4.3.4 or a later version, so that the fix gets applied.\n\n## ", "cvss3": {}, "published": "2018-06-18T00:08:32", "type": "ibm", "title": "Security Bulletin: Apache Tomcat security vulnerability issues on IBM SONAS (CVE-2014-0075, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0075", "CVE-2014-0096", "CVE-2014-0099", "CVE-2014-0119"], "modified": "2018-06-18T00:08:32", "id": "BF02F346F8040935042888E37E57388C99CFE5C1481423006521CE138806F10B", "href": "https://www.ibm.com/support/pages/node/689933", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T01:49:14", "description": "## Summary\n\nApache Tomcat is vulnerable to a number of security issues affecting the Rational Test Control Panel component in IBM Rational Test Workbench and Rational Test Virtualization Server.\n\n## Vulnerability Details\n\n| **Subscribe to My Notifications to be notified of important product support alerts like this.**\n\n * Follow [this link](<https://www.ibm.com/systems/support/myview/subscription/css.wss/subscriptions?methodName=startSearchToSubscribe&uctug_rational_dcfsbblurb_2013-11-05_myn_adoption_promo>) for more information (requires login with your IBM ID) \n---|--- \n \n**CVE ID:** [CVE-2014-0075](<https://vulners.com/cve/CVE-2014-0075>)\n\n \n \n**Description**: Apache Tomcat is vulnerable to a denial of service, caused by the improper handling of a malformed chunk size as part of a chunked request. A remote attacker could exploit this vulnerability to cause a denial of service. \n \n**CVSS Base Score:** 5 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93365> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n \n**CVE ID:** [CVE-2014-0096](<https://vulners.com/cve/CVE-2014-0096>) \n \n**Description**: Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection (XXE) error when processing XML data by the default server. By sending specially-crafted XML data, an attacker could exploit this vulnerability to obtain sensitive information. \n \n**CVSS Base Score:** 4.3 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93367> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n \n \n**CVE ID:** [CVE-2014-0099](<https://vulners.com/cve/CVE-2014-0099>) \n \n**Description**: Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the failure to check for overflows when parsing content length headers. By sending specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information. \n \n**CVSS Base Score:** 5 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93369> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:L/Au:N/C:P/I:N/A:N) \n \n \n**CVE ID:** [CVE-2014-0119](<https://vulners.com/cve/CVE-2014-0119>) \n \n**Description**: Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the replacement of the XML parsers used to process XSLTs for the default servlet. An attacker could exploit this vulnerability using a specially-crafted application to obtain sensitive information. \n \n**CVSS Base Score:** 5 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93368> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:L/Au:N/C:P/I:N/A:N) \n\n## Affected Products and Versions\n\nRational Test Control Panel component in Rational Test Virtualization Server and Rational Test Workbench versions: \n\n * All 8.0.x\n * All 8.5.0.x\n \nVersions 8.5.1 and later are unaffected as they do not use Apache Tomcat. \n\n## Remediation/Fixes\n\nThe fixes for the CVEs mentioned above have been incorporated into the 7.0.54 release of Apache Tomcat. You should upgrade your installation by following the instructions below. \n\n\n 1. Download the fix for your product from Fix Central:\n * Rational Test Workbench - [**7.0.54-Rational-RTW-Tomcat-zip**](<http://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Test+Workbench&release=All&platform=All&function=fixId&fixids=7.0.54-Rational-RTW-Tomcat-zip&includeRequisites=1&includeSupersedes=0&downloadMethod=http>)\n * Rational Test Virtualization Server - [**7.0.54-Rational-RTVS-Tomcat-zip**](<http://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Test+Virtualization+Server&release=All&platform=All&function=fixId&fixids=7.0.54-Rational-RTVS-Tomcat-zip&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) \n[](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Test+Virtualization+Server&release=All&platform=All&function=fixId&fixids=7.0.54-Rational-RTVS-Tomcat-zip&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) \n\n* Unzip the downloaded file to a directory. \n \n\n* Stop the server. \n \n\n* In the existing RTCP installation, save the files logging.properties and server.xml to a separate location. \n \nThe default installation locations for these files are:\n\n * Windows: `C:\\Program Files\\IBM\\RationalTestControlPanel\\conf\\`\n * AIX, Linux, Solaris: `/opt/IBM/RationalTestControlPanel/conf/ \n \n`\n* Copy the contents of the unzipped Tomcat directory (except for the LICENSE file) into the `RationalTestControlPanel` directory, overwriting the existing files. \n \n\n* Copy the two configuration files you saved earlier back into `/conf`. \n \n\n* Start the server.\n \n**Notes:**\n\n * When updating an installation to a later version of Rational Test Control Panel, the security fix detailed above will have to be re-applied after the RTCP update\n * When removing an installation that has had the security fix applied, not all the files will be removed by IBM Installation Manager, and some files will have to be removed manually.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-17T04:56:14", "type": "ibm", "title": "Security Bulletin: Rational Test Control Panel in Rational Test Workbench and Rational Test Virtualization Server affected by Apache Tomcat vulnerablity (CVE-2014-0075, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0075", "CVE-2014-0096", "CVE-2014-0099", "CVE-2014-0119"], "modified": "2018-06-17T04:56:14", "id": "C8BE73C4E7057D8E5549AED30F58BE7C02D764368946F222F073AD95FC7463AB", "href": "https://www.ibm.com/support/pages/node/245401", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-12T21:35:11", "description": "## Summary\n\nIBM Storwize V7000 Unified is shipped with Apache Tomcat, for which fixes are available for four security vulnerabilities.\n\n## Vulnerability Details\n\n**CVEID: ** \n[_CVE-2014-0075_](<https://vulners.com/cve/CVE-2014-0075>) \n[_CVE-2014-0096_](<https://vulners.com/cve/CVE-2014-0096>) \n[_CVE-2014-0099_](<https://vulners.com/cve/CVE-2014-0099>) \n[_CVE-2014-0119_](<https://vulners.com/cve/CVE-2014-0119>) \n \n**DESCRIPTION:** \nApache Tomcat is used in IBM Storwize V7000 Unified for providing graphical user interface for the purpose of administering the system. \n \n**CVE-2014-0075** \nApache Tomcat is vulnerable to a denial of service. A remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/93365_](<http://xforce.iss.net/xforce/xfdb/93365>) for the current score \n\n \n**CVE-2014-0096** \nApache Tomcat could allow a remote attacker to obtain sensitive information. This could result from a flaw in processing XML data. By sending specially-crafted XML data, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 4.3 \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/93367> for the current score \n \n**CVE-2014-0099** \nApache Tomcat could allow a remote attacker to obtain sensitive information. This could result from a flaw in parsing HTTP requests. By sending specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 5 \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/93369_](<http://xforce.iss.net/xforce/xfdb/93369>) for the current score \n\n \n**CVE-2014-0119** \nApache Tomcat could allow a remote attacker to obtain sensitive information. This could result from a flaw in transforming data from XML format to other formats. An attacker could exploit this vulnerability using a specially-crafted application to obtain sensitive information. \nCVSS Base Score: 5 \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/93368> for the current score \n\n## Affected Products and Versions\n\nIBM Storwize V7000 Unified \nThe product is affected when running code releases 1.3.0.0 to 1.4.3.3 and also 1.5.0.0 and 1.5.0.1\n\n## Remediation/Fixes\n\nA fix for these issues is in version 1.4.3.4 and 1.5.0.2 of IBM Storwize V7000 Unified. Customers running an affected version of IBM Storwize V7000 Unified should upgrade to 1.4.3.4 or 1.5.0.2 or a later version, so that the fix gets applied.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-18T00:08:28", "type": "ibm", "title": "Security Bulletin: Apache Tomcat security vulnerability issues on IBM Storwize V7000 Unified (CVE-2014-0075, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0075", "CVE-2014-0096", "CVE-2014-0099", "CVE-2014-0119"], "modified": "2018-06-18T00:08:28", "id": "6E576C2CB4D4BBA1032374CAD5E52D25D35C49BA3CF8B212C76E104CF2FFB067", "href": "https://www.ibm.com/support/pages/node/689913", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T01:49:07", "description": "## Summary\n\nMultiple security vulnerabilities exist in the Tomcat that is shipped with the Rational Insight.\n\n## Vulnerability Details\n\n| **Subscribe to My Notifications to be notified of important product support alerts like this.**\n\n * Follow [this link](<https://www.ibm.com/systems/support/myview/subscription/css.wss/subscriptions?methodName=startSearchToSubscribe&uctug_rational_dcfsbblurb_2013-11-05_myn_adoption_promo>) for more information (requires login with your IBM ID) \n---|--- \n \n \nThe Jazz Team Server installed with Rational Insight for Data Collection Component (DCC) and Jazz Reporting Service (JRS) is based on the Tomcat server. The May 2014 X-Force Report reported the following security vulnerabilities. Some steps would be required to fix those issues. \n \n \n**CVE-ID:** [CVE-2014-0075](<https://vulners.com/cve/CVE-2014-0075>) \n \n**Description:** Apache Tomcat is vulnerable to a denial of service, caused by the improper handling of a malformed chunk size as part of a chucked request. A remote attacker could exploit this vulnerability to cause a denial of service. \n \n**CVSS Base Score:** 5 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93365> for more information \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n \n**CVE-ID:** [CVE-2014-0095](<https://vulners.com/cve/CVE-2014-0095>) \n \n**Description:** Apache Tomcat is vulnerable to a denial of service, caused by the improper handling of an AJP request. A remote attacker could exploit this vulnerability to consume a request processing thread and cause a denial of service. \n \n**CVSS Base Score:** 4.3 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93366> for more information \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:M/Au:N/C:N/I:N/A:P) \n \n \n**CVE-ID:** [CVE-2014-0096](<https://vulners.com/cve/CVE-2014-0096>) \n \n**Description:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection (XXE) error when processing XML data by the default server. By sending specially-crafted XML data, an attacker could exploit this vulnerability to obtain sensitive information. \n \n**CVSS Base Score:** 4.3 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93367> for more information \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n \n \n**CVE-ID:** [CVE-2014-0099](<https://vulners.com/cve/CVE-2014-0099>) \n \n**Description:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the failure to check for overflows when parsing content length headers. By sending specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information. \n \n**CVSS Base Score:** 5 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93369> for more information \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:L/Au:N/C:P/I:N/A:N) \n \n \n**CVE-ID:** [CVE-2014-0119](<https://vulners.com/cve/CVE-2014-0119>) \n \n**Description:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the replacement of the XML parsers used to process XSLTs for the default servlet. An attacker could exploit this vulnerability using a specially-crafted application to obtain sensitive information. \n \n**CVSS Base Score:** 5 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93368> for more information \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:L/Au:N/C:P/I:N/A:N) \n\n## Affected Products and Versions\n\nRational Insight 1.1, 1.1.1, 1.1.1.1, 1.1.1.2, 1.1.1.3, 1.1.1.4\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the recommended fixes to all affected versions of Rational Insight as soon as practical. \n \n**Rational Insight 1.1 ** \n \n\n\n * Download the [IBM Cognos Business Intelligence 10.1.1 Interim Fix 8](<http://www-01.ibm.com/support/docview.wss?uid=swg24038146>). \nReview technote [1679272: Install a Cognos Business Intelligence 10.1.1 fix package in Rational Insight 1.1](<http://www-01.ibm.com/support/docview.wss?uid=swg21679272>) for detailed instructions.\n \n[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035869>)**Rational Insight 1.1.1, 1.1.1.1 and 1.1.1.2 ** \n \n\n\n * Download the [IBM Cognos Business Intelligence 10.1.1 Interim Fix 8](<http://www-01.ibm.com/support/docview.wss?uid=swg24038146>). \nRead technote [1679281: Install a Cognos Business Intelligence 10.1.1 fix package in Rational Reporting for Development Intelligence 2.0.x and Rational Insight 1.1.1.x](<http://www-01.ibm.com/support/docview.wss?uid=swg21679281>) for the detailed instructions for patch application.\n \n**Rational Insight 1.1.1.3 ** \n \n\n\n * Download the [Cognos Business Intelligence 10.2.1 Fix Pack 2](<http://www-01.ibm.com/support/docview.wss?uid=swg24036866>). \nReview technote [1679283: Install a Cognos Business Intelligence 10.2.1 fix package in Rational Reporting for Development Intelligence 2.0.x and Rational Insight 1.1.1.x](<http://www-01.ibm.com/support/docview.wss?uid=swg21679283>) for the detailed instructions for patch application.\n[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035869>) \n**Rational Insight 1.1.1.4 ** \n \n\n\n * Download the [Rational Insight 1.1.1.5 release](<https://jazz.net/downloads/rational-insight/releases/1.1.1.5?p=allDownloads>). \nReview the topics related to DCC and JRS in [_Upgrading Rational Insight_](<http://www-01.ibm.com/support/knowledgecenter/SSRL5J_1.1.1.5/com.ibm.rational.raer.migrating.doc/topics/c_upgrade_overview.html>) for the detailed instructions for upgrading respective components from Rational Insight 1.1.1.4 to 1.1.1.5.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-17T04:56:52", "type": "ibm", "title": "Security Bulletin: Rational Insight - Open Source Tomcat reported in May 2014 X-Force Report", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0075", "CVE-2014-0095", "CVE-2014-0096", "CVE-2014-0099", "CVE-2014-0119"], "modified": "2018-06-17T04:56:52", "id": "39E0A8E42AF49F2179F0B050D210E6D8104FD0358E58AD9DC5049A5A5791989D", "href": "https://www.ibm.com/support/pages/node/248405", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T01:51:06", "description": "## Summary\n\nMultiple security vulnerabilities have been discovered in the Apache Tomcat component bundled with IBM QRadar versions 7.1.x and 7.2.x.\n\n## Vulnerability Details\n\n \n**CVE-ID: **[_CVE-2014-0075_](<https://vulners.com/cve/CVE-2014-0075>) \n \n**Description: **Apache Tomcat is vulnerable to a denial of service, caused by the improper handling of a malformed chunk size as part of a chunked request. A remote attacker could exploit this vulnerability to cause a denial of service. \n \n_CVSS Base Score: 5_ \n_CVSS Temporal Score: See _[__https://exchange.xforce.ibmcloud.com/vulnerabilities/93365__](<https://exchange.xforce.ibmcloud.com/vulnerabilities/93365>)_ for more information_ \n_CVSS Environmental Score*: Undefined_ \n_CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)_ \n \n \n \n**CVE-ID: **[_CVE-2014-0095_](<https://vulners.com/cve/CVE-2014-0095>) \n \n**Description: **Apache Tomcat is vulnerable to a denial of service, caused by the improper handling of an AJP request. A remote attacker could exploit this vulnerability to consume a request processing thread and cause a denial of service. \n \n_CVSS Base Score: 4.3_ \n_CVSS Temporal Score: See _[__https://exchange.xforce.ibmcloud.com/vulnerabilities/93366__](<https://exchange.xforce.ibmcloud.com/vulnerabilities/93366>)_ for more information_ \n_CVSS Environmental Score*: Undefined_ \n_CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)_ \n \n \n \n**CVE-ID: **[_CVE-2014-0096_](<https://vulners.com/cve/CVE-2014-0096>) \n \n**Description: **Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection (XXE) error when processing XML data by the default server. By sending specially-crafted XML data, an attacker could exploit this vulnerability to obtain sensitive information. \n \n_CVSS Base Score: 4.3_ \n_CVSS Temporal Score: See _[__https://exchange.xforce.ibmcloud.com/vulnerabilities/93367__](<https://exchange.xforce.ibmcloud.com/vulnerabilities/93367>)_ for more information_ \n_CVSS Environmental Score*: Undefined_ \n_CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)_ \n \n \n \n**CVE-ID: **[_CVE-2014-0099_](<https://vulners.com/cve/CVE-2014-0099>) \n \n**Description: **Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the failure to check for overflows when parsing content length headers. By sending specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information. \n \n_CVSS Base Score: 5_ \n_CVSS Temporal Score: See _[__https://exchange.xforce.ibmcloud.com/vulnerabilities/93369__](<https://exchange.xforce.ibmcloud.com/vulnerabilities/93369>)_ for more information_ \n_CVSS Environmental Score*: Undefined_ \n_CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)_ \n \n \n**CVE-ID: **[_CVE-2014-0119_](<https://vulners.com/cve/CVE-2014-0119>) \n \n**Description: **Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the replacement of the XML parsers used to process XSLTs for the default servlet. An attacker could exploit this vulnerability using a specially-crafted application to obtain sensitive information. \n \n_CVSS Base Score: 5_ \n_CVSS Temporal Score: See _[__https://exchange.xforce.ibmcloud.com/vulnerabilities/93368__](<https://exchange.xforce.ibmcloud.com/vulnerabilities/93368>)_ for more information_ \n_CVSS Environmental Score*: Undefined_ \n_CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)_\n\n## Affected Products and Versions\n\n * * IBM QRadar 7.1.x \n * IBM QRadar 7.2.x\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the fix for each named product as soon as practical. Please see below for information about the fixes available. \n \n \n\n\n_Product_| _VRMF_| _Remediation/First Fix_ \n---|---|--- \n_IBM QRadar _| _7.1 MR2_| [7.1.0-QRADAR-QRSIEM-962104](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=7.1.0&platform=Linux&function=fixId&fixids=7.1.0-QRADAR-QRSIEM-962104&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) \n_IBM QRadar_| 7.2 MR3| [7.2.3-QRADAR-QRSIEM-931999](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=Security%2BSystems&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=7.2.0&platform=All&function=fixId&fixids=7.2.3-QRADAR-QRSIEM-931999&includeRequisites=0&includeSupersedes=0&downloadMethod=http>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-16T21:19:58", "type": "ibm", "title": "Security Bulletin: Multiple Apache Tomcat vulnerabilities in QRadar (CVE-2014-0075, CVE-2014-0095, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0075", "CVE-2014-0095", "CVE-2014-0096", "CVE-2014-0099", "CVE-2014-0119"], "modified": "2018-06-16T21:19:58", "id": "0BBFF5ACCE3BB85B4B009BE1151FB259BD27E60CC9166A10FE3D48B5D6499E15", "href": "https://www.ibm.com/support/pages/node/253079", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T01:44:43", "description": "## Summary\n\nPrevious releases of IBM UrbanCode Deploy are affected by vulnerabilities in Apache Tomcat that may allow remote attackers to influence the availability of the server or obtain sensitive information.\n\n## Vulnerability Details\n\n| **Subscribe to My Notifications to be notified of important product support alerts like this.**\n\n * Follow [this link](<https://www.ibm.com/systems/support/myview/subscription/css.wss/subscriptions?methodName=startSearchToSubscribe&uctug_rational_dcfsbblurb_2013-11-05_myn_adoption_promo>) for more information (requires login with your IBM ID) \n---|--- \n \n \n**CVE-ID:** [CVE-2014-0075](<https://vulners.com/cve/CVE-2014-0075>) \n \n**Description:** Apache Tomcat is vulnerable to a denial of service, caused by the improper handling of a malformed chunk size as part of a chucked request. A remote attacker could exploit this vulnerability to cause a denial of service. \n \n**CVSS Base Score:** 5 \n**CVSS Temporal Score:** See [](<https://exchange.xforce.ibmcloud.com/vulnerabilities/93365>)<https://exchange.xforce.ibmcloud.com/vulnerabilities/93365> for more information \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n \n**CVE-ID:** [CVE-2014-0095](<https://vulners.com/cve/CVE-2014-0095>) \n \n**Description:** Apache Tomcat is vulnerable to a denial of service, caused by the improper handling of an AJP request. A remote attacker could exploit this vulnerability to consume a request processing thread and cause a denial of service. \n \n**CVSS Base Score:** 4.3 \n**CVSS Temporal Score:** See [](<https://exchange.xforce.ibmcloud.com/vulnerabilities/93366>)<https://exchange.xforce.ibmcloud.com/vulnerabilities/93366> for more information \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:M/Au:N/C:N/I:N/A:P) \n \n \n**CVE-ID:** [CVE-2014-0096](<https://vulners.com/cve/CVE-2014-0096>) \n \n**Description:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection (XXE) error when processing XML data by the default server. By sending specially-crafted XML data, an attacker could exploit this vulnerability to obtain sensitive information. \n \n**CVSS Base Score:** 4.3 \n**CVSS Temporal Score:** See [](<https://exchange.xforce.ibmcloud.com/vulnerabilities/93367>)<https://exchange.xforce.ibmcloud.com/vulnerabilities/93367> for more information \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n \n \n**CVE-ID:** [CVE-2014-0099](<https://vulners.com/cve/CVE-2014-0099>) \n \n**Description:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the failure to check for overflows when parsing content length headers. By sending specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information. \n \n**CVSS Base Score:** 5 \n**CVSS Temporal Score:** See [](<https://exchange.xforce.ibmcloud.com/vulnerabilities/93369>)<https://exchange.xforce.ibmcloud.com/vulnerabilities/93369> for more information \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:L/Au:N/C:P/I:N/A:N) \n \n \n**CVE-ID:** [CVE-2014-0119](<https://vulners.com/cve/CVE-2014-0119>) \n \n**Description:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the replacement of the XML parsers used to process XSLTs for the default servlet. An attacker could exploit this vulnerability using a specially-crafted application to obtain sensitive information. \n \n**CVSS Base Score:** 5 \n**CVSS Temporal Score:** See [](<https://exchange.xforce.ibmcloud.com/vulnerabilities/93368>)<https://exchange.xforce.ibmcloud.com/vulnerabilities/93368> for more information \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:L/Au:N/C:P/I:N/A:N) \n\n## Affected Products and Versions\n\nIBM UrbanCode Deploy 6.0, 6.0.1, 6.0.1.1, 6.0.1.2, 6.0.1.3, 6.0.1.4, 6.0.1.5, 6.1, 6.1.0.1 and 6.1.0.2 on all supported platforms.\n\n## Remediation/Fixes\n\nFor affected versions of IBM UrbanCode Deploy 6.1, upgrade to [IBM UrbanCode Deploy Interim Fix 1 for 6.1.0.2](<http://www.ibm.com/support/docview.wss?uid=swg24038296>) or later. \n \nFor affected versions of IBM UrbanCode Deploy 6.0, upgrade to [IBM UrbanCode Deploy Fix Pack 6 (6.0.1.6) for 6.0.1](<http://www.ibm.com/support/docview.wss?uid=swg24038295>) or later.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-17T22:31:52", "type": "ibm", "title": "Security Bulletin: Apache Tomcat Vulnerabilities in IBM UrbanCode Deploy (CVE-2014-0075,CVE-2014-0095,CVE-2014-0096,CVE-2014-0099,CVE-2014-0119)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0075", "CVE-2014-0095", "CVE-2014-0096", "CVE-2014-0099", "CVE-2014-0119"], "modified": "2018-06-17T22:31:52", "id": "AD8E660250C2C89BB2D58BF124515BD0BFFA5E94B9B8B65817709BA231BB81C4", "href": "https://www.ibm.com/support/pages/node/248423", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T01:47:25", "description": "## Summary\n\nTivoli Netcool Service Quality Manager is affected by the Open Source Apache Tomcat vulnerabilities.\n\n## Vulnerability Details\n\n**CVE ID:** [_CVE-2014-0075_](<https://vulners.com/cve/CVE-2014-0075>), [_CVE-2014-0095_](<https://vulners.com/cve/CVE-2014-0095>), [_CVE-2014-0096_](<https://vulners.com/cve/CVE-2014-0096>), [_CVE-2014-0099_](<https://vulners.com/cve/CVE-2014-0099>), [_CVE-2014-0119_](<https://vulners.com/cve/CVE-2014-0119>) \n \n**DESCRIPTION: ** \nTivoli Netcool Service Quality Manager is affected by a problem with the handling of certain malformed request headers. The implementation can, under specific conditions, cause denial of service or access to the application memory. \n \nThis issue can affect the availability or confidentiality of the system. This vulnerability can be remotely exploited, authentication is not required and the exploit is moderately complex. \n \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93365> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:C)\n\n## Affected Products and Versions\n\nTivoli Netcool Service Quality Manager 4.1.4.\n\n## Remediation/Fixes\n\nIBM has provided patches for all affected versions. Follow the installation instructions in the README files included with the patch. \n \nThe interim fix 4.1.4-TIV-TNSQM-IF0017 could be downloaded from the IBM Fix Central site: \n[](<http://www-933.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=4.1.4-TIV-TNSQM-IF0019>) \n[_http://www-933.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=4.1.4-TIV-_](<http://www-933.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=4.1.4-TIV-TNSQM-IF0019>) \n[_NSQM-IF0019_](<http://www-933.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=4.1.4-TIV-TNSQM-IF0019>)\n\n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {}, "published": "2018-06-17T14:47:05", "type": "ibm", "title": "Security Bulletin: Tivoli Netcool Service Quality Manager is affected by the Open Source Tomcat vulnerabilities (CVE-2014-0075 CVE-2014-0095 CVE-2014-0096 CVE-2014-0099 CVE-2014-0119)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0075", "CVE-2014-0095", "CVE-2014-0096", "CVE-2014-0099", "CVE-2014-0119"], "modified": "2018-06-17T14:47:05", "id": "A58C823EBA17BCA1EF2E03A022AD459615777F04304CD5155A2E49671A228600", "href": "https://www.ibm.com/support/pages/node/247887", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T01:49:06", "description": "## Summary\n\nThis security bulletin is a notice of security vulnerabilities in IBM Runtime Environment, Java Technology Edition and Apache Tomcat server which impacts IBM Rational Directory Server 5.2.x, 5.1.1.x and Rational Directory Administrator 6.x.\n\n## Vulnerability Details\n\n| **Subscribe to My Notifications to be notified of important product support alerts like this.**\n\n * Follow [this link](<https://www.ibm.com/systems/support/myview/subscription/css.wss/subscriptions?methodName=startSearchToSubscribe&uctug_rational_dcfsbblurb_2013-11-05_myn_adoption_promo>) for more information (requires login with your IBM ID) \n---|--- \n \n \n**CVEID: **[_CVE-2014-4263_](<https://vulners.com/cve/CVE-2014-4263>) \n**Description: **An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \n \n**CVSS Base Score:** 4 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94606> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n \n \n**CVE-ID:** [_CVE-2014-0075_](<https://vulners.com/cve/CVE-2014-0075>) \n**Description: **Apache Tomcat is vulnerable to a denial of service, caused by the improper handling of a malformed chunk size as part of a chucked request. A remote attacker could exploit this vulnerability to cause a denial of service. \n \n**CVSS Base Score: **5 \n**CVSS Temporal Score: **See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93365> for more information \n**CVSS Environmental Score*: **Undefined \n**CVSS Vector: **(AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n \n**CVE-ID: **[_CVE-2014-0096_](<https://vulners.com/cve/CVE-2014-0096>) \n**Description: **Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection (XXE) error when processing XML data by the default server. By sending specially-crafted XML data, an attacker could exploit this vulnerability to obtain sensitive information. \n \n**CVSS Base Score: **4.3 \n**CVSS Temporal Score: **See<https://exchange.xforce.ibmcloud.com/vulnerabilities/93367> for more information \n**CVSS Environmental Score*: **Undefined \n**CVSS Vector: **(AV:N/AC:M/Au:N/C:P/I:N/A:N) \n \n \n**CVE-ID: **[_CVE-2014-0099_](<https://vulners.com/cve/CVE-2014-0099>) \n**Description: **Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the failure to check for overflows when parsing content length headers. By sending specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information. \n \n**CVSS Base Score: **5 \n**CVSS Temporal Score: **See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93369> for more information \n**CVSS Environmental Score*: **Undefined \n**CVSS Vector: **(AV:N/AC:L/Au:N/C:P/I:N/A:N) \n \n \n**CVE-ID: **[_CVE-2014-0119_](<https://vulners.com/cve/CVE-2014-0119>) \n**Description: **Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the replacement of the XML parsers used to process XSLTs for the default servlet. An attacker could exploit this vulnerability using a specially-crafted application to obtain sensitive information. \n \n**CVSS Base Score: **5 \n**CVSS Temporal Score: **See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93368> for more information \n**CVSS Environmental Score*: **Undefined \n**CVSS Vector: **(AV:N/AC:L/Au:N/C:P/I:N/A:N) \n\n## Affected Products and Versions\n\n**Product**\n\n| **Version** \n---|--- \nRational Directory Server (Tivoli) | 5.2 - 5.2.1_iFix003 \nRational Directory Server (Apache)| 5.1.1 - 5.1.1.2_iFix004 \nRational Directory Administrator| 6.0 and 6.0.0.1 \n \n## Remediation/Fixes\n\nUpgrade to one of the following releases: \n \n\n\n**Product**| **Download link** \n---|--- \nIBM Rational Directory Server 5.2 (Tivoli)| [_RDS 5.2.1 iFix004_](<http://www.ibm.com/support/docview.wss?uid=swg24038408>) \nIBM Rational Directory Server 5.1.1 (Apache)| [_RDS 5.1.1.2 iFix005_](<http://www.ibm.com/support/docview.wss?uid=swg24038401>) \nIBM Rational Directory Administrator 6.0 or 6.0.0.1| [_RDA 6.0.0.1 iFix001_](<http://www.ibm.com/support/docview.wss?uid=swg24038409>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-17T04:57:15", "type": "ibm", "title": "Security Bulletin: Rational Directory Server and Rational Directory Administrator can be affected by vulnerabilities (CVE-2014-4263, CVE-2014-0075, CVE-2014-0096, CVE-2014-0099 and CVE-2014-0119)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0075", "CVE-2014-0096", "CVE-2014-0099", "CVE-2014-0119", "CVE-2014-4263"], "modified": "2018-06-17T04:57:15", "id": "527C030C003106EDF08727B98AC10682E8DE0D0F67A43A4BBB5A977ECA249116", "href": "https://www.ibm.com/support/pages/node/251137", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T01:44:42", "description": "## Summary\n\nPrevious releases of IBM UrbanCode Release are affected by vulnerabilities in Apache Tomcat that may allow remote attackers to influence the availability of the server or obtain sensitive information.\n\n## Vulnerability Details\n\n| **Subscribe to My Notifications to be notified of important product support alerts like this.**\n\n * Follow [this link](<https://www.ibm.com/systems/support/myview/subscription/css.wss/subscriptions?methodName=startSearchToSubscribe&uctug_rational_dcfsbblurb_2013-11-05_myn_adoption_promo>) for more information (requires login with your IBM ID) \n---|--- \n \n \n**CVE-ID:** [CVE-2014-0075](<https://vulners.com/cve/CVE-2014-0075>) \n \n**Description:** Apache Tomcat is vulnerable to a denial of service, caused by the improper handling of a malformed chunk size as part of a chucked request. A remote attacker could exploit this vulnerability to cause a denial of service. \n \n**CVSS Base Score:** 5 \n**CVSS Temporal Score:** See [](<https://exchange.xforce.ibmcloud.com/vulnerabilities/93365>)<https://exchange.xforce.ibmcloud.com/vulnerabilities/93365> for more information \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n \n**CVE-ID:** [CVE-2014-0095](<https://vulners.com/cve/CVE-2014-0095>) \n \n**Description:** Apache Tomcat is vulnerable to a denial of service, caused by the improper handling of an AJP request. A remote attacker could exploit this vulnerability to consume a request processing thread and cause a denial of service. \n \n**CVSS Base Score:** 4.3 \n**CVSS Temporal Score:** See [](<https://exchange.xforce.ibmcloud.com/vulnerabilities/93366>)<https://exchange.xforce.ibmcloud.com/vulnerabilities/93366> for more information \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:M/Au:N/C:N/I:N/A:P) \n \n \n**CVE-ID:** [CVE-2014-0096](<https://vulners.com/cve/CVE-2014-0096>) \n \n**Description:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection (XXE) error when processing XML data by the default server. By sending specially-crafted XML data, an attacker could exploit this vulnerability to obtain sensitive information. \n \n**CVSS Base Score:** 4.3 \n**CVSS Temporal Score:** See [](<https://exchange.xforce.ibmcloud.com/vulnerabilities/93367>)<https://exchange.xforce.ibmcloud.com/vulnerabilities/93367> for more information \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n \n \n**CVE-ID:** [CVE-2014-0099](<https://vulners.com/cve/CVE-2014-0099>) \n \n**Description:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the failure to check for overflows when parsing content length headers. By sending specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information. \n \n**CVSS Base Score:** 5 \n**CVSS Temporal Score:** See [](<https://exchange.xforce.ibmcloud.com/vulnerabilities/93369>)<https://exchange.xforce.ibmcloud.com/vulnerabilities/93369> for more information \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:L/Au:N/C:P/I:N/A:N) \n \n \n**CVE-ID:** [CVE-2014-0119](<https://vulners.com/cve/CVE-2014-0119>) \n \n**Description:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the replacement of the XML parsers used to process XSLTs for the default servlet. An attacker could exploit this vulnerability using a specially-crafted application to obtain sensitive information. \n \n**CVSS Base Score:** 5 \n**CVSS Temporal Score:** See [](<https://exchange.xforce.ibmcloud.com/vulnerabilities/93368>)<https://exchange.xforce.ibmcloud.com/vulnerabilities/93368> for more information \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:L/Au:N/C:P/I:N/A:N) \n\n## Affected Products and Versions\n\nIBM UrbanCode Release v6.0, v6.0.0.1, v6.0.1, v6.0.1.1, v6.0.1.2, v6.0.1.3, v6.0.1.4, and v6.1 on all supported platforms.\n\n## Remediation/Fixes\n\nFor affected version 6.1 of IBM UrbanCode Release, upgrade to [_IBM UrbanCode Release version 6.1.0.1_](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?product=ibm/Rational/UrbanCode+Release&release=All&platform=All&function=fixId&fixids=6.1.0.1-UrbanCode-Release&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) or later. For all versions of 6.0 install [IBM UrbanCode Release version 6.0.1.4.ifix01](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?product=ibm/Rational/UrbanCode+Release&release=All&platform=All&function=fixId&fixids=6.0.1.4-UrbanCode-Release-ifix-001&includeRequisites=1&includeSupersedes=0&downloadMethod=http>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-17T22:31:52", "type": "ibm", "title": "Security Bulletin: Apache Tomcat Vulnerabilities in IBM UrbanCode Release (CVE-2014-0075,CVE-2014-0095,CVE-2014-0096,CVE-2014-0099,CVE-2014-0119)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0075", "CVE-2014-0095", "CVE-2014-0096", "CVE-2014-0099", "CVE-2014-0119"], "modified": "2018-06-17T22:31:52", "id": "5BBDE78129FEC8626D9A3FA259F12B0C48A3E43B97DC04EDCAF9F91129AA8643", "href": "https://www.ibm.com/support/pages/node/247487", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T01:55:17", "description": "## Summary\n\nSecurity vulnerabilities exist in Apache Tomcat May 2014 X-Force Report that is shipped with IBM WebSphere Application Server Community Edition 2.1.1.6 and 3.0.0.4\n\n## Vulnerability Details\n\n**CVE ID: **[**CVE-2014-0075**](<https://vulners.com/cve/CVE-2014-0075>)\n\n**DESCRIPTION:** Apache Tomcat is vulnerable to a denial of service, caused by the improper handling of a malformed chunk size as part of a chunked request. A remote attacker could exploit this vulnerability to cause a denial of service.\n\n**CVSS:**\n\n**CVSS Base Score:** 5\n\n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93365> for the current score \n\n**CVSS Environmental Score*:** Undefined\n\n**CVSS Vector:** (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n \n \n**CVE ID: **[**CVE-2014-0096**](<https://vulners.com/cve/CVE-2014-0096>)\n\n**DESCRIPTION:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection (XXE) error when processing XML data by the default server. By sending specially-crafted XML data, an attacker could exploit this vulnerability to obtain sensitive information.\n\n**CVSS:**\n\n**CVSS Base Score:** 4.3\n\n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93367> for the current score \n\n**CVSS Environmental Score*:** Undefined\n\n**CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)**\n\n \n \n**CVE ID: **[**CVE-2014-0119**](<https://vulners.com/cve/CVE-2014-0119>)\n\n**DESCRIPTION:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the replacement of the XML parsers used to process XSLTs for the default servlet. An attacker could exploit this vulnerability using a specially-crafted application to obtain sensitive information.\n\n**CVSS:**\n\n**CVSS Base Score:** 5\n\n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93368> for the current score \n\n**CVSS Environmental Score*:** Undefined\n\n**CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)**\n\n## Affected Products and Versions\n\nWebSphere Application Server Community Edition 2.1.1.6 \nWebSphere Application Server Community Edition 3.0.0.4\n\n## Remediation/Fixes\n\nPlease follow the instruction below. \n\n**WASCE 2.1.1.6**\n\n1.Please download the patch file.![patchFor2.1.1.6.zip](/support/pages/system/files/support/swg/swgtech.nsf/0/0012fbac0a5124f285257d6d00122ae3/RemediationFixes/0.12E.gif)patchFor2.1.1.6.zip\n\n2.Unzip the attached file into the WebSphere Application Server Community Edition installation directory, and ensure the files listed in the zip file replace the ones in the server installation directory.\n\n3.Start WASCE 2.1.1.6 server.\n\n**WASCE 3.0.0.4**\n\n1.Please download the patch file.![patchFor3.0.0.4.zip](/support/pages/system/files/support/swg/swgtech.nsf/0/0012fbac0a5124f285257d6d00122ae3/RemediationFixes/0.85A.gif)patchFor3.0.0.4.zip\n\n2.Unzip the attached file into the WebSphere Application Server Community Edition installation directory, and ensure the files listed in the zip file replace the ones in the server installation directory.\n\n3.Start WASCE 3.0.0.4 server with the cache cleaned, for example,\n\n**Window**\n\n \n<WAS_CE_HOME>\\bin\\startup -c \n**Unix/Linux** \n<WAS_CE_HOME>/bin/startup.sh -c \n\n## ", "cvss3": {}, "published": "2018-06-15T07:01:50", "type": "ibm", "title": "Security Bulletin: Security vulnerabilities in Apache Tomcat for WebSphere Application Server Community Edition 2.1.1.6 and 3.0.0.4\uff08CVE-2014-0075, CVE-2014-0096 and CVE-2014-0119\uff09", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0075", "CVE-2014-0096", "CVE-2014-0119"], "modified": "2018-06-15T07:01:50", "id": "1B6B6F798AFCB29081D407FF7387CA748CFEEF00BC950E79BD8FDF3533DED480", "href": "https://www.ibm.com/support/pages/node/254871", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-24T06:15:23", "description": "## Summary\n\nTomcat is used by Power Hardware Management Console (HMC). HMC has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n \n**CVEID**: [_CVE-2013-4444_](<https://vulners.com/cve/CVE-2013-4444>) \n**Description**: Apache Tomcat could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions by the File Upload feature. By sending a specially-crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious JSP, which could allow the attacker to execute arbitrary JSP code on the vulnerable system. \nCVSS Base Score: 6.0 \nCVSS Temporal Score: [_http://xforce.iss.net/xforce/xfdb/95876_](<http://xforce.iss.net/xforce/xfdb/95876>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:P) \n \n**CVEID**: [_CVE-2014-0075_](<https://vulners.com/cve/CVE-2014-0075>) \n**Description**: Apache Tomcat is vulnerable to a denial of service, caused by the improper handling of a malformed chunk size as part of a chunked request. A remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/93365_](<http://xforce.iss.net/xforce/xfdb/93365>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n**CVEID**: [_CVE-2014-0095_](<https://vulners.com/cve/CVE-2014-0095>) \n**Description**: Apache Tomcat is vulnerable to a denial of service, caused by the improper handling of an AJP request. A remote attacker could exploit this vulnerability to consume a request processing thread and cause a denial of service. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/93366_](<http://xforce.iss.net/xforce/xfdb/93366>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P) \n \n**CVEID**: [_CVE-2014-0096_](<https://vulners.com/cve/CVE-2014-0096>) \n**Description**: Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection (XXE) error when processing XML data by the default server. By sending specially-crafted XML data, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/93367_](<http://xforce.iss.net/xforce/xfdb/93367>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n \n**CVEID**: [_CVE-2014-0099_](<https://vulners.com/cve/CVE-2014-0099>) \n**Description**: Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the failure to check for overflows when parsing content length headers. By sending specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/93369_](<http://xforce.iss.net/xforce/xfdb/93369>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) \n \n**CVEID**: [_CVE-2014-0119_](<https://vulners.com/cve/CVE-2014-0119>) \n**Description**: Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the replacement of the XML parsers used to process XSLTs for the default servlet. An attacker could exploit this vulnerability using a specially-crafted application to obtain sensitive information. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/93368_](<http://xforce.iss.net/xforce/xfdb/93368>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) \n \n**CVEID**: [_CVE-2014-0227_](<https://vulners.com/cve/CVE-2014-0227>) \n**Description**: Apache Tomcat is vulnerable to HTTP request smuggling. A remote attacker could send a specially-crafted request in a malformed chunked header to the Web server to cause multiple processing conflicts on the servers. An attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base Score: 4.300 \nCVSS Temporal Score: [_http://xforce.iss.net/xforce/xfdb/100751_](<http://xforce.iss.net/xforce/xfdb/100751>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n**CVE****-ID**:** **[_CVE-2014-0230_](<https://vulners.com/cve/CVE-2014-0230>)** ** \n**Description**: Apache Tomcat is vulnerable to a denial of service, caused by an error when uploading files. An attacker could exploit this vulnerability to consume all available memory resources. \nCVSS Base Score: 5.000 \nCVSS Temporal Score: [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102131_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102131>) for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n## Affected Products and Versions\n\nPower HMC V7.7.3.0 \nPower HMC V7.7.8.0 \nPower HMC V7.7.9.0 \nPower HMC V8.1.0.0 \nPower HMC V8.2.0.0\n\n## Remediation/Fixes\n\nThe Following fixes are available on IBM Fix Central at <http://www-933.ibm.com/support/fixcentral/>\n\n**Product**| **VRMF**| **APAR**| **Remediation/First Fix** \n---|---|---|--- \nPower HMC| V7.7.3.0 SP7| MB03905| Apply eFix MH01517 \nPower HMC| V7.7.8.0 SP2| MB03906| Apply eFix MH01518 \nPower HMC| V7.7.9.0 SP2| MB03907| Apply eFix MH01519 \nPower HMC| V8.8.1.0| MB03834| Apply Service Pack MH01452 (SP2) \nPower HMC| V8.8.2.0 SP1| MB03910| Apply eFix MH01521 \n \n**Note**: \n1\\. For unsupported releases IBM recommends upgrading to a fixed, supported release of the product. \n2\\. After applying the PTF, you should restart the HMC. \n3\\. HMC V7.7.3 support is extended only for managing the Power 775 (9125-F2C) also called \"PERCS\" and \"IH\". End Of Service date for managing all other server models was 2013.05.31. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2021-09-23T01:31:39", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Tomcat affect Power Hardware Management Console (CVE-2013-4444, CVE-2014-0075, CVE-2014-0095, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119, CVE-2014-0227)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4444", "CVE-2014-0075", "CVE-2014-0095", "CVE-2014-0096", "CVE-2014-0099", "CVE-2014-0119", "CVE-2014-0227", "CVE-2014-0230"], "modified": "2021-09-23T01:31:39", "id": "941BE6546248546895E985D918A392B54ED0C65B26F1D77CFD98B3C980077115", "href": "https://www.ibm.com/support/pages/node/646257", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-12-08T02:32:38", "description": "## Summary\n\nApache Commons HttpClient 3.x (and few others) used do not verify the server hostname in the subject Common Name (CN) and allows Man-In-The-Middle (MITM) attack \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2012-5783](<https://vulners.com/cve/CVE-2012-5783>) \n** DESCRIPTION: **Apache Commons HttpClient, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate. By persuading a victim to visit a Web site containing a specially-crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/79984](<https://exchange.xforce.ibmcloud.com/vulnerabilities/79984>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2014-3577](<https://vulners.com/cve/CVE-2014-3577>) \n** DESCRIPTION: **Apache HttpComponents could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain name in the Subject's Common Name (CN) or SubjectAltName field of certificates. By persuading a victim to visit a Web site containing a specially-crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/95327](<https://exchange.xforce.ibmcloud.com/vulnerabilities/95327>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2012-6153](<https://vulners.com/cve/CVE-2012-6153>) \n** DESCRIPTION: **Apache HttpComponents could allow a remote attacker to conduct spoofing attacks, caused by an incomplete fix related to the failure to verify that the server hostname matches a domain name in the Subject's Common Name (CN) or SubjectAltName field of certificates. By persuading a victim to visit a Web site containing a specially-crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/95328](<https://exchange.xforce.ibmcloud.com/vulnerabilities/95328>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2015-5262](<https://vulners.com/cve/CVE-2015-5262>) \n** DESCRIPTION: **Apache Commons is vulnerable to a denial of service, caused by the failure to apply a configured connection during the initial handshake of an HTTPS connection by the HttpClient component. An attacker could exploit this vulnerability to accumulate multiple connections and exhaust all available resources. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/106932](<https://exchange.xforce.ibmcloud.com/vulnerabilities/106932>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Control Desk| IBM Control Desk 7.6.x \nIBM SmartCloud Control Desk| 7.5.X \n \n\n\n## Remediation/Fixes\n\nTo fix the vulnerability related to Apache CommonsHttpClient, an alternate package from different provider under Apache have been used. \nNew commons-httpclient jar will mitigate existing vulnerabilities.\n\n## Workarounds and Mitigations\n\nNew commons-httpclient jar is used from a different provider under Apache.\n\n## ", "cvss3": {}, "published": "2022-12-12T13:16:13", "type": "ibm", "title": "Security Bulletin: Apache Commons HttpClient 3.x (and few others) allow Man-In-The-Middle (MITM) attack", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5783", "CVE-2012-6153", "CVE-2014-3577", "CVE-2015-5262"], "modified": "2022-12-12T13:16:13", "id": "1F7A45CD4D73686FA6C9591207830D1B405EB9704E1C5F2BE5F439A0FE018D74", "href": "https://www.ibm.com/support/pages/node/6847289", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-23T21:49:05", "description": "## Summary\n\nPublic disclosed vulnerabilities from Apache HttpComponents affects IBM Spectrum LSF: CVE-2012-6153, CVE-2014-3577\n\n## Vulnerability Details\n\nBrief Description: Apache HttpComponents CN spoofing \nCVE-ID: CVE-2012-6153 \nDescription: Apache HttpComponents could allow a remote attacker to conduct spoofing attacks, caused by an incomplete fix related to the failure to verify that the server hostname matches a domain name in the Subject's Common Name (CN) or SubjectAltName field of certificates. By persuading a victim to visit a Web site containing a specially-crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/95328 for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\nBrief Description: Apache HttpComponents certificate spoofing \nCVE-ID: CVE-2014-3577 \nDescription: Apache HttpComponents could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain name in the Subject's Common Name (CN) or SubjectAltName field of certificates. By persuading a victim to visit a Web site containing a specially-crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/95327 for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE: CVE-2012-6153 \nCVE-2014-3577 \nReported CVSS: 4.300000190734863 IBM CVSS: 4.300000190734863 CVSS Detail: See full text\n\n## Affected Products and Versions\n\nIBM Spectrum LSF 10.0.0.4 \nIBM Spectrum LSF 10.0.0.5 \nIBM Spectrum LSF 10.0.0.6 \nIBM Spectrum LSF 10.0.0.7 \n\n\n## Remediation/Fixes\n\n**Product**\n\n| \n\n**VRMF**\n\n| \n\n**APAR**\n\n| \n\n**Remediation / First Fix** \n \n---|---|---|--- \n \nLSF\n\n| \n\n10.1.0.4\n\n| \n\nNone\n\n| \n\nSee fix below \n \nLSF\n\n| \n\n10.1.0.5\n\n| \n\nNone\n\n| \n\nSee fix below \n \nLSF\n\n| \n\n10.1.0.6\n\n| \n\nNone\n\n| \n\nSee fix below \n \nLSF\n\n| \n\n10.1.0.7\n\n| \n\nNone\n\n| \n\nSee fix below \n \nDownload Fix 512358 from the following location: \n[http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+LSF&release=All&platform=All&function=fixId&fixids=lsf-10.1-build512358&includeSupersedes=0](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+LSF&release=All&platform=All&function=fixId&fixids=lsf-10.1-build512358&includeSupersedes=0>)\n\n1) Go to the patch install directory: cd $LSF_ENVDIR/../10.1/install/\n\n2) Copy the patch file to the install directory $LSF_ENVDIR/../10.1/install/\n\n3) Run patchinstall: ./patchinstall <patch>\n\n4) Run \"badmin mbdrestart\"\n\n## ", "cvss3": {}, "published": "2019-03-01T14:10:02", "type": "ibm", "title": "Security Bulletin: Public disclosed vulnerabilities from Apache HttpComponents affects IBM Spectrum LSF", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-6153", "CVE-2014-3577"], "modified": "2019-03-01T14:10:02", "id": "E305911F48B8615A61C080463D2FB319AA8513550446D28BC525EFF4F078588F", "href": "https://www.ibm.com/support/pages/node/874272", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T01:54:43", "description": "## Summary\n\nThere are two vulnerabilities in Apache HTTPComponents that are used in IBM WebSphere Application Server. Although IBM WebSphere Application server is not vulnerable to these, other products or applications that use these libraries could be vulnerable. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2012-6153_](<https://vulners.com/cve/CVE-2012-6153>)** \nDESCRIPTION:** Apache HttpComponents could allow a remote attacker to conduct spoofing attacks, caused by an incomplete fix related to the failure to verify that the server hostname matches a domain name in the Subject's Common Name (CN) or SubjectAltName field of certificates. By persuading a victim to visit a Web site containing a specially-crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/95328_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/95328>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n\n**CVEID:** [_CVE-2014-3577_](<https://vulners.com/cve/CVE-2014-3577>)** \nDESCRIPTION:** Apache HttpComponents could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain name in the Subject's Common Name (CN) or SubjectAltName field of certificates. By persuading a victim to visit a Web site containing a specially-crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/95327_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/95327>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n## Affected Products and Versions\n\nThese vulnerabilities affect the following versions and releases of IBM WebSphere Application Server \n\n * Version 8.5.5 Full Profile\n * Version 8.5 Full Profile\n * Version 8.0 \n\n## Remediation/Fixes\n\nThe interim fix for this issue hides the Apache HttpComponents from being visible to other products or applications. This is a change back to the original behavior in releases prior to Version 8. If you install the interim fix or the fixpack containing this APAR you may notice a change if your application is relying on the HttpComponents shipped by WebSphere Application Server. \nIf you see a NoClassDefFoundError observed after applying the fix, it is because the API in HttpComponents libraries are no longer visible to your application. \nTo resolve this error, your application may need to be updated to add the HttpComponents library into your application. Please refer to the Apache website for information and download: [Apache HttpComponents](<http://hc.apache.org/>) \n \n \nThe recommended solution is to apply the interim fix, Fix Pack or PTF containing APAR PI50993 for each named product as soon as practical. \n** \n \nFor WebSphere Application Server:** ** \nFor V8.5.0.0 through 8.5.5.8 Full Profile:** \n\u00b7 Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix [PI50993](<http://www-01.ibm.com/support/docview.wss?uid=swg24041394>)\n\n\\--OR-- \n\u00b7 Apply Fix Pack 8.5.5.9 or later. \n\n \n\n\n**For V8.0 through 8.0.0.11:** \n\u00b7 Upgrade to a minimal fix pack levels as required by interim fix and then apply Interim Fix [PI50993](<http://www-01.ibm.com/support/docview.wss?uid=swg24041394>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24040613>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24039197>)\n\n\\--OR-- \n\u00b7 Apply Fix Pack 8.0.0.12 or later. \n\n## Workarounds and Mitigations\n\nnone\n\n## ", "cvss3": {}, "published": "2018-06-15T07:03:46", "type": "ibm", "title": "Security Bulletin: Apache HTTPComponents vulnerabilities in WebSphere Application Server (CVE-2012-6153, CVE-2014-3577)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-6153", "CVE-2014-3577"], "modified": "2018-06-15T07:03:46", "id": "CAFB095B3406AF2192C514E1DCBD9BDB8E1617F8C1D2D8B7AF74C17E99F59356", "href": "https://www.ibm.com/support/pages/node/269435", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T05:47:57", "description": "## Summary\n\nApache HttpComponents that are vulnerable to spoofing attacks are affecting Case Manager Client.\n\n## Vulnerability Details\n\n \nApache HttpComponents that are being utilized by the Forms widget in Case Manager Client when you are working with IBM Forms are vulnerable to spoofing attacks. \n \n**CVEID:** [_CVE-2012-6153_](<https://vulners.com/cve/CVE-2012-6153>) \n** \nDESCRIPTION:** Apache HttpComponents could allow a remote attacker to conduct spoofing attacks, caused by an incomplete fix related to the failure to verify that the server hostname matches a domain name in the Subject's Common Name (CN) or SubjectAltName field of certificates. By persuading a victim to visit a Web site containing a specially-crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server. \n \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/95328_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/95328>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n\n\n**CVEID:** [_CVE-2014-3577_](<https://vulners.com/cve/CVE-2014-3577>)\n\n**DESCRIPTION:** Apache HttpComponents could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain name in the Subject's Common Name (CN) or SubjectAltName field of certificates. By persuading a victim to visit a Web site containing a specially-crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server.\n\nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/95327_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/95327>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n## Affected Products and Versions\n\nIBM Case Manager 5.1.1.0 - 5.1.1.2 \nIBM Case Manager 5.2.0.0 - 5.2.0.3 \nIBM Case Manager 5.2.1.0 - 5.2.1.2\n\n## Remediation/Fixes\n\n**_Product_**\n\n| \n\n**_VRMF_**\n\n| \n\n**_APAR_**\n\n| \n\n**_Remediation/First Fix_** \n \n---|---|---|--- \n_IBM Case Manager_| _5.2.1.3-FP003_| _PJ43827_| [_5.2.1.3-ICM-FP003_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Enterprise%2BContent%2BManagement&product=ibm/Information+Management/Case+Manager&release=5.2.1.0&platform=All&function=all>) \n_or later versions_ \n_IBM Case Manager_| _5.2.0.4-FP004_| _PJ44167_| [_5.2.0.4-ICM-FP004_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Enterprise%2BContent%2BManagement&product=ibm/Information+Management/Case+Manager&release=5.2.1.0&platform=All&function=all>) \n_or later versions_ \n_IBM Case Manager_| _5.1.1.3-IF002_| _PJ43886_| [_5.1.1.3-ICM-IF002_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Enterprise%2BContent%2BManagement&product=ibm/Information+Management/Case+Manager&release=5.2.1.0&platform=All&function=all>) \n_or later versions_ \n \nIBM Forms APAR LO85829 - <http://www.ibm.com/support/docview.wss?uid=swg21961713> \n \nIBM WebSphere APAR PI50993 - <http://www.ibm.com/support/docview.wss?uid=swg24041394> \n \nFor the complete fix, all of the above components need to be patched accordingly. \n\n## ", "cvss3": {}, "published": "2018-06-17T12:12:04", "type": "ibm", "title": "Security Bulletin: Apache HttpComponents vulnerable to spoofing attacks are affecting Case Manager Client (CVE-2012-6153, CVE-2014-3577)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-6153", "CVE-2014-3577"], "modified": "2018-06-17T12:12:04", "id": "01E57EA4FD7356FB5E72935EEB154521615A9345224BEDE9B60CA47FD8E5D4E3", "href": "https://www.ibm.com/support/pages/node/535791", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T01:52:02", "description": "## Summary\n\nApache HttpComponents vulnerabilities while verifying certificates was addressed by IBM InfoSphere Information Server.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2012-6153_](<https://vulners.com/cve/CVE-2012-6153>) \n**DESCRIPTION:** Apache HttpComponents could allow a remote attacker to conduct spoofing attacks, caused by an incomplete fix related to the failure to verify that the server hostname matches a domain name in the Subject's Common Name (CN) or SubjectAltName field of certificates. By persuading a victim to visit a Web site containing a specially-crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/95328_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/95328>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n\n\n**CVEID:** [_CVE-2014-3577_](<https://vulners.com/cve/CVE-2014-3577>) \n**DESCRIPTION:** Apache HttpComponents could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain name in the Subject's Common Name (CN) or SubjectAltName field of certificates. By persuading a victim to visit a Web site containing a specially-crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/95327_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/95327>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n## Affected Products and Versions\n\nThe following product, running on all supported platforms, is affected: \nIBM InfoSphere Blueprint Director: versions 8.5, 8.7, 9.1 and 11.3 \nIBM InfoSphere Business Glossary Client for Eclipse: versions 8.5, 8.7, 9.1, 11.3 and 11.5 \nIBM InfoSphere Business Glossary: versions 8.7 and 9.1 \nIBM InfoSphere Data Quality Exception Console: versions 11.3 and 11.5 \nIBM InfoSphere FastTrack: versions 11.3 and 11.5 \nIBM InfoSphere Metadata Asset Manager: versions 8.7 and 9.1 \nIBM InfoSphere Metadata Workbench: versions 8.7 and 9.1 \nIBM InfoSphere Information Governance Catalog: versions 11.3 and 11.5 \nIBM InfoSphere Information Server Manager: versions 8.7, 9.1, 11.3, and 11.5 \nIBM InfoSphere DataStage XML Connector stage: versions 8.5, 8.7 and 9.1 \nIBM InfoSphere DataStage Hierarchical Data stage: versions 11.3 and 11.5 \nIBM InfoSphere DataStage Connectors: versions 8.5, 8.7, 9.1, 11.3 and 11.5 \nIBM ISALite for IBM InfoSphere Information Server: versions 11.3 and 11.5 \nIBM InfoSphere Information Server on Cloud: version 11.5\n\n## Remediation/Fixes\n\n**_Product_**\n\n| **_VRMF_**| **_APAR_**| **_Remediation/First Fix_** \n---|---|---|--- \nInfoSphere Information Server Business Glossary Client for Eclipse, Data Quality Exception Console, FastTrack, Information Governance Catalog, Information Server Manager, DataStage Hierarchical Data stage, Information Server on Cloud, ISALite and various DataStage Connectors| 11.5| [_JR55455_](<http://www.ibm.com/support/docview.wss?uid=swg1JR55455>)| **Install Infosphere Information Server 11.5 **[**_Fix Pack 2_**](<http://www.ibm.com/support/docview.wss?uid=swg22003149>) \n \n**\\--or--** \n \n**If you need to use Information Server 11.5 Fix Pack 1: \n \nRefer to IBM InfoSphere **[**_Governance rollup patch install instructions_**](<http://www-01.ibm.com/support/docview.wss?uid=swg21999429>)** instead of performing the following steps.** \n \n**_Prior Instructions:_** \n\\--Apply IBM InfoSphere Information Server version 11.5 [_Fix Pack 1_](<http://www-01.ibm.com/support/docview.wss?uid=swg24041893>) \n\\--If WebSphere Application Server is at version 8.5.5.9 or later, and ISF rollup patch 3 or later is not currently installed, [_JR55924 _](<http://www-01.ibm.com/support/docview.wss?uid=swg1JR55924>)must be done before installing ISF Rollup 3 or later, as follows: \n\nCopy http*.jar files from C:\\IBM\\WebSphere\\AppServer\\profiles\\InfoSphere\\lib\\iis\\20thirdparty to C:\\IBM\\WebSphere\\AppServer\\profiles\\InfoSphere\\classes -and- <IIS Install>/ASBServer/apps/lib/iis/classes \n\\--Apply [](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is115_JR55455_services_multi>)[_Security Patch_](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is11501_JR55455_merged_services_engine_client_*>): \n\nThis patch contains \n1\\. InfoSphere Information Server Framework Rollup Patch 3 \n2\\. Data Quality Exception Console JR55455 \n3\\. FastTrack JR55455 \n4\\. DataStage Connectors JR55455 \n5\\. Hierarchical Data Stage Connector JR55455 \nIf you have installed any component patch that is newer than any of the above patches, please contact IBM Customer Support for the patches to be installed instead of the patch mentioned above. \\--For import of Amazon S3 assets in InfoSphere Metadata Asset Manager apply [_Security Patch_](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is11501_ccS3_JR55455_engine_multi>) \n \n\\--Apply IBM InfoSphere [_Governance rollup patch_](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=%20is11501_GOV_RU3_services_engine_*>) \n\\--Users of InfoSphere Information Governance Catalog that have turned ON runtime metadata delivery: \n\nApply InfoSphere DataStage [_Security patch_](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is11501_JR55455_dscore_server_*>) \n\\--Download and install the latest version of [_ISALite_](<http://www.ibm.com/support/docview.wss?uid=swg24022700>) \n \n\\--Cleanup the cache used by Information Server Manager and istool. See [TechNote 1995586](<http://www.ibm.com/support/docview.wss?uid=swg21995586>) for details. \n \n\\--InfoSphere Information Server Manager usage: \n\nOn each Windows client tier installation \nClose all instances of InfoSphere Information Server Manager (ISM). \nIn the directory \nC:\\IBM\\InformationServer\\Clients\\istools\\manager\\plugins remove the following jars org.apache.commons.codec_1.3.0.v20100518-1140.jar \norg.apache.commons.httpclient_3.1.0.v201005080502.jar \norg.apache.commons.logging_1.0.4.v201005080501.jar \nInfoSphere Information Server Blueprint Director, Business Glossary Client for Eclipse, Data Quality Exception Console, FastTrack, Information Governance Catalog, Information Server Manager, DataStage Hierarchical Data stage, ISALite and various DataStage Connectors| 11.3| [_JR55455_](<http://www.ibm.com/support/docview.wss?uid=swg1JR55455>)| \\--Apply IBM InfoSphere Information Server version [_11.3.1.2 _](<http://www-01.ibm.com/support/docview.wss?uid=swg24040138>) \n\\--If WebSphere Application Server is at version 8.5.5.9 or later, and ISF rollup patch 5 or later is not currently installed, [_JR55924 _](<http://www-01.ibm.com/support/docview.wss?uid=swg1JR55924>)must be done before installing ISF Rollup 5 or later, as follows: \n\nCopy http*.jar files from C:\\IBM\\WebSphere\\AppServer\\profiles\\InfoSphere\\lib\\iis\\20thirdparty to C:\\IBM\\WebSphere\\AppServer\\profiles\\InfoSphere\\classes -and- <IIS Install>/ASBServer/apps/lib/iis/classes \n\\--Apply [](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is113_JR55455_services_multi>)[_Security Patch_](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is11312_JR55455_merged_services_engine_client_*>): \n\nThis patch contains \n1\\. InfoSphere Information Server Framework Rollup Patch 5 \n2\\. Data Quality Exception Console JR55455 \n3\\. FastTrack JR55455 \n4\\. DataStage Connectors JR55455 \n5\\. Hierarchical Data Stage Connector JR55455 \n \nIf you have installed any component patch that is newer than any of the above patches, please contact IBM Customer Support for the patches to be installed instead of the patch mentioned above. \\--For import of Amazon S3 assets in InfoSphere Metadata Asset Manager apply [_Security Patch_](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is11312_ccS3_JR55455_engine_multi>) \n \n\\--For IBM InfoSphere Information Governance Catalog, Business Glossary Client for Eclipse and Blueprint Director, apply [_Security patch_](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is11312_IGC_ru23_server_client_multi>) \n\\--Users of InfoSphere Information Governance Catalog that have turned ON runtime metadata delivery: \n\nApply InfoSphere DataStage [_Security patch_](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is11312_JR55455_dscore_server_*>) \n\\--Download and install the latest version of [_ISALite_](<http://www.ibm.com/support/docview.wss?uid=swg24022700>) \n \n\\--Cleanup the cache used by Information Server Manager and istool. See [TechNote 1995586](<http://www.ibm.com/support/docview.wss?uid=swg21995586>) for details. \n \n\\--InfoSphere Information Server Manager usage: \n\nOn each Windows client tier installation \nClose all instances of InfoSphere Information Server Manager (ISM). \nIn the directory \nC:\\IBM\\InformationServer\\Clients\\istools\\manager\\plugins remove the following jars org.apache.commons.codec_1.3.0.v20100518-1140.jar \norg.apache.commons.httpclient_3.1.0.v201005080502.jar \norg.apache.commons.logging_1.0.4.v201005080501.jar \nInfoSphere Information Server Blueprint Director, Business Glossary Client for Eclipse, Business Glossary, Information Server Manager, Metadata Asset Manager, Metadata Workbench, DataStage XML Connector stage, and various DataStage Connectors \n| 9.1| [_JR55455_](<http://www.ibm.com/support/docview.wss?uid=swg1JR55455>)| \\--Apply IBM InfoSphere Information Server version [_9.1.2.0_](<http://www-01.ibm.com/support/docview.wss?uid=swg24035470>) \n\\--Apply IBM InfoSphere Metadata Asset Manager [_Rollup Patch 11_](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is91_ru11_imam_server_client_multi>), and next \n\n\\--Apply IBM InfoSphere Metadata Asset Manager [](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is91_JR55455_IMAM_multi>)[_Security Patch_](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is912_JR55455_imam_services_engine_client_multi>) \n\\--Apply IBM InfoSphere Business Glossary [_Security patch_](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is912_JR56302_BG_server_engine_client_multi>) \n\\--Apply IBM InfoSphere Metadata Workbench [_Security patch_](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is912_JR56302_MWB_server_engine_client_multi>) \n\\--Apply IBM InfoSphere DataStage Connectors [_Security Patch_](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is91_JR55455_CC-Unstructured_engine_multi>) \n\\--Apply IBM InfoSphere DataStage XML Connector [](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is91_JR55455_XMLC_multi>)[_Security Patch_](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is91_JR55455_xml_services_engine_client_multi>)\n\n \n\\--InfoSphere Information Server Manager usage: \n\nOn each Windows client tier installation \nClose all instances of InfoSphere Information Server Manager (ISM). \nIn the directory \nC:\\IBM\\InformationServer\\Clients\\istools\\manager\\plugins remove the following jars: org.apache.commons.codec_1.3.0.v20100518-1140.jar \norg.apache.commons.httpclient_3.1.0.v201005080502.jar \norg.apache.commons.logging_1.0.4.v201005080501.jar \n\\--IBM InfoSphere Business Glossary Client for Eclipse, and \nIBM InfoSphere Blueprint Director usage: \n\nContact IBM Customer Support \nInfoSphere Information Server Blueprint Director, Business Glossary Client for Eclipse, Business Glossary, Information Server Manager, Metadata Asset Manager, Metadata Workbench, and various DataStage Connectors| 8.7| [_JR55455_](<http://www.ibm.com/support/docview.wss?uid=swg1JR55455>)| \\--Contact IBM Customer Support \nInfoSphere Information Server Blueprint Director, Business Glossary Client for Eclipse, DataStage XML Connector stage, and various DataStage Connectors| 8.5| [_JR55455_](<http://www.ibm.com/support/docview.wss?uid=swg1JR55455>)| \\--Contact IBM Customer Support \n \nNote: \n1\\. The same fix may be listed under multiple vulnerabilities. Installing the fix addresses all vulnerabilities to which the fix applies. Also, some fixes require installing both a fix pack and a subsequent patch. The fix pack should be installed first, and any additional patches required should be installed in the order shown. \n2\\. For IBM InfoSphere Information Server versions 8.5 and 8.7, IBM recommends upgrading to a fixed, supported version/release/platform of the product. \n\n**Contact Technical Support:**\n\nIn the United States and Canada dial **1-800-IBM-SERV** \nView the support [_contacts for other countries_](<http://www.ibm.com/planetwide/>) outside of the United States. \nElectronically [_open a Service Request_](<http://www.ibm.com/software/support/probsub.html>) with Information Server Technical Support.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-16T13:40:12", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Apache HttpComponents affect IBM InfoSphere Information Server (CVE-2012-6153 CVE-2014-3577)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-6153", "CVE-2014-3577"], "modified": "2018-06-16T13:40:12", "id": "2941D52E6F881D5993E9C3236CA0451D0293C5A3807E5ADDCD4325AE37D01131", "href": "https://www.ibm.com/support/pages/node/277967", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T01:55:20", "description": "## Summary\n\nThere is a vulnerability in Apache Xalan-Java\u2122 used by Cognos BI Server in IBM Business Monitor.\n\n## Vulnerability Details\n\nFor vulnerability details, see the [Security Bulletin: Cognos BI Server is affected by the following vulnerabilities: CVE-2014-0107, CVE-2014-0075, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119, CVE-2014-0878, CVE-2014-0460](<http://www.ibm.com/support/docview.wss?uid=swg21682740>) document.\n\n## Affected Products and Versions\n\nThis problem affects the following versions of the product: \n\nIBM Business Monitor Version 7.5.x\n\nIBM Business Monitor Version 8.0.1.x\n\n## ", "cvss3": {}, "published": "2018-06-15T07:01:35", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in Cognos BI Server shipped with IBM Business Monitor (CVE-2014-0107)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0075", "CVE-2014-0096", "CVE-2014-0099", "CVE-2014-0107", "CVE-2014-0119", "CVE-2014-0460", "CVE-2014-0878"], "modified": "2018-06-15T07:01:35", "id": "B569A853D72B998931834B4E507ABAC9BFD3A8D8EC956A6081EB37817B823603", "href": "https://www.ibm.com/support/pages/node/250879", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-08T02:25:14", "description": "## Summary\n\nIBM B2B Advanced Communications has addressed vulnerabilities in Apache HttpClient shipped with product.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-13956](<https://vulners.com/cve/CVE-2020-13956>) \n** DESCRIPTION: **Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by the improper handling of malformed authority component in request URIs. By passing request URIs to the library as java.net.URI object, an attacker could exploit this vulnerability to pick the wrong target host for request execution. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/189572](<https://exchange.xforce.ibmcloud.com/vulnerabilities/189572>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2014-3577](<https://vulners.com/cve/CVE-2014-3577>) \n** DESCRIPTION: **Apache HttpComponents could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain name in the Subject's Common Name (CN) or SubjectAltName field of certificates. By persuading a victim to visit a Web site containing a specially-crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/95327](<https://exchange.xforce.ibmcloud.com/vulnerabilities/95327>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2012-5783](<https://vulners.com/cve/CVE-2012-5783>) \n** DESCRIPTION: **Apache Commons HttpClient, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate. By persuading a victim to visit a Web site containing a specially-crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/79984](<https://exchange.xforce.ibmcloud.com/vulnerabilities/79984>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2015-5262](<https://vulners.com/cve/CVE-2015-5262>) \n** DESCRIPTION: **Apache Commons is vulnerable to a denial of service, caused by the failure to apply a configured connection during the initial handshake of an HTTPS connection by the HttpClient component. An attacker could exploit this vulnerability to accumulate multiple connections and exhaust all available resources. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/106932](<https://exchange.xforce.ibmcloud.com/vulnerabilities/106932>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2012-6153](<https://vulners.com/cve/CVE-2012-6153>) \n** DESCRIPTION: **Apache HttpComponents could allow a remote attacker to conduct spoofing attacks, caused by an incomplete fix related to the failure to verify that the server hostname matches a domain name in the Subject's Common Name (CN) or SubjectAltName field of certificates. By persuading a victim to visit a Web site containing a specially-crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/95328](<https://exchange.xforce.ibmcloud.com/vulnerabilities/95328>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM B2B Advanced Communications| 1.0.0.x \nIBM Multi-Enterprise Integration Gateway| 1.0.0.1 \n \n\n\n## Remediation/Fixes\n\n**Product** | \n\n**Version**\n\n| \n\n**Remediation** \n \n---|---|--- \n \nIBM B2B Advanced Communications\n\n| \n\n1.0.0.x\n\n| Apply fix pack [1.0.0.8](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%20software&product=ibm/Other+software/Multi-Enterprise+Integration+Gateway&release=1.0.0.7&platform=All&function=fixId&fixids=IBM_B2B_Advanced_Communications_V1.0.0.8_FixPack_Media&includeSupersedes=0> \"1.0.0.8\" ) \nIBM Multi-Enterprise Integration Gateway| \n\n1.0.0.1\n\n| Apply fix pack [1.0.0.8 ](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%20software&product=ibm/Other+software/Multi-Enterprise+Integration+Gateway&release=1.0.0.7&platform=All&function=fixId&fixids=IBM_B2B_Advanced_Communications_V1.0.0.8_FixPack_Media&includeSupersedes=0> \"1.0.0.8\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2023-02-20T07:01:38", "type": "ibm", "title": "Security Bulletin: IBM B2B Advanced Communications is vulnerable to multiple issues due to Apache HttpClient", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5783", "CVE-2012-6153", "CVE-2014-3577", "CVE-2015-5262", "CVE-2020-13956"], "modified": "2023-02-20T07:01:38", "id": "F976E6D48149579C30755509014967F1B6A7163FEAAB9453EBE9572696C3DDDD", "href": "https://www.ibm.com/support/pages/node/6956846", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T05:54:56", "description": "## Summary\n\nA vulnerable version of Tomcat is included as part of IBM Cognos TM1. \n\n\n## Vulnerability Details\n\n**CVE-ID**: [CVE-2014-0075](<https://vulners.com/cve/CVE-2014-0075>) \n**DESCRIPTION**: Apache Tomcat is vulnerable to a denial of service, caused by the improper handling of a malformed chunk size as part of a chucked request. A remote attacker could exploit this vulnerability to cause a denial of service. \n \n**CVSS:** \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93365> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n \n**CVE-ID**: [CVE-2014-0099](<https://vulners.com/cve/CVE-2014-0099>) \n**DESCRIPTION**: Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the failure to check for overflows when parsing content length headers. By sending specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information. \n \n**CVSS:** \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93369> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM Cognos TM1 10.1.1.2 \nIBM Cognos TM1 10.2.0.2 \nIBM Cognos TM1 10.2.2\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the fix for versions listed as soon as practical. \n \nIBM Cognos TM1 10.1.1.2 Interim Fix 2 \n<http://www-01.ibm.com/support/docview.wss?uid=swg24038887> \n \nIBM Cognos TM1 10.2.0.2 Interim Fix 2 \n<http://www-01.ibm.com/support/docview.wss?uid=swg24038927> \n \nIBM Cognos TM1 10.2.2 Fix Pack 2 \n<http://www-01.ibm.com/support/docview.wss?uid=swg24038876>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-15T22:34:27", "type": "ibm", "title": "Security Bulletin: IBM Cognos TM1 is affected by the following Tomcat vulnerabilities: CVE-2014-0075, CVE-2014-0099", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0075", "CVE-2014-0099"], "modified": "2018-06-15T22:34:27", "id": "AD52780ADB1AA1A63A95666586BE3E3CBD0D8D672011DB568982D69F38937402", "href": "https://www.ibm.com/support/pages/node/522393", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T01:49:07", "description": "## Summary\n\nApache Tomcat has security vulnerabilities that can lead to a denial of service (DOS) attack or obtain sensitive information. To avoid this issue in IBM Rational Build Forge, you should use the latest version Apache Tomcat Server which contains the fix for these problems\n\n## Vulnerability Details\n\n| **Subscribe to My Notifications to be notified of important product support alerts like this.**\n\n * Follow [this link](<https://www.ibm.com/systems/support/myview/subscription/css.wss/subscriptions?methodName=startSearchToSubscribe&uctug_rational_dcfsbblurb_2013-11-05_myn_adoption_promo>) for more information (requires login with your IBM ID) \n---|--- \n \n**CVE-ID: **[**CVE-2014-0075**](<https://vulners.com/cve/CVE-2014-0075>) \n \n**Description:** Apache Tomcat is vulnerable to a denial of service, caused by the improper handling of a malformed chunk size as part of a chucked request. A remote attacker could exploit this vulnerability to cause a denial of service. \n \n**CVSS Base Score:** 5** \nCVSS Temporal Score: **See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93365> for the current score.** \nCVSS Environmental Score*:** Undefined** \nCVSS Vector:**(AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n \n**CVE-ID: **[**CVE-2014-0099**](<https://vulners.com/cve/CVE-2014-0099>) \n \n**Description:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the failure to check for overflows when parsing content length headers. By sending specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information. \n\n**CVSS Base Score:** 5** \nCVSS Temporal Score: **See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93369> for the current score.** \nCVSS Environmental Score*:** Undefined** \nCVSS Vector: **(AV:N/AC:L/Au:N/C:P/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM Rational Build Forge versions 7.1.2.\n\n## Remediation/Fixes\n\nApply the correct fix pack or iFix for your version of Build Forge: \n\n**Affected Version**| **Fix** \n---|--- \nBuild Forge 7.1.2.0 - 7.1.2.3| 7.1.2.3 iFix2 (not released yet) \n \n**Note:** If you need 7.1.2.3 iFix2, contact IBM support \n \n## Workarounds and Mitigations\n\nUpgrade Tomcat (which is in Build Forge installation directory). \n\nor \n\nUpgrade to [4037483: Rational Build Forge Fix Pack 2 (8.0.0.2) for 8.0](<http://www.ibm.com/support/docview.wss?uid=swg24037483>).\n\n## ", "cvss3": {}, "published": "2018-06-17T04:56:28", "type": "ibm", "title": "Security Bulletin: Rational Build Forge Security Advisory (CVE-2014-0075, CVE-2014-0099)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0075", "CVE-2014-0099"], "modified": "2018-06-17T04:56:28", "id": "E92BF7B99962FB16CEF2791538750652168DC6B3E67B515B830DD2E9A7E83E17", "href": "https://www.ibm.com/support/pages/node/246461", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-08T02:18:09", "description": "## Summary\n\nApache HttpClient used by IBM Tivoli Application Dependency Discovery Manager and is vulnerable to CVE-2011-1498, CVE-2012-5783, CVE-2012-6153, CVE-2014-3577,CVE-2015-5262\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2011-1498](<https://vulners.com/cve/CVE-2011-1498>) \n** DESCRIPTION: **Apache HttpComponents could allow a remote attacker to obtain sensitive information, caused by an unspecified error in HttpClient. An attacker could exploit this vulnerability to send the Proxy-Authorization header to the host and disclose the user's password. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/66241](<https://exchange.xforce.ibmcloud.com/vulnerabilities/66241>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) \n \n** CVEID: **[CVE-2012-5783](<https://vulners.com/cve/CVE-2012-5783>) \n** DESCRIPTION: **Apache Commons HttpClient, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate. By persuading a victim to visit a Web site containing a specially-crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/79984](<https://exchange.xforce.ibmcloud.com/vulnerabilities/79984>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2012-6153](<https://vulners.com/cve/CVE-2012-6153>) \n** DESCRIPTION: **Apache HttpComponents could allow a remote attacker to conduct spoofing attacks, caused by an incomplete fix related to the failure to verify that the server hostname matches a domain name in the Subject's Common Name (CN) or SubjectAltName field of certificates. By persuading a victim to visit a Web site containing a specially-crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/95328](<https://exchange.xforce.ibmcloud.com/vulnerabilities/95328>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2014-3577](<https://vulners.com/cve/CVE-2014-3577>) \n** DESCRIPTION: **Apache HttpComponents could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain name in the Subject's Common Name (CN) or SubjectAltName field of certificates. By persuading a victim to visit a Web site containing a specially-crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/95327](<https://exchange.xforce.ibmcloud.com/vulnerabilities/95327>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2015-5262](<https://vulners.com/cve/CVE-2015-5262>) \n** DESCRIPTION: **Apache Commons is vulnerable to a denial of service, caused by the failure to apply a configured connection during the initial handshake of an HTTPS connection by the HttpClient component. An attacker could exploit this vulnerability to accumulate multiple connections and exhaust all available resources. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/106932](<https://exchange.xforce.ibmcloud.com/vulnerabilities/106932>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Tivoli Application Dependency Discovery Manager| 7.3.0.0 -7.3.0.10 \n \n## Remediation/Fixes\n\nIn order to fix these vulnerabilities, Please follow below steps:\n\n**For TADDM 7.3.0.0-7.3.0.9, **Please upgrade your TADDM environment to 7.3.0.10 and then download the e-fix given in Table-1 and apply the e-fix.\n\n**For TADDM 7.3.0.10, **Please download the e-fix given in Table-1 and apply the e-fix.\n\n**Table-1**\n\nFix| \n\n**VRMF **\n\n| **APAR**| **How to acquire fix** \n---|---|---|--- \nefix_apache_https_4.5.14_FP10221123.zip| \n\n7.3.0.10\n\n| None| [Download eFix](<https://www.secure.ecurep.ibm.com/download/?id=CrKx6xuLnRjwkBcN8fiM8j0iluMzaH8ScFLWt3npfgM> \"Download eFix\" ) \n \n**Note:** Above e-fix is a custom e-fix, if there is no e-fix applied on your TADDM server, please applied it directly else please raise a case to TADDM Support team to get Custom e-fix.\n\nPlease refer to the table below to download TADDM FixPack 7.3.0.10.\n\n**Fix**| **How to acquire fix** \n---|--- \n7.3-TIV-ITADDM-FP00010| [Download FixPack](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FTivoli+Application+Dependency+Discovery+Manager&fixids=7.3-TIV-ITADDM-FP00010&source=SAR> \"Download FixPack\" ) \n \nPlease refer to the URL for TADDM FixPack 7.3.0.10 Release Notes containing more information about the update.\n\n<https://www.ibm.com/docs/en/taddm/7.3.0?topic=release-notes#relnotes__fp10>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2023-04-28T07:47:48", "type": "ibm", "title": "Security Bulletin: TADDM is vulnerable to a denial of service due to vulnerabilities in Apache HttpClient", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1498", "CVE-2012-5783", "CVE-2012-6153", "CVE-2014-3577", "CVE-2015-5262"], "modified": "2023-04-28T07:47:48", "id": "E865AEC861081DF4FF67DBF0B04D3E134D71A5914681CD7C13E100D35E6CDBA7", "href": "https://www.ibm.com/support/pages/node/6985905", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T05:49:28", "description": "## Summary\n\nPrevious releases of IBM Rational Automation Framework (RAF) are affected by the vulnerabilities in Apache Tomcat that may allow remote attackers to influence the availability of the Framework Server.\n\n## Vulnerability Details\n\n| **Subscribe to My Notifications to be notified of important product support alerts like this.**\n\n * Follow [this link](<https://www.ibm.com/systems/support/myview/subscription/css.wss/subscriptions?methodName=startSearchToSubscribe&uctug_rational_dcfsbblurb_2013-11-05_myn_adoption_promo>) for more information (requires login with your IBM ID) \n---|--- \n \n \n**CVE-ID:** [CVE-2014-0075](<https://vulners.com/cve/CVE-2014-0075>) \n \n**Description:** Apache Tomcat is vulnerable to a denial of service, caused by the improper handling of a malformed chunk size as part of a chucked request. A remote attacker could exploit this vulnerability to cause a denial of service. \n \n**CVSS Base Score:** 5 \n**CVSS Temporal Score: **See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93365> for more information \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector: **(AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n \n**CVE-ID: **[CVE-2014-0099](<https://vulners.com/cve/CVE-2014-0099>) \n \n**Description: **Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the failure to check for overflows when parsing content length headers. By sending specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information. \n \n**CVSS Base Score: **5 \n**CVSS Temporal Score: **See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93369> for more information \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector: **(AV:N/AC:L/Au:N/C:P/I:N/A:N) \n\n## Affected Products and Versions\n\nRational Automation Framework 3.0.1.0, 3.0.1.1 and 3.0.1.2 on all supported platforms.\n\n## Remediation/Fixes\n\nUpgrade to [Rational Automation Framework Fix Pack 3 (3.0.1.3) for 3.0.1](<http://www.ibm.com/support/docview.wss?uid=swg24038245>) or later.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-17T04:55:54", "type": "ibm", "title": "Security Bulletin: Open Source Tomcat vulnerabilities in May 2014 X-Force Report (CVE-2014-0075, CVE-2014-0099) for RAF", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0075", "CVE-2014-0099"], "modified": "2018-06-17T04:55:54", "id": "7E79C8722B51CD34772D4E6422F113B07D7EBC673CFF21F6F2933AB8FEC145E8", "href": "https://www.ibm.com/support/pages/node/515785", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T01:38:37", "description": "## Summary\n\nWebsphere Message Broker and IBM Integration Bus are affected by Open Source Tomcat reported in May 2014 X-Force Report .\n\n## Vulnerability Details\n\nWebsphere Message Broker and IBM Integration Bus are affected by CVE-2014-0075 and CVE-2014-0099. \n \n \n**CVE-ID: CVE-2014-0075** \nDescription: Apache Tomcat is vulnerable to a denial of service, caused by the improper handling of a malformed chunk size as part of a chunked request. A remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93365> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n**CVE-ID: CVE-2014-0099** \nDescription: Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the failure to check for overflows when parsing content length headers. By sending specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93369> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)\n\n## Affected Products and Versions\n\nWebSphere Message Broker V8.0 \n\nIBM Integration Bus V9.0 \n\n## Remediation/Fixes\n\n**Product**\n\n| **VRMF**| **APAR**| **Remediation/Fix** \n---|---|---|--- \nWebSphere message Broker \n| V8.0 \n| IT02891| The APAR is targeted to be available in fix pack 8.0.0.5. Prior to fix pack availability the APAR can be obtained on request from IBM Support \nIBM Integration Bus| V9.0| IT02891| The APAR is targeted to be available in fix pack 9.0.0.3. Prior to fix pack availability the APAR can be obtained on request from IBM Support \n \n \nThe planned maintenance release dates for WebSphere Message Broker and IBM Integration Bus are available at : \n[http://www.ibm.com/support/docview.wss?rs=849&uid=swg27006308 ](<http://www-01.ibm.com/support/docview.wss?rs=849&uid=swg27006308>)\n\n## Workarounds and Mitigations\n\nNone known\n\n## ", "cvss3": {}, "published": "2020-03-23T20:41:52", "type": "ibm", "title": "Security Bulletin: Websphere Message Broker and IBM Integration Bus are affected by Open Source Tomcat", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0075", "CVE-2014-0099"], "modified": "2020-03-23T20:41:52", "id": "43FBEEFC31F99AEB119439D6EF39666A16FB655D9FC959B3333EE94D3E086527", "href": "https://www.ibm.com/support/pages/node/251561", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-07T10:13:57", "description": "## Summary\n\nApache Tomcat is used by IBM FlashSystem 840 and V840 systems. Apache Tomcat has two vulnerabilities which an attacker could exploit. One vulnerability could be exploited to deny access to the system\u2019s Graphical User Interface (GUI) administrative interface. An attacker could exploit a second vulnerability to gain access to user credentials and use those to gain unauthorized administrative access to the system. \n\n## Vulnerability Details\n\n**1\\. CVE-ID: ** [_CVE-2014-0075_](<https://vulners.com/cve/CVE-2014-0075>) \n**DESCRIPTION:** Apache Tomcat is vulnerable to a denial of service, caused by the improper handling of a malformed chunk size as part of a chucked request. A remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: [_http://xforce.iss.net/xforce/xfdb/93365_](<http://xforce.iss.net/xforce/xfdb/93365>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n**2\\. CVE-ID: ** [_CVE-2014-0099_](<https://vulners.com/cve/CVE-2014-0099>) \n**DESCRIPTION:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the failure to check for overflows when parsing content length headers. By sending specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 5 \nCVSS Temporal Score: [_http://xforce.iss.net/xforce/xfdb/93369_](<http://xforce.iss.net/xforce/xfdb/93369>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n## Affected Products and Versions\n\nIBM FlashSystem 840: \nMachine Type 9840, model -AE1 (all supported releases before 1.1.3.2) \nMachine Type 9843, model -AE1 (all supported releases before 1.1.3.2) \n \nIBM FlashSystem V840: \nMachine Type 9846, model -AE1 (all supported releases before 1.1.3.2) \nMachine Type 9848, model -AE1 (all supported releases before 1.1.3.2) \nMachine Type 9846, models -AC0, & -AC1 (all supported releases before 7.3.0.8) \nMachine Type 9848, models -AC0, & -AC1 (all supported releases before 7.3.0.8)\n\n## Remediation/Fixes\n\nIBM recommends that you fix this vulnerability by upgrading affected versions of IBM FlashSystem 840 and V840 systems to the following code level or higher: \n \nfor 840 & V840 machine types 9840, 9846, & 9848, \u2013AE1 models: **1.1.3.2** \nfor V840 machine types 9846 & 9848, \u2013AC0 & -AC1 models: **7.3.0.8**\n\n## Workarounds and Mitigations\n\nNone known\n\n## ", "cvss3": {}, "published": "2023-02-18T01:45:50", "type": "ibm", "title": "Security Bulletin: Two (2) Vulnerabilities in Apache Tomcat affect IBM FlashSystem 840 and V840 systems (CVE-2014-0075 and CVE-2014-0099)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0075", "CVE-2014-0099"], "modified": "2023-02-18T01:45:50", "id": "D6A44428CCED7D4414F45995089E4B50263CC2289068653B4C25B2BD80252892", "href": "https://www.ibm.com/support/pages/node/690135", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T05:38:53", "description": "## Summary\n\nThe Apache Tomcat application server in installations of IBM Rational DOORS Web Access version contains security vulnerabilities.\n\n## Vulnerability Details\n\n| **Subscribe to My Notifications to be notified of important product support alerts like this.**\n\n * Follow [this link](<https://www.ibm.com/systems/support/myview/subscription/css.wss/subscriptions?methodName=startSearchToSubscribe&uctug_rational_dcfsbblurb_2013-11-05_myn_adoption_promo>) for more information (requires login with your IBM ID) \n---|--- \n \n \nSome versions of Rational DOORS Web Access are shipped with an Apache Tomcat application server that contains security vulnerabilities. Apache Tomcat has been updated to incorporate fixes for these vulnerabilities. \n \nRational DOORS Web Access is affected by the following vulnerabilities: \n \n**CVE ID:** [CVE-2013-4322](<https://vulners.com/cve/CVE-2013-4322>)** \n** \n**Description:** Apache Tomcat is vulnerable to a denial of service, caused by an incomplete fix related to the processing of chunked transfer coding without properly handling a large total amount of chunked data or whitespace characters in an HTTP header value. A remote attacker could exploit this vulnerability to cause a denial of service. \n \n**CVSS Base Score:** 5 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/91625> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** ([_AV:N/AC:L/AU:N/C:N/I:N/A:P_](<http://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2013-4322&vector=\$AV:N/AC:M/AU:N/C:N/I:N/A:P\$>)) \n \n \n**CVE ID:** [CVE-2013-4590 ](<https://vulners.com/cve/CVE-2013-4590>)** \n** \n**Description:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection (XXE) error when running untrusted web applications. By sending a specially-crafted request, an attacker could exploit this vulnerability to read arbitrary files and obtain sensitive information. \n \n**CVSS Base Score:** 4.3 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/91424> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** [_(AV:N/AC:M/AU:N/C:P/I:N/A:N)_](<http://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2013-4590&vector=\$AV:N/AC:M/AU:N/C:P/I:N/A:N\$>) \n \n \n**CVE ID:** [CVE-2014-0096 ](<https://vulners.com/cve/CVE-2014-0096>)** \n** \n**Description:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection (XXE) error when processing XML data by the default server. By sending specially-crafted XML data, an attacker could exploit this vulnerability to obtain sensitive information. \n \n**CVSS Base Score:** 4.3 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93367> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** [_(AV:N/AC:M/AU:N/C:P/I:N/A:N)_](<http://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2014-0096&vector=\$AV:N/AC:M/AU:N/C:P/I:N/A:N\$>) \n \n \n**CVE ID:** [CVE-2014-0099 ](<https://vulners.com/cve/CVE-2014-0099>)** \n** \n**Description:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the failure to check for overflows when parsing content length headers. By sending specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information. \n \n**CVSS Base Score:** 5 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93369> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** [_(AV:N/AC:L/AU:N/C:P/I:N/A:N)_](<http://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2014-0099&vector=\$AV:N/AC:M/AU:N/C:N/I:P/A:N\$>) \n \n \n**CVE ID:** [CVE-2014-0119 ](<https://vulners.com/cve/CVE-2014-0119>)** \n** \n**Description:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the replacement of the XML parsers used to process XSLTs for the default servlet. An attacker could exploit this vulnerability using a specially-crafted application to obtain sensitive information. \n \n**CVSS Base Score:** 5 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93368> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** [_(AV:N/AC:L/AU:N/C:P/I:N/A:N)_](<http://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2014-0119&vector=\$AV:N/AC:M/AU:N/C:P/I:N/A:N\$>)\n\n## Affected Products and Versions\n\nRational DOORS Web Access version 9.6.0, 9.5.2.x, 9.5.1.x, 9.5.0.x, 1.5.0.x, 1.4.0.4: \n(Note that these two vulnerabilities are not applicable in version 9.6.0.1 and later.) \n\n * CVE-2013-4322 with a CVSS of 4.3\n * CVE-2013-4590 with a CVSS of 4.3 \n\n \nRational DOORS Web Access version 9.6.0.x, 9.5.2.x, 9.5.1.x, 9.5.0.x, 1.5.0.x, 1.4.0.4: \n(Note that these three vulnerabilities are still applicable in version 9.6.0.1 and later.) \n\n * CVE-2014-0096 with a CVSS of 4.3\n * CVE-2014-0099 with a CVSS of 5\n * CVE-2014-0119 with a CVSS of 5\n\n## Remediation/Fixes\n\nYou can upgrade Apache Tomcat after installing Rational DOORS Web Access. \n\n \nTo obtain the updated version of the Apache Tomcat, [_contact IBM Support_](<https://www-947.ibm.com/support/servicerequest/Home.action?category=2>). \n \nSupport can help identify the latest Apache Tomcat that is compatible with your operating system and platform. Publicly available versions of the Apache Tomcat are not supported with Rational DOORS Web Access. \n \nThe following table presents Rational DOORS Web Access versions and the compatible versions of Apache Tomcat. \n \n**Rational DOORS Web Access**| **Apache Tomcat** \n---|--- \n1.4.0.4| 6.0.41 \n1.5.0.x| 6.0.41 \n9.5.0.x| 6.0.41 \n9.5.1.x| 6.0.41 \n9.5.2.x| 6.0.41 \n9.6.0.x| 7.0.54 \n \n \nAfter you obtain the Apache Tomcat update from Support do these steps: \n \n**Procedure:** \n\n\n 1. Go to the Rational DOORS Web Access installation directory. \n \nFor example: \n`C:\\Program Files (x86)\\IBM\\Rational\\DOORS Web Access\\9.version \n \n`\n 2. Rename the **server** directory to **server.orig**. \n \n\n 3. Extract the Apache Tomcat server archive that was supplied by Support to **./server** in the Rational DOORS Web Access installation directory. \n \n\n 4. Copy your **./server.orig/festival** directory to **./server/festival**. \n \n\n 5. Copy the **./server.orig/conf/server.xml** file to **./server/conf/server.xml**. \n \n\n 6. Copy **./server.orig/webapps/*.war** to **./server/webapps**. \n \n\n 7. **Optional**: Copy any customized files from the **./server.orig** directory to **./server**. \n \n\n 8. **UNIX systems only:** Run the **./configure-festival.sh** command, as described in the help topic [Installing the web access server and the web access broker on Linux or Solaris systems](<https://www-01.ibm.com/support/knowledgecenter/SSYQBZ_9.6.0/com.ibm.rational.dwa.install.doc/topics/t_instdwasandbunix.html>). \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2020-05-01T08:48:11", "type": "ibm", "title": "Security Bulletin: Security vulnerabilities in Apache Tomcat in Rational DOORS Web Access", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4322", "CVE-2013-4590", "CVE-2014-0096", "CVE-2014-0099", "CVE-2014-0119"], "modified": "2020-05-01T08:48:11", "id": "4EA16C484A11E833B1DEB803D6ABABC8ED4970EE9E61B2165CE99AF8625D8A2C", "href": "https://www.ibm.com/support/pages/node/514537", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-08T02:12:33", "description": "## Summary\n\nAPM Linux KVM Agent is vulnerable to Apache HttpClient vulnerabilities described in220912, CVE-2020-13956. The fix includes httpclient-4.5.jar upgraded to httpclient-4.5.13.jar\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2012-6153](<https://exchange.xforce.ibmcloud.com/vulnerabilities/95328>) \n** DESCRIPTION: **Apache HttpComponents could allow a remote attacker to conduct spoofing attacks, caused by an incomplete fix related to the failure to verify that the server hostname matches a domain name in the Subject's Common Name (CN) or SubjectAltName field of certificates. By persuading a victim to visit a Web site containing a specially-crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/95328](<https://exchange.xforce.ibmcloud.com/vulnerabilities/95328>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2020-13956](<https://exchange.xforce.ibmcloud.com/vulnerabilities/189572>) \n** DESCRIPTION: **Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by the improper handling of malformed authority component in request URIs. By passing request URIs to the library as java.net.URI object, an attacker could exploit this vulnerability to pick the wrong target host for request execution. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/189572](<https://exchange.xforce.ibmcloud.com/vulnerabilities/189572>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2014-3577](<https://exchange.xforce.ibmcloud.com/vulnerabilities/95327>) \n** DESCRIPTION: **Apache HttpComponents could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain name in the Subject's Common Name (CN) or SubjectAltName field of certificates. By persuading a victim to visit a Web site containing a specially-crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/95327](<https://exchange.xforce.ibmcloud.com/vulnerabilities/95327>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** IBM X-Force ID: **220912 \n** DESCRIPTION: **Apache HttpComponents Client could allow a remote attacker to traverse directories on the system, caused by improper validation of user requests. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view files on the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [https://exchange.xforce.ibmcloud.com/vulnerabilities/220912 ](<https://exchange.xforce.ibmcloud.com/vulnerabilities/220912>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nAPM Agents for Monitoring| all \n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now by upgrading: \n\nProduct Remediation| Fix \n---|--- \nAPM on-premise| \n\nAPM Linux KVM Agent release 8.1.4.0.20\n\nLinux KVM Agent Version: 08.23.05.00\n\nDownload the APM Advanced Agents installer from Passport Advantage. Please refer below link for download instructions:\n\n<https://www.ibm.com/docs/en/capmp/8.1.4?topic=advantage-part-numbers> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2023-06-14T15:55:11", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities of Apache HttpClient have affected APM Linux KVM Agent", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-6153", "CVE-2014-3577", "CVE-2020-13956"], "modified": "2023-06-14T15:55:11", "id": "7C6868DF7570F67513CD79FFFE949C20A91FB069E0BF035BB536049992C5168D", "href": "https://www.ibm.com/support/pages/node/7003887", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-12T21:33:44", "description": "## Summary\n\nIBM Tivoli Netcool Impact has addressed the following open source vulnerabilities.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2012-5783](<https://vulners.com/cve/CVE-2012-5783>) \n**DESCRIPTION: ** Apache Commons HttpClient, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate. By persuading a victim to visit a Web site containing a specially-crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79984> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n**CVEID: **[CVE-2015-0227](<https://vulners.com/cve/CVE-2015-0227>) \n**DESCRIPTION: ** Apache WSS4J could allow a remote attacker to bypass security restrictions, caused by the failure to properly enforce the requireSignedEncryptedDataElements property. An attacker could exploit this vulnerability using various types of wrapping attacks to bypass security restrictions and perform unauthorized actions. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100837> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) \n \n**CVEID: **[CVE-2014-3577](<https://vulners.com/cve/CVE-2014-3577>) \n**DESCRIPTION: ** Apache HttpComponents could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain name in the Subject's Common Name (CN) or SubjectAltName field of certificates. By persuading a victim to visit a Web site containing a specially-crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/95327> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n**CVEID: **[CVE-2012-6153](<https://vulners.com/cve/CVE-2012-6153>) \n**DESCRIPTION: ** Apache HttpComponents could allow a remote attacker to conduct spoofing attacks, caused by an incomplete fix related to the failure to verify that the server hostname matches a domain name in the Subject's Common Name (CN) or SubjectAltName field of certificates. By persuading a victim to visit a Web site containing a specially-crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/95328> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n**CVEID: **[CVE-2013-6440](<https://vulners.com/cve/CVE-2013-6440>) \n**DESCRIPTION: ** OpenSAML could allow a remote authenticated attacker to obtain sensitive information, caused by an error when parsing XML entities. By persuading a victim to open a specially-crafted XML document containing external entity references, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/89714> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n \n**CVEID: **[CVE-2015-1796](<https://vulners.com/cve/CVE-2015-1796>) \n**DESCRIPTION: ** Shibboleth Identity Provider could allow a remote attacker to bypass security restrictions, caused by an error in the PKIX trust component. An attacker could exploit this vulnerability using a certificate issued by the shibmd:KeyAuthority trust anchors to impersonate any eneity. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/105594> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) \n\n\n## Affected Products and Versions\n\nAffected IBM Tivoli Netcool Impact | Affected Versions \n---|--- \nIBM Tivoli Netcool Impact 7.1.0 | 7.1.0.0 ~ 7.1.0.13 \n \n## Remediation/Fixes\n\nProduct | VRMF | APAR | Remediation / First Fix \n---|---|---|--- \nIBM Tivoli Netcool Impact 7.1.0 | IF0006 | IJ05374 | [7.1.0.13-TIV-NCI-IF0006](<https://www-01.ibm.com/support/docview.wss?uid=ibm10716053>) \n \n**Please also note the** ** ** [**_end of support announcement_**](<http://www-01.ibm.com/common/ssi/ShowDoc.wss?docURL=/common/ssi/rep_ca/8/897/ENUS917-138/index.html&lang=en&request_locale=en>) ** ** **from 12 September 2017 for selected Netcool product versions. You can find detailed information on whether the product version you have installed in your environment is affected by this end of service announcement by following the** ** ** [**_Netcool End of Support Knowledge Collection_**](<https://www-01.ibm.com/support/entdocview.wss?uid=swg22009231>) **. ** **If your product version is affected, IBM recommend to upgrade your product version to the latest supported version of your product. Please contact your IBM account manager for any question you might have or for any assistance you may require for upgrading an end of service announced offering.**\n\n## ", "cvss3": {}, "published": "2018-07-18T09:46:57", "type": "ibm", "title": "Security Bulletin: IBM Tivoli Netcool Impact is affected by open source vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5783", "CVE-2012-6153", "CVE-2013-6440", "CVE-2014-3577", "CVE-2015-0227", "CVE-2015-1796"], "modified": "2018-07-18T09:46:57", "id": "229A4B43FE77515F8665EB39BE40365AEA78A7E6905A77143AA0029AE91AE79C", "href": "https://www.ibm.com/support/pages/node/717485", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-28T01:55:56", "description": "## Summary\n\nEmbedded IBM WebSphere Application Server is shipped with IBM Tivoli Network Manager versions 4.2.0, 4.1.1 and 3.9. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nITNM| 3.9 \nITNM| 4.1.1.x \nITNM| 4.2.0.x \n \n\n\n## Remediation/Fixes\n\n \n\n\nAffected Product(s)| Version(s)| Remediation \n---|---|--- \nITNM| 3.9| \n\n[Multiple Vulnerabilities in Apache HttpComponents and HttpCommons affect WebSphere Application Server](<https://www.ibm.com/support/pages/node/6453091> \"Multiple Vulnerabilities in Apache HttpComponents and HttpCommons affect WebSphere Application Server\" )\n\nSee section: For V8.5.0.0 through 8.5.5.19: \n \nITNM| 4.1.1.x| \n\n[Multiple Vulnerabilities in Apache HttpComponents and HttpCommons affect WebSphere Application Server](<https://www.ibm.com/support/pages/node/6453091> \"Multiple Vulnerabilities in Apache HttpComponents and HttpCommons affect WebSphere Application Server\" )\n\nSee section: For V8.5.0.0 through 8.5.5.19: \n \nITNM| 4.2.0.x| \n\n[Multiple Vulnerabilities in Apache HttpComponents and HttpCommons affect WebSphere Application Server](<https://www.ibm.com/support/pages/node/6453091> \"Multiple Vulnerabilities in Apache HttpComponents and HttpCommons affect WebSphere Application Server\" )\n\nSee section: For V8.5.0.0 through 8.5.5.19: \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2021-06-28T13:17:53", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in embedded IBM WebSphere Application Server, which is shipped with IBM Tivoli Network Manager IP Edition (CVE-2015-5262, CVE-2014-3577, CVE-2012-6153, CVE-2011-149)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2012-6153", "CVE-2014-3577", "CVE-2015-5262"], "modified": "2021-06-28T13:17:53", "id": "7C2E3EBD59844B33604F823D03303C3D61BA5B706D9B3DBCB94DE8170A315138", "href": "https://www.ibm.com/support/pages/node/6467603", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T02:45:57", "description": "## Summary\n\nIBM WebSphere Portal is shipped as a component of IBM Intelligent Operations Center. Information about security vulnerabilities affecting IBM WebSphere Portal has been published in a security bulletin. \n\n## Vulnerability Details\n\nConsult the security bulletin: [Fixes available for Security Vulnerabilities in Apache HttpComponents that affect IBM WebSphere Portal (CVE-2012-6153; CVE-2014-3577, CVE-2015-5262)](<https://www.ibm.com/support/docview.wss?uid=swg21694835>) for vulnerability details and information about fixes.\n\n## Affected Products and Versions\n\n**Principal Product and Version(s)**\n\n| **Affected Supporting Product and Version** \n---|--- \nIBM Intelligent Operations Center V1.5, V1.6| IBM Intelligent Operations Center for Emergency Management V1.6 \nIBM Intelligent Operations for Water V1.0, V1.5, V1.6 \nIBM Intelligent Operations for Transportation V1.0, V1.5, V1.6 \nIBM Intelligent City Planning and Operations V1.5, V1.6 \nIBM Intelligent Operations Center V5.1| IBM Intelligent Operations Center for Emergency Management V5.1 \n \n## ", "cvss3": {}, "published": "2022-08-19T21:04:31", "type": "ibm", "title": "Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Portal shipped with IBM Intelligent Operations Center and related products\u00a0(CVE-2015-5262)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-6153", "CVE-2014-3577", "CVE-2015-5262"], "modified": "2022-08-19T21:04:31", "id": "52B201EAD7D8FBAAE3AB5280B9E773559F7305E89BBE33D8F5F38C7C4DE82834", "href": "https://www.ibm.com/support/pages/node/273357", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-12-08T01:54:14", "description": "## Summary\n\nIBM Storage Protect Backup-Archive Client, IBM Storage Protect for Virtual Environments (Data Protection for VMware only), and IBM Storage Protect for Space Management can be affected by a vulnerability in Apache HttpComponents. The vulnerability can lead to spoofing attacks, bypass of security restrictions, and information disclosure, as described in the \"Vulnerability Details\" section.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2012-6153](<https://exchange.xforce.ibmcloud.com/vulnerabilities/95328>) \n** DESCRIPTION: **Apache HttpComponents could allow a remote attacker to conduct spoofing attacks, caused by an incomplete fix related to the failure to verify that the server hostname matches a domain name in the Subject's Common Name (CN) or SubjectAltName field of certificates. By persuading a victim to visit a Web site containing a specially-crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/95328](<https://exchange.xforce.ibmcloud.com/vulnerabilities/95328>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2014-3577](<https://exchange.xforce.ibmcloud.com/vulnerabilities/95327>) \n** DESCRIPTION: **Apache HttpComponents could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain name in the Subject's Common Name (CN) or SubjectAltName field of certificates. By persuading a victim to visit a Web site containing a specially-crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/95327](<https://exchange.xforce.ibmcloud.com/vulnerabilities/95327>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2020-13956](<https://exchange.xforce.ibmcloud.com/vulnerabilities/189572>) \n** DESCRIPTION: **Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by the improper handling of malformed authority component in request URIs. By passing request URIs to the library as java.net.URI object, an attacker could exploit this vulnerability to pick the wrong target host for request execution. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/189572](<https://exchange.xforce.ibmcloud.com/vulnerabilities/189572>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** IBM X-Force ID: **220912 \n** DESCRIPTION: **Apache HttpComponents Client could allow a remote attacker to traverse directories on the system, caused by improper validation of user requests. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view files on the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [https://exchange.xforce.ibmcloud.com/vulnerabilities/220912 ](<https://exchange.xforce.ibmcloud.com/vulnerabilities/220912>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\n**IBM strongly recommends addressing the vulnerability now by upgrading.**\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Storage Protect Client| 8.1.0.0 - 8.1.19.0 \nIBM Storage Protect for Space Management| 8.1.0.0 - 8.1.19.0 \nIBM Storage Protect for Virtual Environments: Data Protection for VMware| 8.1.0.0 - 8.1.19.0 \n \n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now by upgrading.**\n\n**Product \n**| **Fixing level**| **Platforms**| **Link to fix and instructions** \n---|---|---|--- \nIBM Storage Protect Backup-Archive Client| 8.1.20.0| AIX \nHP-UX \nLinux \nMacintosh \nSolaris \nWindows| <https://www.ibm.com/support/pages/node/7015829> \nIBM Storage Protect for Space Management| 8.1.20.0| AIX \nLinux| <https://www.ibm.com/support/pages/node/7015827> \nIBM Storage Protect for Virtual Environments: Data Protection for VMware| 8.1.20.0| Linux \nWindows| <https://www.ibm.com/support/pages/node/7015823> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2023-10-04T12:58:09", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Apache HttpComponents affect IBM Storage Protect Client, IBM Storage Protect for Virtual Environments, and IBM Storage Protect for Space Management (CVE-2012-6153, CVE-2014-3577, CVE-2020-13956)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-6153", "CVE-2014-3577", "CVE-2020-13956"], "modified": "2023-10-04T12:58:09", "id": "2778C5D6C324BC30DB7DAEAED1BB702CE80B1BCFF6D36121D0025E1E4A547CBD", "href": "https://www.ibm.com/support/pages/node/7037815", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T01:52:31", "description": "## Summary\n\nSecurity vulnerabilities have been discovered in Tomcat, XalanJ and the IBM JRE that were reported in late May, 2014.\n\n## Vulnerability Details\n\n \n**CVE-ID**: [CVE-2014-0107](<https://vulners.com/cve/CVE-2014-0107>) \n**DESCRIPTION**: Apache Xalan-Java could allow a remote attacker to bypass security restrictions, caused by the improper handling of output properties. An attacker could exploit this vulnerability to bypass the secure processing feature to load arbitrary restricted classes. \n \n**CVSS:** \nCVSS Base Score: 5.0 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/92023> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) \n \n \n**CVE-ID**: [CVE-2014-0224](<https://vulners.com/cve/CVE-2014-0224>) \n**DESCRIPTION**: OpenSSL is vulnerable to a man-in-the-middle attack, caused by the use of weak keying material in SSL/TLS clients and servers. A remote attacker could exploit this vulnerability using a specially-crafted handshake to conduct man-in-the-middle attacks to decrypt and modify traffic. \n \n**CVSS:** \nCVSS Base Score: 5.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93586> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N) \n \n \n**CVE-ID**: [CVE-2014-0075](<https://vulners.com/cve/CVE-2014-0075>) \n**DESCRIPTION**: Apache Tomcat is vulnerable to a denial of service, caused by the improper handling of a malformed chunk size as part of a chucked request. A remote attacker could exploit this vulnerability to cause a denial of service. \n \n**CVSS:** \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93365> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n \n \n**CVE-ID**: [CVE-2014-0095](<https://vulners.com/cve/CVE-2014-0095>) \n**DESCRIPTION**: Apache Tomcat is vulnerable to a denial of service, caused by the improper handling of an AJP request. A remote attacker could exploit this vulnerability to consume a request processing thread and cause a denial of service. \n \n**CVSS:** \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93366> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P) \n \n \n**CVE-ID**: [CVE-2014-0096](<https://vulners.com/cve/CVE-2014-0096>) \n**DESCRIPTION**: Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection (XXE) error when processing XML data by the default server. By sending specially-crafted XML data, an attacker could exploit this vulnerability to obtain sensitive information. \n \n**CVSS:** \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93367> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n \n \n \n**CVE-ID**: [CVE-2014-0099](<https://vulners.com/cve/CVE-2014-0099>) \n**DESCRIPTION**: Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the failure to check for overflows when parsing content length headers. By sending specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93369> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) \n \n \n**CVE-ID**: [CVE-2014-0119](<https://vulners.com/cve/CVE-2014-0119>) \n**DESCRIPTION**: Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the replacement of the XML parsers used to process XSLTs for the default servlet. An attacker could exploit this vulnerability using a specially-crafted application to obtain sensitive information. \n \n**CVSS:** \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93368> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) \n \n \n**CVE-ID**: [CVE-2014-0878](<https://vulners.com/cve/CVE-2014-0878>) \n**DESCRIPTION**: A vulnerability in the IBMSecureRandom implementation of the IBMJCE and IBMSecureRandom cryptographic providers potentially allows an attacker to predict the output of the random number generator under certain circumstances. Please refer to the Workarounds & Mitigation section below for additional information. \n \n**CVSS:** \nCVSS Base Score: 5.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/91084> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N) \n \n \n**CVE-ID**: [CVE-2014-0460](<https://vulners.com/cve/CVE-2014-0460>) \n**DESCRIPTION**: An unspecified vulnerability related to the JNDI component has partial confidentiality impact, partial integrity impact, and no availability impact. \n \n**CVSS:** \nCVSS Base Score: 5.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/92482> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N) \n \n\n\n## Affected Products and Versions\n\n * IBM Cognos Business Intelligence Server 10.2.1.1\n * IBM Cognos Business Intelligence Server 10.2.1\n * IBM Cognos Business Intelligence Server 10.2\n * IBM Cognos Business Intelligence Server 10.1.1\n * IBM Cognos Business Intelligence Server 10.1\n * IBM Cognos Business Intelligence Server 8.4.1\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the fix for versions listed as soon as practical. \n\n\n * [Cognos BI 10.2.1 FP4 (10.2.1.4)](<http://www.ibm.com/support/docview.wss?uid=swg24038092>)\n * [Cognos BI 10.2 IF10 and 10.2.1 IF7](<http://www.ibm.com/support/docview.wss?uid=swg24038145>)\n * [Cognos BI 10.1 IF9 and 10.1.1 IF8](<http://www.ibm.com/support/docview.wss?uid=swg24038146>)\n * [Cognos BI 8.4.1 IF7](<http://www.ibm.com/support/docview.wss?uid=swg24038144>)\n\n## Workarounds and Mitigations\n\nNone known.\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2018-06-15T23:13:33", "type": "ibm", "title": "Security Bulletin: Cognos BI Server is affected by the following vulnerabilities: CVE-2014-0107, CVE-2014-0075, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119, CVE-2014-0878, CVE-2014-0460", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0075", "CVE-2014-0095", "CVE-2014-0096", "CVE-2014-0099", "CVE-2014-0107", "CVE-2014-0119", "CVE-2014-0224", "CVE-2014-0460", "CVE-2014-0878"], "modified": "2018-06-15T23:13:33", "id": "425388ECE1ADC07929410BEE459751DFD6F958476D182A188AADBC4797B87839", "href": "https://www.ibm.com/support/pages/node/248801", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:48:56", "description": "## Summary\n\nApache Tomcat is shipped as a component of RLKS Administration and Reporting Tool (RLKS ART) . Information about multiple security vulnerabilities affecting Apache Tomcat, version 7.0.52, have been published in this security bulletin.\n\n## Vulnerability Details\n\n**CVE ID:** [](<https://vulners.com/cve/CVE-2014-0411>)[CVE-2014-7810](<https://vulners.com/cve/CVE-2014-7810>) \n**Description**: Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the use of expression language. An attacker could exploit this vulnerability to bypass the protections of a Security Manager. \n**CVSS Base Score:**5.0** \nCVSS Temporal Score: **See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/103155_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/103155>) for the current score** \nCVSS Environmental Score:***Undefined** \nCVSS Vector:**AV:N/AC:L/Au:N/C:N/I:P/A:N \n \n \n**CVEID**: [_CVE-2013-4444_](<https://vulners.com/cve/CVE-2013-4444>) \n**Description**: Apache Tomcat could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions by the File Upload feature. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious JSP, which could allow the attacker to execute arbitrary JSP code on the vulnerable system. \n**CVSS Base Score**: 6.0 \n**CVSS Temporal Score**: <https://exchange.xforce.ibmcloud.com/vulnerabilities/95876> for more information \n**CVSS Environmental Score***: Undefined \n**CVSS Vector**: (AV:N/AC:M/Au:S/C:P/I:P/A:P) \n** \n** \n**CVEID**: [_CVE-2014-0075_](<https://vulners.com/cve/CVE-2014-0075>) \n**Description**: Apache Tomcat is vulnerable to a denial of service, caused by the improper handling of a malformed chunk size as part of a chunked request. A remote attacker could exploit this vulnerability to cause a denial of service. \n**CVSS Base Score**: 5 \n**CVSS Temporal Score**: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/93365>_ for more information \n**CVSS Environmental Score***: Undefined \n**CVSS Vector**: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n** \n** \n**CVEID**: [_CVE-2014-0095_](<https://vulners.com/cve/CVE-2014-0095>) \n**Description**: Apache Tomcat is vulnerable to a denial of service, caused by the improper handling of an AJP request. A remote attacker could exploit this vulnerability to consume a request processing thread and cause a denial of service. \n**CVSS Base Score**: 4.3 \n**CVSS Temporal Score**: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93366> for more information \n**CVSS Environmental Score***: Undefined \n**CVSS Vector**: (AV:N/AC:M/Au:N/C:N/I:N/A:P) \n** \n** \n**CVEID**: [_CVE-2014-0096_](<https://vulners.com/cve/CVE-2014-0096>) \n**Description**: Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection (XXE) error when processing XML data by the default server. By sending specially crafted XML data, an attacker could exploit this vulnerability to obtain sensitive information. \n**CVSS Base Score**: 4.3 \n**CVSS Temporal Score**: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/93367>_ for more information \n**CVSS Environmental Score***: Undefined \n**CVSS Vector**: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n** \n** \n**CVEID**: [_CVE-2014-0099_](<https://vulners.com/cve/CVE-2014-0099>) \n**Description**: Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the failure to check for overflows when parsing content length headers. By sending specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. \n**CVSS Base Score**: 5 \n**CVSS Temporal Score**: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93369> for more information \n**CVSS Environmental Score***: Undefined \n**CVSS Vector**: (AV:N/AC:L/Au:N/C:P/I:N/A:N) \n** \n** \n**CVEID**: [_CVE-2014-0119_](<https://vulners.com/cve/CVE-2014-0119>) \n**Description**: Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the replacement of the XML parsers used to process XSLTs for the default servlet. An attacker could exploit this vulnerability using a specially crafted application to obtain sensitive information. \n**CVSS Base Score**: 5 \n**CVSS Temporal Score**: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/93368>_ for more information \n**CVSS Environmental Score***: Undefined \n**CVSS Vector**: (AV:N/AC:L/Au:N/C:P/I:N/A:N) \n** \n** \n**CVEID**: [_CVE-2014-0227_](<https://vulners.com/cve/CVE-2014-0227>) \n**Description**: Apache Tomcat is vulnerable to HTTP request smuggling. A remote attacker could send a specially crafted request in a malformed chunked header to the Web server to cause multiple processing conflicts on the servers. An attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \n**CVSS Base Score**: 4.3 \n**CVSS Temporal Score**: _<https://exchange.xforce.ibmcloud.com/vulnerabilities/100751>_ for more information \n**CVSS Environmental Score***: Undefined \n**CVSS Vector**: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n** \n** \n**CVEID**:** **[_CVE-2014-0230_](<https://vulners.com/cve/CVE-2014-0230>)** ** \n**Description**: Apache Tomcat is vulnerable to a denial of service, caused by an error when uploading files. An attacker could exploit this vulnerability to consume all available memory resources. \n**CVSS Base Score**: 5.0 \n**CVSS Temporal Score**: [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102131_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102131>) for current score \n**CVSS Environmental Score***: Undefined \n**CVSS Vector**: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n \n**CVEID**:** **[CVE-2015-5345](<https://vulners.com/cve/CVE-2015-5345>)** ** \n**Description:** Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an error when accessing a protected directory. By redirecting to the URL, an attacker could exploit this vulnerability to determine the presence of a directory. \nCVSS Base Score: 5.300 \nCVSS Temporal Score: [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110857_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110857>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n \n**CVEID**: [CVE-2015-5346](<https://vulners.com/cve/CVE-2015-5346>) \n**Description**: Apache Tomcat could allow a remote attacker to hijack a valid user's session, caused by the failure to recycle the requestedSessionSSL field when recycling the Request object to use for a new request. By persuading a victim to visit a specially-crafted link and log into the application, a remote attacker could exploit this vulnerability to hijack another user's account and possibly launch further attacks on the system. \nCVSS Base Score: 4.300 \nCVSS Temporal Score: [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110854>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) \n \n \n**CVEID**: [CVE-2015-5174](<https://vulners.com/cve/CVE-2015-5174>) \n**Description**: Apache Tomcat could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing \"\"dot dot\"\" sequences (/../) in the getResource(), getResourceAsStream() and getResourcePaths() ServletContext methods to obtain a directory listing for the directory. \nCVSS Base Score: 5.300 \nCVSS Temporal Score: [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110860_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110860>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nThese vulnerabilities affect all versions of IBM RLKS Administration and Reporting Tool.\n\n## Remediation/Fixes\n\n**_Remediation_**\n\nFollow the instructions in [How to manually update Apache Tomcat?](<https://www-304.ibm.com/support/docview.wss?uid=swg21973649>) to upgrade to Apache Tomcat, version 7.0.68, where these vulnerabilities have been fixed.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-17T05:09:27", "type": "ibm", "title": "Security Bulletin: Multiple Security Vulnerabilities in Apache Tomcat affect IBM RLKS Administration and Reporting Tool", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4444", "CVE-2014-0075", "CVE-2014-0095", "CVE-2014-0096", "CVE-2014-0099", "CVE-2014-0119", "CVE-2014-0227", "CVE-2014-0230", "CVE-2014-0411", "CVE-2014-7810", "CVE-2015-5174", "CVE-2015-5345", "CVE-2015-5346"], "modified": "2018-06-17T05:09:27", "id": "CFF78161323725A8FD12DF13E41FC085C16BC5DB4DD0560B538661E5E827574B", "href": "https://www.ibm.com/support/pages/node/540977", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-06-24T06:16:13", "description": "## Summary\n\nWebsphere Application Server (WAS) is shipped as a component of IBM Operations Analytics Predictive Insights. Information about WebSphere Application Server vulnerabilities( CVE-2012-6153, CVE-2014-3577, CVE-2011-1498, CVE-2015-5262 ) in the Apache Commons and Apache HttpComponents jars have been published in a security bulletin\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\n**Principal Product and Version(s)**| **Affected Supporting Product and Version(s)** \n---|--- \nIBM Operations Analytics Predictive Insights - All| Websphere Application Server 8.5 \n \n\n\n## Remediation/Fixes\n\nPlease consult the security bulletin [Multiple Vulnerabilities in Apache HttpComponents and HttpCommons affect WebSphere Application Server ](<https://www.ibm.com/support/pages/node/6453091> \"Multiple Vulnerabilities in Apache HttpComponents and HttpCommons affect WebSphere Application Server\" )for vulnerability details and information about fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2021-09-10T16:07:28", "type": "ibm", "title": "Security Bulletin: Multiple security vulnerabilities ( CVE-2012-6153, CVE-2014-3577, CVE-2011-1498, CVE-2015-5262 ) has been identified in IBM WebSphere Application Server shipped with IBM Operations Analytics Predictive Insights", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1498", "CVE-2012-6153", "CVE-2014-3577", "CVE-2015-5262"], "modified": "2021-09-10T16:07:28", "id": "FCE59DFD42E59BD7167FAF3866E489EED4113CD69D8279859881BE9C677B99EE", "href": "https://www.ibm.com/support/pages/node/6488047", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-06-24T06:16:21", "description": "## Summary\n\nIBM Security Identity Manager Virtual Appliance (ISIM VA) has addressed the following vulnerabilities in Apache HttpComponents and HttpCommons that affect WebSphere Application Server \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2015-5262](<https://vulners.com/cve/CVE-2015-5262>) \n** DESCRIPTION: **Apache Commons is vulnerable to a denial of service, caused by the failure to apply a configured connection during the initial handshake of an HTTPS connection by the HttpClient component. An attacker could exploit this vulnerability to accumulate multiple connections and exhaust all available resources. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/106932](<https://exchange.xforce.ibmcloud.com/vulnerabilities/106932>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2014-3577](<https://vulners.com/cve/CVE-2014-3577>) \n** DESCRIPTION: **Apache HttpComponents could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain name in the Subject's Common Name (CN) or SubjectAltName field of certificates. By persuading a victim to visit a Web site containing a specially-crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/95327](<https://exchange.xforce.ibmcloud.com/vulnerabilities/95327>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2012-6153](<https://vulners.com/cve/CVE-2012-6153>) \n** DESCRIPTION: **Apache HttpComponents could allow a remote attacker to conduct spoofing attacks, caused by an incomplete fix related to the failure to verify that the server hostname matches a domain name in the Subject's Common Name (CN) or SubjectAltName field of certificates. By persuading a victim to visit a Web site containing a specially-crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/95328](<https://exchange.xforce.ibmcloud.com/vulnerabilities/95328>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2011-1498](<https://vulners.com/cve/CVE-2011-1498>) \n** DESCRIPTION: **Apache HttpComponents could allow a remote attacker to obtain sensitive information, caused by an unspecified error in HttpClient. An attacker could exploit this vulnerability to send the Proxy-Authorization header to the host and disclose the user's password. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/66241](<https://exchange.xforce.ibmcloud.com/vulnerabilities/66241>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nISIM VA| 7.0.1 \n \n\n\n## Remediation/Fixes\n\n \n\n\nAffected Product(s)| Version(s)| Fix Availability \n---|---|--- \nIBM Security Identity Manager Virtual Appliance| 7.0.1 \n| [7.0.1-ISS-SIM-FP0016](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FTivoli%2FTivoli+Identity+Manager&fixids=7.0.1-ISS-SIM-FP0016&source=SAR&function=fixId&parent=IBM%20Security> \"\" ) \n \n\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2021-09-01T17:30:36", "type": "ibm", "title": "Security Bulletin: Security vulnerabilities have been fixed in IBM Security Identity Manager Virtual Appliance", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1498", "CVE-2012-6153", "CVE-2014-3577", "CVE-2015-5262"], "modified": "2021-09-01T17:30:36", "id": "967AF0313531BD8CF81DC92E2E738F2495CD203B6C45CECCE9EA3C65C8D50675", "href": "https://www.ibm.com/support/pages/node/6485597", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-06-24T06:15:48", "description": "## Summary\n\nIBM Security Verify Governance, Identity Manager virtual appliance component has addressed the following vulnerabilities.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2015-5262](<https://vulners.com/cve/CVE-2015-5262>) \n** DESCRIPTION: **Apache Commons is vulnerable to a denial of service, caused by the failure to apply a configured connection during the initial handshake of an HTTPS connection by the HttpClient component. An attacker could exploit this vulnerability to accumulate multiple connections and exhaust all available resources. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/106932](<https://exchange.xforce.ibmcloud.com/vulnerabilities/106932>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2014-3577](<https://vulners.com/cve/CVE-2014-3577>) \n** DESCRIPTION: **Apache HttpComponents could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain name in the Subject's Common Name (CN) or SubjectAltName field of certificates. By persuading a victim to visit a Web site containing a specially-crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/95327](<https://exchange.xforce.ibmcloud.com/vulnerabilities/95327>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2012-6153](<https://vulners.com/cve/CVE-2012-6153>) \n** DESCRIPTION: **Apache HttpComponents could allow a remote attacker to conduct spoofing attacks, caused by an incomplete fix related to the failure to verify that the server hostname matches a domain name in the Subject's Common Name (CN) or SubjectAltName field of certificates. By persuading a victim to visit a Web site containing a specially-crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/95328](<https://exchange.xforce.ibmcloud.com/vulnerabilities/95328>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2011-1498](<https://vulners.com/cve/CVE-2011-1498>) \n** DESCRIPTION: **Apache HttpComponents could allow a remote attacker to obtain sensitive information, caused by an unspecified error in HttpClient. An attacker could exploit this vulnerability to send the Proxy-Authorization header to the host and disclose the user's password. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/66241](<https://exchange.xforce.ibmcloud.com/vulnerabilities/66241>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Security Verify Governance, Identity Manager virtual appliance component| All \n \n## Remediation/Fixes\n\nAffected Product(s)| Version(s)| Fix Availability \n---|---|--- \nIBM Security Verify Governance, Identity Manager virtual appliance component| 10.0.0.0 \n| [10.0.0.0-ISS-ISVG-IMVA-FP0001](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FTivoli%2FIBM+Security+Verify+Governance&fixids=10.0.0.0-ISS-ISVG-IMVA-FP0001&source=SAR&function=fixId&parent=ibm/Tivoli> \"10.0.0.0-ISS-ISVG-IMVA-FP0001\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2021-09-21T20:25:02", "type": "ibm", "title": "Security Bulletin: Multiple security vulnerabilities have been fixed in IBM Security Verify Governance, Identity Manager virtual appliance component (ISVG IMVA)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1498", "CVE-2012-6153", "CVE-2014-3577", "CVE-2015-5262"], "modified": "2021-09-21T20:25:02", "id": "025F46D70BF12E5E7A17B0B9163D46438945859C3636C38FE34BA49936F47B5C", "href": "https://www.ibm.com/support/pages/node/6491177", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-28T01:57:05", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of Business Monitor. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nPrincipal product and version| Affected product and version \n---|--- \nBusiness Monitor V8.5.7| WebSphere Application Server V8.5.5 \nBusiness Monitor V8.5.6| WebSphere Application Server V8.5.5 \nBusiness Monitor V8.5.5| WebSphere Application Server V8.5.5 \n \n \n\n\n \n\n\n \n\n\n \n\n\n## Remediation/Fixes\n\nPlease consult the security bulletin [Multiple Vulnerabilities in Apache HttpComponents and HttpCommons affect WebSphere Application Server](<https://www.ibm.com/support/pages/node/6453091> \"Multiple Vulnerabilities in Apache HttpComponents and HttpCommons affect WebSphere Application Server\" ) vulnerability details and information about fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2021-05-18T09:39:22", "type": "ibm", "title": "Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Business Monitor (CVE-2015-5262, CVE-2014-3577, CVE-2012-6153, CVE-2011-1498)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2011-1498", "CVE-2012-6153", "CVE-2014-3577", "CVE-2015-5262"], "modified": "2021-05-18T09:39:22", "id": "46655D215605654C233A0192D520520517C2577FCBAFD46B6A2A95C51164157C", "href": "https://www.ibm.com/support/pages/node/6453997", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T02:00:04", "description": "## Summary\n\nThere are multiple vulnerabilities in Apache HttpComponents and HttpCommons libraries which affect WebSphere Application Server. This has been addressed.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2015-5262](<https://vulners.com/cve/CVE-2015-5262>) \n** DESCRIPTION: **Apache Commons is vulnerable to a denial of service, caused by the failure to apply a configured connection during the initial handshake of an HTTPS connection by the HttpClient component. An attacker could exploit this vulnerability to accumulate multiple connections and exhaust all available resources. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/106932](<https://exchange.xforce.ibmcloud.com/vulnerabilities/106932>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2014-3577](<https://vulners.com/cve/CVE-2014-3577>) \n** DESCRIPTION: **Apache HttpComponents could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain name in the Subject's Common Name (CN) or SubjectAltName field of certificates. By persuading a victim to visit a Web site containing a specially-crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/95327](<https://exchange.xforce.ibmcloud.com/vulnerabilities/95327>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2012-6153](<https://vulners.com/cve/CVE-2012-6153>) \n** DESCRIPTION: **Apache HttpComponents could allow a remote attacker to conduct spoofing attacks, caused by an incomplete fix related to the failure to verify that the server hostname matches a domain name in the Subject's Common Name (CN) or SubjectAltName field of certificates. By persuading a victim to visit a Web site containing a specially-crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/95328](<https://exchange.xforce.ibmcloud.com/vulnerabilities/95328>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2011-1498](<https://vulners.com/cve/CVE-2011-1498>) \n** DESCRIPTION: **Apache HttpComponents could allow a remote attacker to obtain sensitive information, caused by an unspecified error in HttpClient. An attacker could exploit this vulnerability to send the Proxy-Authorization header to the host and disclose the user's password. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/66241](<https://exchange.xforce.ibmcloud.com/vulnerabilities/66241>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)\n\n## Affected Products and Versions\n\n \n\n\nAffected Product(s)| Version(s) \n---|--- \nWebSphere Application Server| 9.0 \nWebSphere Application Server| 8.5 \nWebSphere Application Server| 8.0 \n \n## Remediation/Fixes\n\n**For WebSphere Application Server traditional and WebSphere Application Server Hypervisor Edition:**\n\n**For V9.0.0.0 through 9.0.5.7:** \n\u00b7 Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix [PH34501 and PH34944](<https://www.ibm.com/support/pages/node/6450441> \"PH34501 and PH34944\" ) \n\\--OR-- \n\u00b7 Apply Fix Pack 9.0.5.8 or later (targeted availability 2Q2021). \n\n**For V8.5.0.0 through 8.5.5.19:** \n\u00b7 Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix [PH34501 and PH34944](<https://www.ibm.com/support/pages/node/6450441> \"PH34501 and PH34944\" ) \n\\--OR-- \n\u00b7 Apply Fix Pack 8.5.5.20 or later (targeted availability 3Q2021).\n\n**For V8.0.0.0 through 8.0.0.15:** \n\u00b7 Upgrade to 8.0.0.15 and then apply Interim Fix [PH34501 and PH34944](<https://www.ibm.com/support/pages/node/6450441> \"PH34501 and PH34944\" )\n\n \n\n\nAdditional interim fixes may be available and linked off the interim fix download page.\n\n_WebSphere Application Server V8.0 is no longer in full support; IBM recommends upgrading to a fixed, supported version/release/platform of the product._\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2021-05-13T20:09:44", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in Apache HttpComponents and HttpCommons affect WebSphere Application Server", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1498", "CVE-2012-6153", "CVE-2014-3577", "CVE-2015-5262"], "modified": "2021-05-13T20:09:44", "id": "D519EDF621C43AA30CAE493215E1F07C4C139FE3A02526AFB3F745E25DECEA7B", "href": "https://www.ibm.com/support/pages/node/6453091", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-28T01:56:58", "description": "## Summary\n\nWebsphere Application Server (WAS) is shipped as a component of Tivoli Netcool/OMNIbus WebGUI. Information about a security vulnerability affecting WAS has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)| Affected Supporting Product and Version \n---|--- \nWebGUI 8.1.0 GA and FP| Websphere Application Server V8.5 and V9 \n \n\n\n## Remediation/Fixes\n\nPlease consult the security bulletin [Multiple Vulnerabilities in Apache HttpComponents and HttpCommons affect WebSphere Application Server](<https://www.ibm.com/support/pages/node/6453091> \"Multiple Vulnerabilities in Apache HttpComponents and HttpCommons affect WebSphere Application Server\" ) for vulnerability details and information about fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2021-05-21T04:58:23", "type": "ibm", "title": "Security Bulletin: Multiple security vulnerabilities has been identified in IBM WebSphere Application Server shipped with Tivoli Netcool/OMNIbus WebGUI (CVE-2015-5262, CVE-2014-3577, CVE-2012-6153, CVE-2011-1498)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2011-1498", "CVE-2012-6153", "CVE-2014-3577", "CVE-2015-5262"], "modified": "2021-05-21T04:58:23", "id": "9740C6D788C18AEDC395271BE7D8BC1250A1DFEC3E97EA850467EC7128330AFB", "href": "https://www.ibm.com/support/pages/node/6455165", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-28T01:55:56", "description": "## Summary\n\nIBM WebSphere Application Server is a required product for IBM Tivoli Netcool Configuration Manager version 6.4.2. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nITNCM| 6.4.2 \n \n\n\n## Remediation/Fixes\n\n \n\n\nAffected Product(s)| Version(s)| Remediation \n---|---|--- \nITNCM| 6.4.2| \n\n[Multiple Vulnerabilities in Apache HttpComponents and HttpCommons affect WebSphere Application Server](<https://www.ibm.com/support/pages/node/6453091> \"Multiple Vulnerabilities in Apache HttpComponents and HttpCommons affect WebSphere Application Server\" )\n\n \nSee section: For V8.5.0.0 through 8.5.5.19: \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2021-06-28T13:18:44", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Netcool Configuration Manager (CVE-2015-5262, CVE-2014-3577, CVE-2012-6153, CVE-2011-1498)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2011-1498", "CVE-2012-6153", "CVE-2014-3577", "CVE-2015-5262"], "modified": "2021-06-28T13:18:44", "id": "F740A49083E598F5C61454D5FE2852EC2DAF253C768CB7F35E6A3DC564290AB7", "href": "https://www.ibm.com/support/pages/node/6467605", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-28T01:57:07", "description": "## Summary\n\nIBM WebSphere Application Server is shipped with IBM Tivoli Federated Identity Manager. Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin. \n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Tivoli Federated Identity Manager| All \n \n\n\n## Remediation/Fixes\n\nPrincipal Product and Version| Affected Supporting Product and Versions| Affected Supporting Product Security Bulletin \n---|---|--- \nIBM Tivoli Federated Identity Manager 6.2.x| IBM WebSphere Application Server 8.0, 8.5, 9.0| [Security Bulletin: Multiple Vulnerabilities in Apache HttpComponents and HttpCommons affect WebSphere Application Server](<https://www.ibm.com/support/pages/node/6453091> \"Security Bulletin: Multiple Vulnerabilities in Apache HttpComponents and HttpCommons affect WebSphere Application Server\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2021-05-17T16:39:08", "type": "ibm", "title": "Security Bulletin: Security Vulnerabilities Have Been Identified In IBM WebSphere Application Server shipped with IBM Tivoli Federated Identity Manager (CVE-2015-5262, CVE-2014-3577, CVE-2012-6153, CVE-2011-1498)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2011-1498", "CVE-2012-6153", "CVE-2014-3577", "CVE-2015-5262"], "modified": "2021-05-17T16:39:08", "id": "F2BA717220AF86DFDA34E3C889BE92B672CF072FD97A6D1C67429E982D684361", "href": "https://www.ibm.com/support/pages/node/6453725", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-28T01:57:08", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions (including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities), Maximo Adapter for Primavera, SmartCloud Control Desk, and TRIRIGA Energy Optimization. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product and Version \n---|--- \n \nMaximo Asset Management 7.6 \nMaximo for Life Sciences 7.6 \nMaximo for Transportation 7.6 \nMaximo for Oil and Gas 7.6 \nMaximo for Utilities 7.6 \nMaximo for Aviation 7.6 \nMaximo Linear Asset Manager 7.6 \nMaximo for Service Providers 7.6 \nMaximo Asset Health Insights 7.6 \nIBM Control Desk 7.6\n\n| IBM WebSphere Application Server 9.0 \nIBM WebSphere Application Server 8.5.5 Full Profile \nIBM WebSphere Application Server 8.5 Full Profile \n \n\n\n## Remediation/Fixes\n\n[Security Bulletin: Multiple Vulnerabilities in Apache HttpComponents and HttpCommons affect WebSphere Application Server](<https://www.ibm.com/support/pages/node/6453091> \"Security Bulletin: Multiple Vulnerabilities in Apache HttpComponents and HttpCommons affect WebSphere Application Server\" ) \n\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2021-05-17T13:45:05", "type": "ibm", "title": "Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2015-5262, CVE-2014-3577, CVE-2012-6153 and CVE-2011-1498)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2011-1498", "CVE-2012-6153", "CVE-2014-3577", "CVE-2015-5262"], "modified": "2021-05-17T13:45:05", "id": "4BD525650ACDA69E5A72CD1CF82ABA591CB8C348C2EB3003E0E6F4F148199C9E", "href": "https://www.ibm.com/support/pages/node/6453681", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-28T01:55:45", "description": "## Summary\n\nIBM WebSphere Application Server is a required product for IBM Tivoli Network Manager versions 4.2.0, 4.1.1 and 3.9. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\n \n\n\nAffected Product(s)| Version(s) \n---|--- \nITNM| 4.2.0 \nITNM| 4.1.1 \nITNM| 3.9 \n \n## Remediation/Fixes\n\n \n\n\nAffected Product(s)| Version(s)| Remediation \n---|---|--- \nITNM| 4.2.0| \n\n[Multiple Vulnerabilities in Apache HttpComponents and HttpCommons affect WebSphere Application Server](<https://www.ibm.com/support/pages/node/6453091> \"Multiple Vulnerabilities in Apache HttpComponents and HttpCommons affect WebSphere Application Server\" )\n\nSee section: For V8.5.0.0 through 8.5.5.19: \n \nITNM| 4.1.1| \n\n[Multiple Vulnerabilities in Apache HttpComponents and HttpCommons affect WebSphere Application Server](<https://www.ibm.com/support/pages/node/6453091> \"Multiple Vulnerabilities in Apache HttpComponents and HttpCommons affect WebSphere Application Server\" )\n\nSee section: For V8.5.0.0 through 8.5.5.19: \n \nITNM| 3.9| \n\n[Multiple Vulnerabilities in Apache HttpComponents and HttpCommons affect WebSphere Application Server](<https://www.ibm.com/support/pages/node/6453091> \"Multiple Vulnerabilities in Apache HttpComponents and HttpCommons affect WebSphere Application Server\" )\n\nSee section: For V8.5.0.0 through 8.5.5.19: \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2021-07-06T21:48:01", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Network Manager IP Edition (CVE-2015-5262, CVE-2014-3577, CVE-2012-6153, CVE-2011-1498)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2011-1498", "CVE-2012-6153", "CVE-2014-3577", "CVE-2015-5262"], "modified": "2021-07-06T21:48:01", "id": "426DC9FAD64F716E8463EF1B0FFD5E38D7ADE11BB58C57E0667356ABA3124D6E", "href": "https://www.ibm.com/support/pages/node/6467621", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-28T01:57:10", "description": "## Summary\n\nWebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. Information about security vulnerabilities affecting WebSphere Application Server have been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\n**Principal Product and Version(s)**\n\n| \n\n**Affected Supporting Product and Version** \n \n---|--- \nIBM WebSphere Application Server Patterns, all versions| WebSphere Application Server: \n\n * 9.0\n * 8.5\n * 8.0 \n \n\n\n \n\n\n## Remediation/Fixes\n\nPlease consult the following security bulletin for vulnerability details and information about fixes \n\n * [Multiple Vulnerabilities in Apache HttpComponents and HttpCommons affect WebSphere Application Server](<https://www.ibm.com/support/pages/node/6453091> \"Multiple Vulnerabilities in Apache HttpComponents and HttpCommons affect WebSphere Application Server\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2021-05-14T18:01:05", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in Apache HttpComponents and HttpCommons affect WebSphere Application Server shipped with IBM WebSphere Application Server Patterns (CVE-2015-5262, CVE-2014-3577, CVE-2012-6153, CVE-2011-1498)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2011-1498", "CVE-2012-6153", "CVE-2014-3577", "CVE-2015-5262"], "modified": "2021-05-14T18:01:05", "id": "3D9D5C7B09E22D87A8FE0FE187F0AF4F7F297ED37E3326CEFC50EC5D149D3374", "href": "https://www.ibm.com/support/pages/node/6453393", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-28T01:57:11", "description": "## Summary\n\nIBM WebSphere\u00ae Application Server is shipped with IBM\u00ae Intelligent Operations Center. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIntelligent Operations Center (IOC)| V1.5.0, V1.5.0.1, V1.5.0.2, V1.6.0, V1.6.0.1, V1.6.0.2, V1.6.0.3 \nIBM\u00ae Intelligent Operations Center for Emergency Management| V1.6 \n \n\n\n## Remediation/Fixes\n\nDownload the correct version of the fix from the following link: [Security Bulletin: Multiple Vulnerabilities in Apache HttpComponents and HttpCommons affect WebSphere Application Server](<https://www.ibm.com/support/pages/node/6453091> \"Security Bulletin: Multiple Vulnerabilities in Apache HttpComponents and HttpCommons affect WebSphere Application Server\" ). Installation instructions for the fix are included in the readme document that is in the fix package.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2021-05-14T10:00:18", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in Apache HttpComponents and HttpCommons affect WebSphere Application Server shipped with IBM Intelligent Operations Center (CVE-2015-5262, CVE-2014-3577, CVE-2012-6153, CVE-2011-1498)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2011-1498", "CVE-2012-6153", "CVE-2014-3577", "CVE-2015-5262"], "modified": "2021-05-14T10:00:18", "id": "F85FD0673B0A582E05FC6637434BB9C2F31E8D3595AAF3A28DEFC1CEBC9B8BF7", "href": "https://www.ibm.com/support/pages/node/6453327", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-02T14:15:12", "description": "## Summary\n\nWebSphere Application Server is shipped as a component of IBM Security Key Lifecycle Manager (SKLM). Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. \n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\n**Principal Product and Version(s)**\n\n| **Affected Supporting Product and Version** \n---|--- \nIBM Security Key Lifecycle Manager (SKLM) v2.7 | WebSphere Application Server v9.0.0.1 \nIBM Security Key Lifecycle Manager (SKLM) v3.0 | WebSphere Application Server v9.0.0.5 \nIBM Security Key Lifecycle Manager (SKLM) v3.0.1 | WebSphere Application Server v9.0.0.5 \nIBM Security Key Lifecycle Manager (SKLM) v4.0 | WebSphere Application Server v9.0.5.0 \nIBM Security Guardium Key Lifecycle Manager (GKLM) v4.1 | WebSphere Application Server v9.0.5.5 \n \n## Remediation/Fixes\n\nPlease consult the [Security Bulletin: Information disclosure in WebSphere Application Server Admin Console (CVE-2015-5262, CVE-2014-3577, CVE-2012-6153, CVE-2011-1498)](<https://www.ibm.com/support/pages/node/6453091> \"Security Bulletin: Information disclosure in WebSphere Application Server Admin Console \$CVE-2015-5262, CVE-2014-3577, CVE-2012-6153, CVE-2011-1498\$\" ) for vulnerability details and information about fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2021-05-21T11:48:45", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Security Key Lifecycle Manager (SKLM) (CVE-2015-5262, CVE-2014-3577, CVE-2012-6153, CVE-2011-1498)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1498", "CVE-2012-6153", "CVE-2014-3577", "CVE-2015-5262"], "modified": "2021-05-21T11:48:45", "id": "774CD0CC266135AB1675926645BDE7EC4B8D9325050C2B4CC8CDB5B064BC5431", "href": "https://www.ibm.com/support/pages/node/6455197", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-06-08T10:37:34", "description": "## Summary\n\nMultiple vulnerabilities in Apache HttpComponents and HttpCommons affect embedded WebSphere Application Server affects Content Collector for Email.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2015-5262](<https://vulners.com/cve/CVE-2015-5262>) \n** DESCRIPTION: **Apache Commons is vulnerable to a denial of service, caused by the failure to apply a configured connection during the initial handshake of an HTTPS connection by the HttpClient component. An attacker could exploit this vulnerability to accumulate multiple connections and exhaust all available resources. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/106932](<https://exchange.xforce.ibmcloud.com/vulnerabilities/106932>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2014-3577](<https://vulners.com/cve/CVE-2014-3577>) \n** DESCRIPTION: **Apache HttpComponents could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain name in the Subject&#39;s Common Name (CN) or SubjectAltName field of certificates. By persuading a victim to visit a Web site containing a specially-crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/95327](<https://exchange.xforce.ibmcloud.com/vulnerabilities/95327>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2012-6153](<https://vulners.com/cve/CVE-2012-6153>) \n** DESCRIPTION: **Apache HttpComponents could allow a remote attacker to conduct spoofing attacks, caused by an incomplete fix related to the failure to verify that the server hostname matches a domain name in the Subject&#39;s Common Name (CN) or SubjectAltName field of certificates. By persuading a victim to visit a Web site containing a specially-crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/95328](<https://exchange.xforce.ibmcloud.com/vulnerabilities/95328>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2011-1498](<https://vulners.com/cve/CVE-2011-1498>) \n** DESCRIPTION: **Apache HttpComponents could allow a remote attacker to obtain sensitive information, caused by an unspecified error in HttpClient. An attacker could exploit this vulnerability to send the Proxy-Authorization header to the host and disclose the user&#39;s password. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/66241](<https://exchange.xforce.ibmcloud.com/vulnerabilities/66241>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nContent Collector for Email| 4.0.x \n \n\n\n## Remediation/Fixes\n\n**Product**| **VRM**| **Remediation** \n---|---|--- \nContent Collector for Email| 4.0.1| Use Content Collector for Email 4.0.1.9 [Interim Fix IF010](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FContent+Collector&fixids=4.0.1.9-IBM-ICC-IF010&source=SAR>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2021-06-01T16:11:06", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Apache HttpComponents and HttpCommons affect embedded WebSphere Application Server, which affects Content Collector for Email", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1498", "CVE-2012-6153", "CVE-2014-3577", "CVE-2015-5262"], "modified": "2021-06-01T16:11:06", "id": "D44CA6EF8BD7019FA550CA0950704781857304C8E0CD782812D3165AFD1C6B39", "href": "https://www.ibm.com/support/pages/node/6457781", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-28T01:55:51", "description": "## Summary\n\nEmbedded IBM WebSphere Application Server is shipped with IBM Tivoli Netcool Configuration Manager version 6.4.2. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\n \n\n\nAffected Product(s)| Version(s) \n---|--- \nITNCM| 6.4.2 \n \n\n\n## Remediation/Fixes\n\n \n\n\nAffected Product(s)| Version(s)| Remediation \n---|---|--- \nITNCM| 6.4.2| \n\n[Multiple Vulnerabilities in Apache HttpComponents and HttpCommons affect WebSphere Application Server](<https://www.ibm.com/support/pages/node/6209099> \"Multiple Vulnerabilities in Apache HttpComponents and HttpCommons affect WebSphere Application Server\\)\" )\n\nSee section: For V8.5.0.0 through 8.5.5.19: \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2021-06-29T10:19:24", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in embedded IBM WebSphere Application Server which is shipped with IBM Tivoli Netcool Configuration Manager (CVE-2015-5262, CVE-2014-3577, CVE-2012-6153, CVE-2011-1498)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2011-1498", "CVE-2012-6153", "CVE-2014-3577", "CVE-2015-5262"], "modified": "2021-06-29T10:19:24", "id": "10770D12191A8AE9369E34D348349D2BA4155BE98B552E072EF5E6E20AD6C297", "href": "https://www.ibm.com/support/pages/node/6467947", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-28T01:56:59", "description": "## Summary\n\nWebSphere Application Server is shipped with WebSphere Remote Server. Information about security vulnerabilities affecting WebSphere Application Server have been published in a security bulletin. \n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM WebSphere Remote Server - Product Family| All \n \n\n\n## Remediation/Fixes\n\nRefer to the following security bulletins for vulnerability details and information about fixes addressed by WebSphere Application Server which is shipped with WebSphere Remote Server. \n \n\n\n**Principal Product and Version(s)**\n\n| \n\n**Affected Supporting Product and Version**\n\n| \n\n**Affected Supporting Product Security Bulletin** \n \n---|---|--- \n \nWebSphere Remote Server \n9.0, 8.5\n\n| \n\nWebSphere Application Server 9.0, 8.5, 8.0\n\n| \n\n[Multiple Vulnerabilities in Apache HttpComponents and HttpCommons affect WebSphere Application Server ](<https://www.ibm.com/support/pages/node/6453091>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2021-05-20T14:09:06", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities have been identified in WebSphere Application Server shipped with WebSphere Remote Server (CVE-2015-5262, CVE-2014-3577, CVE-2012-6153, CVE-2011-1498)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2011-1498", "CVE-2012-6153", "CVE-2014-3577", "CVE-2015-5262"], "modified": "2021-05-20T14:09:06", "id": "F589C8EE8B85031A0437FA4B9B5223B171B8C93F2A8436F0B7911CEA6E3E4207", "href": "https://www.ibm.com/support/pages/node/6454851", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-28T01:56:20", "description": "## Summary\n\nIBM WebSphere Application Server is shipped with IBM Tivoli Business Service Manager. Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)| Affected Supporting Product and Version \n---|--- \nTivoli Business Service Manager 6.2| IBM WebSphere Application Server 8.5 \n \n\n\n## Remediation/Fixes\n\nPrincipal Product and Version(s)| Affected Supporting Product and Version \n---|--- \nTivoli Business Service Manager 6.2| **For V8.5.0.0 through 8.5.5.19:** \n\u00b7 Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix [PH34501 and PH34944](<https://www.ibm.com/support/pages/node/6450441> \"PH34501 and PH34944\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2021-06-15T16:12:32", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in IBM WebSphere Application Server shipped with Tivoli Business Service Manager (CVE-2015-5262, CVE-2014-3577, CVE-2012-6153, CVE-2011-1498)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2011-1498", "CVE-2012-6153", "CVE-2014-3577", "CVE-2015-5262"], "modified": "2021-06-15T16:12:32", "id": "8A2F935DC3D0F2E173B8E4E2D35A15ED0CF4A2296381FDAEDD880D3DF62A3B87", "href": "https://www.ibm.com/support/pages/node/6464009", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-08T10:37:30", "description": "## Summary\n\nMultiple vulnerabilities in Apache HttpComponents and HttpCommons affect WebSphere Application Server (CVE-2015-5262, CVE-2014-3577, CVE-2012-6153, CVE-2011-1498)\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nPrincipal Product(s) and Version(s)| Affected Supporting Product(s) and Version(s) \n---|--- \nIBM Cloud Pak for Applications, all| \n\nWebSphere Application Server\n\n * 9\n * 8.5\n * 8 \n \n\n\n## Remediation/Fixes\n\n[Multiple vulnerabilities in Apache HttpComponents and HttpCommons affect WebSphere Application Server](<https://www.ibm.com/support/pages/node/6453091> \"Multiple vulnerabilities in Apache HttpComponents and HttpCommons affect WebSphere Application Server\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2021-06-02T21:54:02", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Apache HttpComponents and HttpCommons affect WebSphere Application Server, which is shipped as part of IBM Cloud Pak for Applications (CVE-2015-5262, CVE-2014-3577, CVE-2012-6153, CVE-2011-1498)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1498", "CVE-2012-6153", "CVE-2014-3577", "CVE-2015-5262"], "modified": "2021-06-02T21:54:02", "id": "41AAC16DD55649610A7533A1CCFF752B9439D695AF4B531F93AD71CE90511A9B", "href": "https://www.ibm.com/support/pages/node/6458041", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-28T01:57:01", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of IBM WebSphere Service Registry and Repository. Information about security vulnerabilities affecting IBM WebSphere Application Server have been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)| Affected Supporting Product and Version(s) \n---|--- \nWebSphere Service Registry and Repository V8.5| WebSphere Application Server V8.5.5 \nWebSphere Service Registry and Repository V8.0| WebSphere Application Server V8.0 \n \n\n\n## Remediation/Fixes\n\nPlease consult the security bulletin: \n \n[Security Bulletin: Multiple Vulnerabilities in Apache HttpComponents and HttpCommons affect WebSphere Application Server](<https://www.ibm.com/support/pages/node/6453091> \"Security Bulletin: Multiple Vulnerabilities in Apache HttpComponents and HttpCommons affect WebSphere Application Server\" ) \n \nfor vulnerability details and information about fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2021-05-19T11:25:17", "type": "ibm", "title": "Security Bulletin: Vulnerabilities identified in IBM WebSphere Application Server shipped with IBM WebSphere Service Registry and Repository (CVE-2015-5262, CVE-2014-3577, CVE-2012-6153 and CVE-2011-1498)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2011-1498", "CVE-2012-6153", "CVE-2014-3577", "CVE-2015-5262"], "modified": "2021-05-19T11:25:17", "id": "A0E132541F97F127BF3DABB601EC05883771B88A1D5AF81623DA70B88A6C446C", "href": "https://www.ibm.com/support/pages/node/6454465", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-05T14:27:33", "description": "## Summary\n\nIBM WebSphere Application Server (WAS) is shipped with IBM Security Identity Manager (ISIM). Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nISIM| 6.0.0 \nISIM| 6.0.2 \n \n\n\n## Remediation/Fixes\n\nPrincipal Product and Version(s)| Affected Supporting Product and Version(s)| Affected Supporting Product Security Bulletin \n---|---|--- \nISIM 6.0.0 \n\nISIM 6.0.2\n\n| \n\nWAS 8.5\n\nWAS 9\n\n| [Security Bulletin: WebSphere Application Server addresses multiple vulnerabilities(CVE-2014-3577, CVE-2012-6153, CVE-2011-1498,CVE-2015-5262)](<https://www.ibm.com/support/pages/node/6453091> \"Security Bulletin: WebSphere Application Server is vulnerable to multiple vulnerabilities\$CVE-2014-3577, CVE-2012-6153, CVE-2011-1498,CVE-2015-5262\$\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2021-05-24T22:52:47", "type": "ibm", "title": "Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Security Identity Manager", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1498", "CVE-2012-6153", "CVE-2014-3577", "CVE-2015-5262"], "modified": "2021-05-24T22:52:47", "id": "41E52F75A6D7D5643A154BDF7E47439DD72AD5A21A6077C530F676B951CB6EAA", "href": "https://www.ibm.com/support/pages/node/6455691", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-28T01:57:07", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of IBM Case Manager. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Case Manager| 5.3CD \nIBM Case Manager| 5.2.1 \nIBM Case Manager| 5.2.0 \n \n\n\n## Remediation/Fixes\n\nPlease consult the security bulletin [Security Bulletin: Multiple Vulnerabilities in Apache HttpComponents and HttpCommons affect WebSphere Application Server](<https://www.ibm.com/support/pages/node/6453091> \"Security Bulletin: Multiple Vulnerabilities in Apache HttpComponents and HttpCommons affect WebSphere Application Server\" ) for vulnerability details and information about fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2021-05-15T00:53:56", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Case Manager (CVE-2015-5262, CVE-2014-3577, CVE-2012-6153, CVE-2011-1498)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2011-1498", "CVE-2012-6153", "CVE-2014-3577", "CVE-2015-5262"], "modified": "2021-05-15T00:53:56", "id": "6EB0DF5B8D2A9CE0A54E20B9831C291C9DF55686C969612BB8B51326B44694DA", "href": "https://www.ibm.com/support/pages/node/6453587", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-21T05:49:30", "description": "## Summary\n\nA vulnerability has been identified in Rational Lifecycle Adapter for HP ALM V1.0 and V1.1. If you are using Apache Tomcat 7.x to run your HP ALM adapter, download and install the Apache Tomcat fix available on Fix Central. \n\n\n## Vulnerability Details\n\n| **Subscribe to My Notifications to be notified of important product support alerts like this.**\n\n * Follow [this link](<https://www.ibm.com/systems/support/myview/subscription/css.wss/subscriptions?methodName=startSearchToSubscribe&uctug_rational_dcfsbblurb_2013-11-05_myn_adoption_promo>) for more information (requires login with your IBM ID) \n---|--- \n \n**CVE ID:** [CVE-2013-4286](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4286>) \n \n**Description**: Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a \"Transfer-Encoding: chunked\" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090. \n \n**CVSS Base Score:** 4.3 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/91426> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n \n**CVE ID:** [CVE-2014-0033](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0033>) \n \n**Description**: org/apache/catalina/connector/CoyoteAdapter.java in Apache Tomcat 6.0.33 through 6.0.37 does not consider the disableURLRewriting setting when handling a session ID in a URL, which allows remote attackers to conduct session fixation attacks via a crafted URL. \n \n**CVSS Base Score:** 4.3 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/91423> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n \n**CVE ID:** [CVE-2013-4322](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4322>) \n \n**Description**: Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544. \n \n**CVSS Base Score:** 5 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/91625> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:L/Au:N/C:N/I:P/A:N) \n \n \n**CVE ID:** [CVE-2013-4590](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4590>) \n \n**Description**: Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain \"Tomcat internals\" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. \n \n**CVSS Base Score:** 4.3 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/91424> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n \n**CVE-ID: **[CVE-2014-0075](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0075>) \n \n**Description: **Apache Tomcat is vulnerable to a denial of service, caused by the improper handling of a malformed chunk size as part of a chucked request. A remote attacker could exploit this vulnerability to cause a denial of service. \n \n**CVSS Base Score: **5 \n**CVSS Temporal Score: **See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93365> for more information \n**CVSS Environmental Score*: **Undefined \n**CVSS Vector: **(AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n \n**CVE-ID: **[CVE-2014-0095](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0095>) \n \n**Description: **Apache Tomcat is vulnerable to a denial of service, caused by the improper handling of an AJP request. A remote attacker could exploit this vulnerability to consume a request processing thread and cause a denial of service. \n \n**CVSS Base Score:** 4.3 \n**CVSS Temporal Score: **See<https://exchange.xforce.ibmcloud.com/vulnerabilities/93366> for more information \n**CVSS Environmental Score*: **Undefined \n**CVSS Vector: **(AV:N/AC:M/Au:N/C:N/I:N/A:P) \n \n \n**CVE-ID: **[CVE-2014-0096](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0096>) \n \n**Description: **Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection (XXE) error when processing XML data by the default server. By sending specially-crafted XML data, an attacker could exploit this vulnerability to obtain sensitive information. \n \n**CVSS Base Score: **4.3 \n**CVSS Temporal Score: **See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93367> for more information \n**CVSS Environmental Score*: **Undefined \n**CVSS Vector: **(AV:N/AC:M/Au:N/C:P/I:N/A:N) \n \n \n**CVE-ID: **[CVE-2014-0099](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0099>) \n \n**Description: **Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the failure to check for overflows when parsing content length headers. By sending specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information. \n \n**CVSS Base Score: **5 \n**CVSS Temporal Score: **See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93369> for more information \n**CVSS Environmental Score*: **Undefined \n**CVSS Vector: **(AV:N/AC:L/Au:N/C:P/I:N/A:N) \n \n \n**CVE-ID: **[CVE-2014-0119](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0119>) \n \n**Description: **Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the replacement of the XML parsers used to process XSLTs for the default servlet. An attacker could exploit this vulnerability using a specially-crafted application to obtain sensitive information. \n \n**CVSS Base Score: **5 \n**CVSS Temporal Score: **See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93368> for more information \n**CVSS Environmental Score*: **Undefined \n**CVSS Vector: **(AV:N/AC:L/Au:N/C:P/I:N/A:N) \n\n## Affected Products and Versions\n\nAffected releases are: \n\n * Rational Lifecycle Adapter for HP ALM 1.0 through 1.1\n \n**Note:** If you are using WebSphere Application Server, you are not affected by this problem. \n\n## Remediation/Fixes\n\nIf you are using Apache Tomcat 7.x to run your HP ALM adapter, download and install the fix **Rational_RLIA_Standard_HP_Adapter_Tomcat_Fix_PSIRT_1545_1823** available on [Fix Central](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%2FRational&product=ibm/Rational/Rational+Lifecycle+Integration+Adapters+Standard+Edition&release=All&platform=All&function=all>). \n\nThe fix contains Apache Tomcat 7.0.54, which resolves the listed vulnerability.\n\nFollow the instructions in the attached Readme.pdf file to install the fix.\n\n![Readme.pdf](/support/pages/system/files/support/swg/rattech.nsf/0/279281da56ed722a85257cf6004aafa5/RemediationFixes/0.422.gif)Readme.pdf\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-17T04:55:05", "type": "ibm", "title": "Security Bulletin: Rational Lifecycle Adapter for HP ALM Apache Tomcat fix (CVE-2013-4286, CVE-2014-0033, CVE-2013-4322, CVE-2013-4590, CVE-2014-0075, CVE-2014-0095, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2090", "CVE-2012-3544", "CVE-2013-4286", "CVE-2013-4322", "CVE-2013-4590", "CVE-2014-0033", "CVE-2014-0075", "CVE-2014-0095", "CVE-2014-0096", "CVE-2014-0099", "CVE-2014-0119"], "modified": "2018-06-17T04:55:05", "id": "86857E58370683CD6F1A7EFD8594D930D4071245BF08AD93E4E74F3BD64C8921", "href": "https://www.ibm.com/support/pages/node/515897", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}], "mageia": [{"lastseen": "2023-12-07T10:51:25", "description": "Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40 and 7.x before 7.0.53 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data (CVE-2014-0075). java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40 and 7.x before 7.0.53 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue (CVE-2014-0096). Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40 and 7.x before 7.0.53, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header (CVE-2014-0099). Apache Tomcat before 6.0.40 and 7.x before 7.0.54 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or read files associated with different web applications on a single Tomcat instance via a crafted web application (CVE-2014-0119). \n", "cvss3": {}, "published": "2014-06-20T00:30:12", "type": "mageia", "title": "Updated tomcat and tomcat6 packages fix security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0075", "CVE-2014-0096", "CVE-2014-0099", "CVE-2014-0119"], "modified": "2014-06-20T00:30:12", "id": "MGASA-2014-0268", "href": "https://advisories.mageia.org/MGASA-2014-0268.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-07T21:30:33", "description": "Updated jakarta-commons-httpclient and httpcomponents-client packages fix security vulnerabilities: The Jakarta Commons HttpClient component may be susceptible to a 'Man in the Middle Attack' due to a flaw in the default hostname verification during SSL/TLS when a specially crafted server side certificate is used (CVE-2012-6153). The Apache httpcomponents HttpClient component may be susceptible to a 'Man in the Middle Attack' due to a flaw in the default hostname verification during SSL/TLS when a specially crafted server side certificate is used (CVE-2014-3577). \n", "cvss3": {}, "published": "2014-08-25T12:44:11", "type": "mageia", "title": "Updated Updated jakarta-commons-httpclient and httpcomponents-client packages fix security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-6153", "CVE-2014-3577"], "modified": "2014-08-25T12:44:11", "id": "MGASA-2014-0348", "href": "https://advisories.mageia.org/MGASA-2014-0348.html", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}], "openvas": [{"lastseen": "2019-05-29T18:35:52", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-02-25T00:00:00", "type": "openvas", "title": "Fedora Update for tomcat FEDORA-2015-2109", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0227", "CVE-2014-0099", "CVE-2014-0096", "CVE-2014-0075"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310869037", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869037", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tomcat FEDORA-2015-2109\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869037\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-02-25 05:41:39 +0100 (Wed, 25 Feb 2015)\");\n script_cve_id(\"CVE-2014-0227\", \"CVE-2014-0096\", \"CVE-2014-0099\", \"CVE-2014-0075\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for tomcat FEDORA-2015-2109\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"tomcat on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-2109\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~7.0.59~1.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-03-17T23:00:17", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2015-09-08T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2015-526)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0227", "CVE-2014-0099", "CVE-2014-0096", "CVE-2014-0075"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120058", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120058", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120058\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:16:27 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2015-526)\");\n script_tag(name:\"insight\", value:\"Multiple flaws were found in JBoss Web / Apache Tomcat. Please see the references for more information.\");\n script_tag(name:\"solution\", value:\"Run yum update tomcat7 to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2015-526.html\");\n script_cve_id(\"CVE-2014-0075\", \"CVE-2014-0096\", \"CVE-2014-0099\", \"CVE-2014-0227\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"tomcat7-admin-webapps\", rpm:\"tomcat7-admin-webapps~7.0.59~1.8.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat7-el-2.2-api\", rpm:\"tomcat7-el-2.2-api~7.0.59~1.8.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat7-webapps\", rpm:\"tomcat7-webapps~7.0.59~1.8.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat7-log4j\", rpm:\"tomcat7-log4j~7.0.59~1.8.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat7\", rpm:\"tomcat7~7.0.59~1.8.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat7-jsp-2.2-api\", rpm:\"tomcat7-jsp-2.2-api~7.0.59~1.8.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat7-docs-webapp\", rpm:\"tomcat7-docs-webapp~7.0.59~1.8.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat7-servlet-3.0-api\", rpm:\"tomcat7-servlet-3.0-api~7.0.59~1.8.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat7-javadoc\", rpm:\"tomcat7-javadoc~7.0.59~1.8.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat7-lib\", rpm:\"tomcat7-lib~7.0.59~1.8.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-03-17T22:59:21", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2015-09-08T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2015-527)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0227", "CVE-2014-0099", "CVE-2014-0096", "CVE-2014-0075"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120057", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120057", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120057\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:16:25 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2015-527)\");\n script_tag(name:\"insight\", value:\"Multiple flaws were found in JBoss Web / Apache Tomcat. Please see the references for more information.\");\n script_tag(name:\"solution\", value:\"Run yum update tomcat8 to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2015-527.html\");\n script_cve_id(\"CVE-2014-0075\&quo

(RHSA-2015:0765) Important: Red Hat JBoss Data Virtualization 6.0.0 security update

Description

Related